I had the same issue.
I push the server ip as dns. In your case 10.8.0.1.
I use the VPN with dns based adblock, to block ads in my phone.
On my Omnia easy-rsa creates 2048 bit rsa keys by default, so how is it insecure? It used to create 1024 bit keyâs bu apparently not anymore.
Why should we not use port 1194? Just to hide the traffic?
As I wrote, I personally find both claims false. Iâve added [citation needed] comments to them, but now I see those comments has been deleted without any change. Iâve sent a personal e-mail to the author, asking him to support those claims with some explanation or at least rephrase them in a way that would make it evident that those are personal opinions, not a general truth.
Hi.
My two Turris router VPN setup has been on hold due to time constraints. Today I managed to get the tunnel to establish but I canât get the traffic to flow through the tunnel. Iâve used the Luci interface to configure. I must say itâs not user friendly. I had to ad a few parameters myself without having any explanation on why. Wouldnât it been possible to adjust the Luci interface so that the options that are needed are also represented. Today one has to guess which fields to ad. ifconfig is such a field for example. I think the help text needs to be better and more informative. Maybe a function where one can hoover the mouse pointer over the question mark and get a more detailed explanation?
Well back to my tunnel. I think I might have a route configuration problem but Iâm not helped by the logs. I would appreciate some help/pointers as to where I might have slipped.
Thanks 
Setting up the server with port 443 I get the error
Wed Aug 23 16:53:07 2017 us=113566 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Aug 23 16:53:07 2017 us=113659 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Wed Aug 23 16:53:07 2017 us=114667 Diffie-Hellman initialized with 4096 bit key
Wed Aug 23 16:53:07 2017 us=116099 Outgoing Control Channel Authentication: Using 160 bit message hash âSHA1â for HMAC authentication
Wed Aug 23 16:53:07 2017 us=116187 Incoming Control Channel Authentication: Using 160 bit message hash âSHA1â for HMAC authentication
Wed Aug 23 16:53:07 2017 us=116264 TLS-Auth MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Aug 23 16:53:07 2017 us=125233 TUN/TAP device tun0 opened
Wed Aug 23 16:53:07 2017 us=125385 TUN/TAP TX queue length set to 100
Wed Aug 23 16:53:07 2017 us=125477 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Aug 23 16:53:07 2017 us=125556 /sbin/ifconfig tun0 192.168.1.1 pointopoint 192.168.1.2 mtu 1500
Wed Aug 23 16:53:07 2017 us=135206 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.2
Wed Aug 23 16:53:07 2017 us=136933 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Aug 23 16:53:07 2017 us=137069 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 23 16:53:07 2017 us=137147 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Aug 23 16:53:07 2017 us=137211 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:443: Address in use
Wed Aug 23 16:53:07 2017 us=137253 Exiting due to fatal error
Wed Aug 23 16:53:07 2017 us=137339 /sbin/route del -net 192.168.1.0 netmask 255.255.255.0
Wed Aug 23 16:53:07 2017 us=141034 Closing TUN/TAP interface
Wed Aug 23 16:53:07 2017 us=141179 /sbin/ifconfig tun0 0.0.0.0
I searched the complete configuration files but couldnât find any entry with port 443.
Is this port dedicated to a core package? On other routers that config runs without any issues⌠Would be nice to take hand on this port as other ports are sometimes closed in foreign networks.
When I choose port 586 it works.
Have a look whatâs using port 443: netstat -nltp | grep 443
If you want to have OpenVPN listening on 443, consider using the port sharing feature.
1 Like
Thank you very much! Found the problem and eliminated it 
And also thanks for mentioning the option port_sharing - didnât know about that until now (my last study of openvpn manual has been about 5 years agoâŚ)