OpenVPN Client not connecting to OpenVPN Server on Netgear

My son has an OpenVPN server set up on his NetGear router in the UK. I am in Italy and have an OpenVPN Client that works fine on Windows but I want to connect also from my Raspberry Pi and Ubuntu laptop. I have followed all the OpenVPN Client installation instructions but neither of the Linux versions will connect. The OpenVPN version I have on the Pi is 2.6.3-1+deb12u2. For now I am going to concentrate on the Raspberry Pi version because the problems in both appear to be similar and perhaps fixing one will indicate how to fix the other. The Pi is a model 5 running Debian GNU/Linux 12 (bookworm). The Client.conf file is as follows: client #dev tap dev tun proto udp remote beerisgood.ddns.net 12974 resolv-retry infinite nobind persist-key persist-tun persist-remote-ip ca /etc/openvpn/ca.crt cert /etc/openvpn/client.crt key /etc/openvpn/client.key cipher AES-128-CBC # data-ciphers-fallback AES-128-CBC comp-lzo # route-noexec ## added JKJ 17/2/25 verb 3 log /etc/openvpn/log/jrjvpn.log script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf Starting the OpenVPN Client generates the following log file: 2025-02-19 18:58:07 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 2025-02-19 18:58:07 Note: '--allow-compression' is not set to 'no', disabling data channel offload. 2025-02-19 18:58:07 OpenVPN 2.6.3 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 2025-02-19 18:58:07 library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10 2025-02-19 18:58:07 DCO version: N/A 2025-02-19 18:58:07 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2025-02-19 18:58:08 TCP/UDP: Preserving recently used remote address: [AF_INET]213.18.141.7:12974 2025-02-19 18:58:08 Socket Buffers: R=[212992->212992] S=[212992->212992] 2025-02-19 18:58:08 UDPv4 link local: (not bound) 2025-02-19 18:58:08 UDPv4 link remote: [AF_INET]213.18.141.7:12974 2025-02-19 18:58:08 TLS: Initial packet from [AF_INET]213.18.141.7:12974, sid=2f04db75 d6626407 2025-02-19 18:58:08 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear 2025-02-19 18:58:08 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, name=EasyRSA, emailAddress=mail@netgear 2025-02-19 18:58:08 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA256 2025-02-19 18:58:08 [server] Peer Connection Initiated with [AF_INET]213.18.141.7:12974 2025-02-19 18:58:08 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2025-02-19 18:58:08 TLS: tls_multi_process: initial untrusted session promoted to trusted 2025-02-19 18:58:09 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 2025-02-19 18:58:09 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route-gateway 192.168.1.1,redirect-gateway def1,peer-id 0,cipher AES-256-GCM' 2025-02-19 18:58:09 OPTIONS IMPORT: route options modified 2025-02-19 18:58:09 OPTIONS IMPORT: route-related options modified 2025-02-19 18:58:09 net_route_v4_best_gw query: dst 0.0.0.0 2025-02-19 18:58:09 net_route_v4_best_gw result: via 192.168.178.1 dev wlan0 2025-02-19 18:58:09 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=wlan0 HWADDR=2c:cf:67:5e:8e:04 2025-02-19 18:58:09 TUN/TAP device tun0 opened 2025-02-19 18:58:09 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo' 2025-02-19 18:58:09 Timers: ping 10, ping-restart 120 2025-02-19 18:58:19 net_route_v4_add: 213.18.141.7/32 via 192.168.178.1 dev [NULL] table 0 metric -1 2025-02-19 18:58:19 net_route_v4_add: 0.0.0.0/1 via 192.168.1.1 dev [NULL] table 0 metric -1 2025-02-19 18:58:19 sitnl_send: rtnl: generic error (-101): Network is unreachable 2025-02-19 18:58:19 ERROR: Linux route add command failed 2025-02-19 18:58:19 net_route_v4_add: 128.0.0.0/1 via 192.168.1.1 dev [NULL] table 0 metric -1 2025-02-19 18:58:19 sitnl_send: rtnl: generic error (-101): Network is unreachable 2025-02-19 18:58:19 ERROR: Linux route add command failed 2025-02-19 18:58:19 Initialization Sequence Completed Which, as you can see fails with a route add command. The Windows script that works uses dev tap but I changed it to dev tun in the hope that it would resolve the error but it made no difference. Running ip a before and after starting the client shows the following as the only difference after starting OpenVPN: 17: tun0: mtu 1500 qdisc noop state DOWN group default qlen 500 link/none The up and down script calls to update-resolv-conf were suggested additions from the installation instructions but they make no difference so I commented them out for the above log file generation. As far as I can understand from the scripts, they take environment variables that can be passed from the server and use them to alter the routing tables but nothing is being passed by the server so it makes no difference having them or not. One thread that I read seemed to think that resolvconf was needed, so I installed that too but it made no difference. Running it before and after starting OpenVPN gives the following result: $ sudo resolvconf -l # resolv.conf from NetworkManager search fritz.box nameserver 192.168.178.1 nameserver fd00::de39:6fff:feec:40a6 Another thing I tried was to add route-noexec to the conf file (commented out above). This suppressed the errors but did not resolve the problem of the VPN not working, so I decided it was better to see the errors. Comparing the log files with and without that command showed them to be identical up to the point of 2025-02-19 18:58:09 Timers: ping 10, ping-restart 120 in the above log but then the remainder of the log is empty up to the Initialization Sequence Completed. The question is, how can I get this working?