OPEN VPN WITH IPVANISH VPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
CCLAUDIO
DD-WRT Novice


Joined: 07 Nov 2018
Posts: 4
PostPosted: Wed Nov 07, 2018 21:26    Post subject: OPEN VPN WITH IPVANISH VPN Reply with quote
Hello, Im trying to configure an open VPN with Ipvanish vpn, But I have an error message, I think this is happend because my local time, But Im not be able to change with ntp.

This is the error code I have,

Dec 31 19:00:15 Central daemon.warn openvpn[850]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 31 19:00:15 Central daemon.err openvpn[850]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
Dec 31 19:00:15 Central daemon.err openvpn[850]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)
Dec 31 19:00:15 Central daemon.err openvpn[850]: TLS_ERROR: BIO read tls_read_plaintext error
Dec 31 19:00:15 Central daemon.notice openvpn[850]: NOTE: --mute triggered...
Dec 31 19:00:15 Central daemon.notice openvpn[850]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Dec 31 19:00:15 Central daemon.err openvpn[850]: Fatal TLS error (check_tls_errors_co), restarting
Dec 31 19:00:15 Central daemon.notice openvpn[850]: SIGUSR1[soft,tls-error] received, process restarting
Dec 31 19:00:15 Central daemon.notice openvpn[850]: Restart pause, 5 second(s)
Dec 31 19:00:20 Central daemon.warn openvpn[850]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


Can someone have experience configuring open vpn and can help me please,
Back to top View user's profile Send private message
Sponsor
CCLAUDIO
DD-WRT Novice


Joined: 07 Nov 2018
Posts: 4
PostPosted: Thu Nov 08, 2018 4:34    Post subject: Can not established openvpn Reply with quote
Hi, please if you can help me, I solve the ntp issue, but at the end, when I think it will work, I have this issue and the router drop all my network

Nov 7 23:11:24 Central daemon.notice openvpn[1028]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.21.26.1
Nov 7 23:11:24 Central daemon.notice openvpn[1028]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.21.26.1
Nov 7 23:11:24 Central daemon.warn openvpn[1028]: WARNING: Failed running command (--route-up): external program exited with error status: 2
Nov 7 23:11:24 Central daemon.notice openvpn[1028]: Initialization Sequence Completed
Nov 7 23:11:28 Central user.debug syslog: ttraff: data collection started


Thanks in advanced


[quote="jxm"]Look at the date and time on your log file entries... Dec 31, 19:00. That is 1st January UTC with a time zone offset of 5 hours..

OpenVPN uses certificates for security, and certificate verification fails if the system time is not reasonably accurate. The second line in the log file tells the story.... the ipvanish certificate is not yet valid.... because the certificate date is years into the future when compared to the date on your router. You will never get OpenVPN to work until you get the time right on the router.

Log on to your router GUI and check the date and time in the right top corner of the window. If it is not correct, go to the Setup tab and delete everything from the the Server/IP Name field in the Time Settings. Save and Apply the settings and reboot your router. It should synchronize its time from the default NTP pool configured in the router defaults, and your VPN client should then work.

Cheers.[/quote]
Back to top View user's profile Send private message
CCLAUDIO
DD-WRT Novice


Joined: 07 Nov 2018
Posts: 4
PostPosted: Thu Nov 08, 2018 5:00    Post subject: Reply with quote
[quote="jxm"]If you go to the Status / VPN tab, do you see the VPN Client log? If so, post that.

Cheers[/quote]

There's nothing on status vpn, The lines are blanks, the errors I can see are on the syslog
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12889
Location: Netherlands
PostPosted: Thu Nov 08, 2018 18:44    Post subject: Reply with quote
Are you using the IPVanish script frome here: http://files.ipvanish.com/OpenVPN_Script.txt

to setup ?
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
CCLAUDIO
DD-WRT Novice


Joined: 07 Nov 2018
Posts: 4
PostPosted: Fri Nov 09, 2018 2:46    Post subject: Reply with quote
[quote="egc"]Are you using the IPVanish script frome here: http://files.ipvanish.com/OpenVPN_Script.txt

to setup ?[/quote]

Nop Im using this guide https://support.ipvanish.com/hc/en-us/articles/115002080733-DD-WRT-v3-Router-Setup
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12889
Location: Netherlands
PostPosted: Sat Nov 10, 2018 9:13    Post subject: Reply with quote
Besides posting the things @jxm asked for, also let us know your router model and build.

The error you are seeing:
Code:
Failed running command (--route-up): external program exited with error status: 2
can be seen if the route-up script was created externally, but that is not the case it is created by DDWWRT, so really weird.

Note: the IPVanish guide you are using, seems OK for a recent build
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
hebeda
DD-WRT User


Joined: 18 Sep 2006
Posts: 460
Location: Leipzig, Germany
PostPosted: Sat Nov 10, 2018 15:05    Post subject: Reply with quote
copy&paste from here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=307531&postdays=0&postorder=asc&start=15


Server IP/Name: (pick your server)
Port: 1194 (or you can use 443)
Tunnel Device: UDP (or you can use TCP)
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA256
Username: (your username)
Passsword: (your password)
Advanced Options: Enable
TLS Cipher: None
LZO Compression: Yes
NAT: Enable
Firewall Protection: Enable
IP Address: (leave blank)
Subnet Mask: (leave blank)
Tunnel MTU setting: 1500
Tunnel UDP Fragment: (leave blank)
Tunnel UDP MSS-Fix: Disable
nsCertType verification: (leave unchecked)


Additional Config (add the below code in the box)

remote-cert-tls server
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
persist-remote-ip
keysize 256


CA Cert (get it from IPVanish's Website when you log in)


Now Save then Apply and Done.


its all working perfect with the builds +2017 on any device which is openvpn capable
Back to top View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum