Continue to have openvpn cyberghost issues.

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
spikey1973
DD-WRT Novice


Joined: 20 Feb 2017
Posts: 29

PostPosted: Mon May 27, 2019 21:02    Post subject: Continue to have openvpn cyberghost issues. Reply with quote
to follow on my issues that i posted in thread:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1119381&sid=4be8d6b860097789898f41b3fc44ed37

currently running:
Firmware: DD-WRT v3.0-r39855 std (05/25/19)
on tp-link tl-wr1043nd v3.

manually configured the route following the posts in the thread mentioned above.

which now gave me the following outputs on these commands.

ping 8.8.8.8:

PING 8.8.8.8 (8.8.8.Cool: 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=58 time=215.131 ms
64 bytes from 8.8.8.8: seq=1 ttl=58 time=82.224 ms
64 bytes from 8.8.8.8: seq=2 ttl=58 time=98.765 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 82.224/132.040/215.131 ms

ping cnn.com:

PING cnn.com (151.101.129.67): 56 data bytes
64 bytes from 151.101.129.67: seq=0 ttl=59 time=82.219 ms
64 bytes from 151.101.129.67: seq=1 ttl=59 time=81.780 ms
64 bytes from 151.101.129.67: seq=2 ttl=59 time=81.885 ms

--- cnn.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 81.780/81.961/82.219 ms

Route:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.252.204.69 128.0.0.0 UG 0 0 0 tun1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
10.252.204.1 10.252.204.69 255.255.255.255 UGH 0 0 0 tun1
10.252.204.69 * 255.255.255.255 UH 0 0 0 tun1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.252.204.69 128.0.0.0 UG 0 0 0 tun1
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
193.148.18.148 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0

Although this now seems to be functional to the laymens eye, internet is blocked when the openvpn is activated to all machines connected to the router by utp and wireless.

as 10.252.204.69 is not my isp's ip adres i feel like the vpn is indeed up and running but that something blocks the net to my attached machines.

i tried checking with iplocation.net but that only returns the isp adres even though i entered the 10.252.204.69 in the lookup box.

the policy based field is empty.

it seems like a major step forward though.

kind regards

Matt.

ps: syslog gives some security warnings. i have posted the log here below.


Last edited by spikey1973 on Mon May 27, 2019 21:50; edited 1 time in total
Sponsor
spikey1973
DD-WRT Novice


Joined: 20 Feb 2017
Posts: 29

PostPosted: Mon May 27, 2019 21:48    Post subject: Reply with quote
May 27 21:42:51 r39855 user.info : pptpd : daemon successfully stopped
May 27 21:42:52 r39855 user.info : openvpn : OpenVPN daemon (Client) starting/restarting...
May 27 21:42:52 r39855 daemon.warn openvpn[5286]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
May 27 21:42:52 r39855 daemon.warn openvpn[5286]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
May 27 21:42:52 r39855 daemon.warn openvpn[5286]: WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
May 27 21:42:52 r39855 daemon.notice openvpn[5286]: OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 25 2019
May 27 21:42:52 r39855 daemon.notice openvpn[5286]: library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.09
May 27 21:42:52 r39855 daemon.notice openvpn[5288]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
May 27 21:42:52 r39855 daemon.warn openvpn[5288]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 27 21:42:52 r39855 daemon.warn openvpn[5288]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 27 21:42:52 r39855 daemon.notice openvpn[5288]: TCP/UDP: Preserving recently used remote address: [AF_INET]193.148.18.149:443
May 27 21:42:52 r39855 daemon.notice openvpn[5288]: Socket Buffers: R=[87380->87380] S=[16384->16384]
May 27 21:42:52 r39855 daemon.notice openvpn[5288]: Attempting to establish TCP connection with [AF_INET]193.148.18.149:443 [nonblock]
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: TCP connection established with [AF_INET]193.148.18.149:443
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: TCPv4_CLIENT link local: (not bound)
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: TCPv4_CLIENT link remote: [AF_INET]193.148.18.149:443
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: TLS: Initial packet from [AF_INET]193.148.18.149:443, sid=15df7d41 4703ad55
May 27 21:42:53 r39855 daemon.warn openvpn[5288]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
May 27 21:42:53 r39855 daemon.notice openvpn[5288]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Node newyork-s13, emailAddress=info@cyberghost.ro
May 27 21:42:54 r39855 daemon.notice openvpn[5288]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 27 21:42:54 r39855 daemon.notice openvpn[5288]: [CyberGhost VPN Server Node newyork-s13] Peer Connection Initiated with [AF_INET]193.148.18.149:443
May 27 21:42:55 r39855 daemon.notice openvpn[5288]: SENT CONTROL [CyberGhost VPN Server Node newyork-s13]: 'PUSH_REQUEST' (status=1)
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,comp-lzo no,redirect-gateway def1,dhcp-option DNS 38.132.106.139,dhcp-option DNS 194.187.251.67,dhcp-option DNS 185.93.180.131,route 10.251.204.1,to
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: OPTIONS IMPORT: timers and/or timeouts modified
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: NOTE: --mute triggered...
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: 2 variation(s) on previous 3 message(s) suppressed by --mute
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: Socket Buffers: R=[331520->344064] S=[45440->344064]
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: OPTIONS IMPORT: --ifconfig/up options modified
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: OPTIONS IMPORT: route options modified
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: NOTE: --mute triggered...
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: 3 variation(s) on previous 3 message(s) suppressed by --mute
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: Data Channel: using negotiated cipher 'AES-256-GCM'
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 27 21:42:56 r39855 daemon.notice openvpn[5288]: TUN/TAP device tun1 opened
spikey1973
DD-WRT Novice


Joined: 20 Feb 2017
Posts: 29

PostPosted: Mon May 27, 2019 22:47    Post subject: Reply with quote
eibgrad wrote:
You need to enable NAT.


darn i should've seen that one, completely missed that... and working. Smile thank you very much!

i really appreciate your help.

about that, you mentioned a script that would block network activity if the vpn connection would drop, how is that called? so i can search for it?

Kind greats, Matt
spikey1973
DD-WRT Novice


Joined: 20 Feb 2017
Posts: 29

PostPosted: Tue May 28, 2019 15:15    Post subject: Reply with quote
Thank you so much!

can i ask additionally if, to your knowledge, there is any way to store multiple vpn profiles in dd-wrt so one (me in this case, but i doubt that i would be the only one interested) could swith easily between the profiles?
spikey1973
DD-WRT Novice


Joined: 20 Feb 2017
Posts: 29

PostPosted: Tue May 28, 2019 16:08    Post subject: Reply with quote
oke i don't feel like i understand what you are saying completely. i will need to dive in the topic, but that will be for a later stage.

now it is exam time, all seems to be running thanks to you guys.

thank you again!

i will be back Wink

Matt
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum