[securedparty]

Attached image showing a working configuration (as of Mar/2020) of KeepSolid VPN (aka VPN Unlimited) under DDWRT using OpenVPN.



I am sharing this for three reasons:
[1] I had to relearn the working configuration after updating a router.
[2] I have found KeepSolid's DDWRT Guide to be flawed and technically incorrect, seeing as how it does NOT work.
[3] For anyone else who may be attempting to get this VPN to work in their router.

Server IP/Name: FILL
Port: 1194
Tunnel Device: TUN
Tunnel Protocol: UDP
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA512
TLS Cipher: NONE
LZO Adaptive
nsCertType verification CHECKED FOR ON

Additional config
#cipher AES-256-CBC
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
remote-random
remote-cert-tls server
route-metric 1
#auth-nocache
verb 2
mute 20

TLS Auth Key: Unused/EMPTY
PKCS12 Key: Unused/EMPTY
Static Key: Unused/EMPTY
CA Cert: FILL
Public Client Cert: FILL
Private Client Key: FILL


I hope this can be as useful for others as this will be for me, again, in the future, possibly-maybe.

[egc]

Thanks for sharing.

One remark, I would not recommend using auth-nocache, DDWRT uses the cache on reconnect so it might get you into trouble when there is a disconnect (you are trying to keep the tunnel open with ping but that is not always succesful )

[saadbashir]

I am trying to configure VPNUNLIMITED on DDWRT flashed on LinkSys E1200V2.

I am following configurations stated on https://www.vpnunlimitedapp.com/help/manuals/dd-wrt-open-vpn-configuration-guide but found this post here.

Thank you for this post. I am trying to follow your instructions but getting following error:

[egc]

I have not looked in detail but I noticed a couple of things.

You do not have the right time on your router and thus your certificate is not valid.

NAT is disabled, for almost all VPN providers I know you have to enable NAT (this might be an exception)

You can most probably remove all settings in the Additional config save: remote-random and reneg-sec 0 (this one is to make your connection stay up but it is less safe)

I use Keep solid but only for WireGuard

[saadbashir]

Thank you for your kind response.

Fixed the time. Thank you for pointing it out.

Secondly I enabled NAT because I was following the guidelines in this post. I have disabled NAT and removed all additional settings except the two mentioned by you. But unfortunately still didn't work.

Following is the current log:

[egc]

Time is not fixed your date shows 01 01 1970:
19700101 05:01:10 N TLS_ERROR: BIO read tls_read_plaintext error

VPN cannot operate without correct date and time.
That should go automatically so there is something wrong with your settings.
Do not enter anything in the time server field just keep it blank.

To be clear NAT should be enabled (normally )

[saadbashir]

egc thank you for your assistance.

I tried removing the NTP server and press apply settings and now suddenly my router has stopped responding. All its lights are continuously on. They aren't flashing or anything. Have unplugged it and the lights are still on. Any idea what I can do to fix this?

[egc]

If turning it off and on does not help a reset is the next step.

But bricking your router by removing an entry in the NTP time server field (time works best when left blank) is hard to understand, it indicates that there is something else going on either wrong settings or hardware failure

BTW you did not even tell us your router model and build number (it is recent as you are using OpenVPN 2.4.9)
Latest build 43192 appears to work good.

So if you have to reset, research updating to this latest build.

[saadbashir]

Thank you for your kind reply.

It is odd. I don't know what happened there. This was a very old router Linksys E1200 V2. Didn't want to risk going out because of all this corona. So since this was compatible I thought I will give it a try.

I have tried reset, 30:30:30 reset but nothing seems to work. Those lights are here to stay!

Is there any other trick up your sleeve? If not, can you recommend a new router in low-mid budget which might work good. Any feedback on Linksys E900? I only need it for VPN Client mode. Thanks

[egc]

This is the wiki: https://wiki.dd-wrt.com/wiki/index.php/Linksys_E1200v2

There is a link to recovery instructions.

These old routers will not get you more than a few MB/s for OpenVPN and maybe 10 for WireGuard?

For reasonable OpenVPN performance (30 MB/s) you need something like a dual core Arm 800 MHz CPU

[SurprisedItWorks]

Just to add a little to egc's comments...

The inexpensive router most recommended in the forums is the Netgear R7800 (see egc's sig for link to setup), which definitely has the CPU power to handle VPN well. The R7000 (older, cheaper) is also mentioned often, and the (newer, pricey) R9000 is mentioned occasionally. The R7000 and R7800 are often available used for good prices. Part of what's going on with the Netgear models is that you want to stick to those with Qualcomm/Atheros wifi hardware, which is far less troublesome than the Broadcom wifi hardware of some models.

If you want to stick with Linksys, you want the EA8500 or the WRT1900ACSv2 (specifically the ACS and specifically the v2), which also have Atheros wifi. Stay away from the more popular WRT3200ACM (especially) and WRT32X models, as their wifi drivers have issues that drive people nuts. If you go with the WRT1900ACSv2, which I use, note you should add a USB fan. Also, the "v2" is never advertised in commercial listings for that router, but it can be verified by looking at the upper-right corner of the blue label on the bottom of the router. The earlier AC (particularly its v1) and ACSv1 (not marked at all with a version number on the blue label) have been tricky for people. Setup for the WRT1900ACSv2 is per the "Cliff Notes" sticky at the beginning of the Marvell forum. (I'm not familiar enough with the EA8500 to point you at setup info.)

If you are bargain hunting for another router, the right way to go is going to depend on what you can locate at a decent price, but this little list should get you started.

Use the new-build threads in the appropriate (for the particular router) forum to pick a build. Never depend on the router database, which is obsolete and often recommends disastrous build choices.

[saadbashir]

Hey guys thank you for your kind responses.

Egc I have tried simple reset, 30:30:30 reset and even plugging the router into LAN port of computer directly to see if I can access the http page but to no avail. I guess it is time to throw the router in the bin. It has all lights on dim. I have also changed 3 power sources to see if that might be the issue.

Actually I just need VPN because for some odd reason my SMA solar inverter using SIP protocol to share production data and SIP has been blocked by government. Now I need a VPN to bypass and get the data feed from my inverter. So won’t be a lot of data transfer and I am not even sure if it would work so don’t want to spend a lot of money.

In my junk I found some more linksys routers
1) WRT54G2 V1.5
2) E1000 v2.1
3) E1000 v1

Guys, I am thinking of flashing E1000 v2.1 to try my luck tomorrow. As you suggested that the wiki is outdated from where can I get latest firmware which might work with this router? In the forum I could only find a mini.bin. Will mini firmware will have support for VPN client?

[egc]

See the forum guidelines about what and where to download:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Almost no routers with 4 MB flash have OpenVPN, I think

[kernel-panic69]

4MB flash devices will not have openvpn, and probably won't have wireguard. I think the only option they have it pptp.