Posted: Sun May 31, 2020 19:08 Post subject: Problem with OpenVPN (PureVPN) client configuration
Hello,
I am a new user and after a recent purchase of a Linksys e900 to have it dedicated to VPN (PureVPN) connections, I am working on the following setup:
Router 1: ISP modem/router (standard firmware) LAN <-> Router 2: WAN Linksys e900 (DD-WRT v3.0-r43209 mega (05/21/20))
Router 1 is on subnet 192.168.1.1 (DHCP enabled with reserved IP for Router 2: 192.168.1.224)
Router 2 is on subnet 192.168.2.1, below the screenshots with current configuration.
With regard to setting up the VPN with PureVPN, I have used the script in the second post of this thread (I have replaced server keys/certs with latest from purevpn): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=307250
Now the problem: as long as I do not enable the OpenVPN client, I can perfectly use the Router 2 to access internet, so the network configuration seems to be fine.
When I enable OpenVPN client, I do not have internet connection and also I can not access the webgui of the Router 2 - I have to use a wired PC to Router 2 connection to see the webgui again.
Any suggestion to solve the issue and have a successful connection through the OpenVPN client?
Many thanks in advance for your help!
Last edited by vedderMI on Sun May 31, 2020 21:04; edited 1 time in total
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Sun May 31, 2020 21:31 Post subject:
If you "Save" and "Apply", you probably won't get any joy. "Save" (twice or three times, if you choose!) and "Reboot".
If you are using a Chromium-based browser, that is likely 90% of your problem.
I'm not going to expound for the 83230894038403840284023948320842038th time. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
If you "Save" and "Apply", you probably won't get any joy. "Save" (twice or three times, if you choose!) and "Reboot".
If you are using a Chromium-based browser, that is likely 90% of your problem.
I'm not going to expound for the 83230894038403840284023948320842038th time.
This is not the case: I have rebooted every time after change of settings.
Post a picture of the OpenVPN status page (whole page)
I saw you have NAT disabled, usually NAT should be enabled for commercial OpenVPN providers
I tried enabling the NAT, still no connection.
I can not access the GUI (tried also ssh) after having enabled the OpenVPN client in order to post the log. For the sake of clarity I recap the current status:
1) With current settings (as first post), and OpenVPN client OFF, I can normally access GUI and connect to internet through Router 2;
2) once I enable OpenVPN client, no more access to GUI or internet connection;
3) the only way to load GUI is to turn off the router 2, and make a LAN to PC wired connection, then turn it back ON;
4) by performing 3) I can now access the status page with OpenVPN logs, but (correct me if I am wrong) the log reported here should be not meaningful as it represents the activity since Router 2 was ON again -> i.e. once connected LAN to PC (to allow me to load GUI again)
How should I proceed to solve accessibility to GUI and post relevant log to finally understand what is the issue with the OpenVPN settings?
Post a picture of the OpenVPN status page (whole page)
I saw you have NAT disabled, usually NAT should be enabled for commercial OpenVPN providers
This time after enabling the opnevpn client, i just clicked on apply without rebooting: I managed to access the openvpn status log for a short time - below the screenshot with the log.
I have enabled NAT as your suggestion, plus also applied suggestions posted by Medo (disabled Mss fix and IPv6).
Last edited by vedderMI on Fri Jun 05, 2020 11:27; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Tue Jun 02, 2020 6:37 Post subject:
First of all why can you not see the OpenVPN status page when you reboot?
How are you connected to the router?
The settings PureVPN is pushing are Encryption cipher AES-256-GCM (and not CBC) and Compression: NO
But that should not stop you from getting a connection.
The fact that you cannot connect to the router when you reboot with VPN enabled, the fact that you have entered a time server (DDWRT works best when no time server is specified) the fact that you had entered a Gateway address led me starting to believe that there might be something wrong in your general setup
Perhaps reset to defaults and only change the Routers IP address from 192.168.1.1 to 192.168.2.1 and then setup OpenVPN so that you know the router is setup correctly
Finally, I had some time to perform an hard reset and reconfigure as you suggested: 1) changed subnet to 192.168.2.1; 2) manually (no script) entered OpenVPN configuration settings, this time enabling NAT and disabling MSS-fix.
Result: everything works fine!
Now, would you suggest me to further improve this basic configuration by (e.g.) adding a kill switch options or other settings that should improve the connection / general setup?
One thing that I was testing: I have a reserved IP for router 2 in router 1 config, but I can not load the webgui from a pc connected on subnet 1...
Thanks a lot to all for the help!
Last edited by vedderMI on Fri Jun 05, 2020 11:36; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Fri Jun 05, 2020 11:47 Post subject:
Great to hear you got it working
Curious what @Medo has for settings in additional config.
In general you should not need anything
Some providers tell you to add:
reneg-sec 0
This means that no new key is renegotiated (normally every hour), a slight security risk, but some connections are lost and not recovered on key negotiation
A useful addition is to keep the connection alive:
keepalive 10 120
(the ping 10 is part of this command)
Sometimes upping the send and receive buffer can give you a slight improvement but on these lower specced routers you will loose valuable memory
Very useful and if I was in charge I made it default, is to select (tick/enable) the "Inbound firewall on TUN"
This was one of the later additions when @eibgrad found out that PureVPN had no firewall at all so when connected to PureVPN your router and network was wide open to the internet (All other providers had their own firewall so that you were not exposed) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Thanks Medo and egc,
I indeed cleaned the additional config box, and left only:
keepalive 10 120
The PureVPN connection seems now working, except for the fact that some streaming providers detect the fact that I am using a VPN/proxy server. I contacted PureVPN support, they suggested a couple of different servers where to connect but...didn't work at all.
One more question:
While trying to complete the general configuration of my home network, I can not access router 2 webgui (192.168.1.xxx - reserved IP for router 2 set on router 1) from a pc in subnet 1. I have enabled webgui remote access option in router 2....as I wrote, together with reserving an IP in router 1 configuration. What else should I configure?