Posted: Fri Jul 31, 2020 21:08 Post subject: TLS Error on OpenVPN - PIA
I have a Linksys E4200 v.1 that I flashed DD-WRT firmware onto dd-wrt.v24-21676_NEWD-2_K2.6_mini-e4200.bin and upgraded to dd-wrt.v24-40559_NEWD-2_K3.x_mega-e4200.bin Firmware: DD-WRT v3.0-r40559 mega (08/06/19). I purchased Private Internet Access for VPN and entered all of their information for my router to set up the VPN. Everytime I try to connect to the VPN, I receive this error, can anyone please help me resolve this issue? I have been working on this for days now and getting more frustrated by the day. Thanks in advance for your help. I have attached Private Internet Account's step by step guide that I followed to enter the information for the VPN.
Client: RECONNECTING tls-error
Local Address:
Remote Address:
Posted: Fri Jul 31, 2020 22:28 Post subject: TLS Error on OpenVPN - PIA
I set the time settings to disable. Is there a better build for my router? I have only been able to find this build, is there some where else I need to look? Thank you for replying, I am new to this.
Joined: 16 Nov 2015 Posts: 6439 Location: UK, London, just across the river..
Posted: Sat Aug 01, 2020 8:12 Post subject: Re: TLS Error on OpenVPN - PIA
raid wrote:
I set the time settings to disable. Is there a better build for my router? I have only been able to find this build, is there some where else I need to look? Thank you for replying, I am new to this.
DO NOT DISABLE NTP TIME ITS VITAL FOR THE ROUTER OPERATIONS....!!
choose your time zone and you can add an IP NTP time server like ggl time or cloudlflare ntp time
162.159.200.123
or
216.239.35.4
I upgraded my build to dd-wrt.v24-41813_NEWD-2_K3.x_mega-e4200.bin and configured the VPN and used the IPs you gave me and also tried IPs from pool.ntp.org.
I am now getting an error that says: Client: RECONNECTING network-unreachable
I see that it thinks it is Dec. 31, 1969 how do I change the date and time manually? Is there a way to command the router to update the date and time?
Clientlog:
19691231 19:00:12 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
19691231 19:00:12 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
19691231 19:00:12 I OpenVPN 2.4.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 29 2019
19691231 19:00:12 I library versions: OpenSSL 1.1.1d 10 Sep 2019 LZO 2.09
19691231 19:00:12 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19691231 19:00:12 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19691231 19:00:12 I TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.187.129:1197
19691231 19:00:12 Socket Buffers: R=[163840->163840] S=[163840->163840]
19691231 19:00:12 I UDPv4 link local: (not bound)
19691231 19:00:12 I UDPv4 link remote: [AF_INET]89.187.187.129:1197
19691231 19:00:15 N write UDPv4: Network unreachable (code=128)
19691231 19:00:15 I Network unreachable restarting[/quote]
Any chance you configured this router as a WAP (LAN to LAN wrt your primary router)? You typically disable the WAN in such a configuration. Along w/ settings an IP and netmask in the LAN section, sometimes ppl forget they also need to set a default gateway IP and DNS server in order for the router to carry out its operations, like setting the time.
I have both LAN and WAN enabled under DHCP server. I do not have a default gateway address under Basic settings, so are you saying to disable WAN (where?) add my primary routers default gateway under Basic settings,and I have Local DNS enabled as well.
I have been working on this for days, and I an not a networking guru, would you mind helping me remotely?
Having a router that refuses to update the time is unusual. As long as you keep the time feature enabled and choose a timezone, it should work. It doesn't even need a time server to be specified. If left blank, it will use its own default servers.
The one time I have seen this type of problem is when someone configures their router as a WAP (LAN to LAN wrt the primary router). In that configuration, you typically have the WAN disabled, and therefore it's critical that the LAN section be fully configured (IP, netmask, default gateway, DNS server) in order for the router to be able to carry out its administrative functions, which includes updating the time.
Having a router that refuses to update the time is unusual. As long as you keep the time feature enabled and choose a timezone, it should work. It doesn't even need a time server to be specified. If left blank, it will use its own default servers.
The one time I have seen this type of problem is when someone configures their router as a WAP (LAN to LAN wrt the primary router). In that configuration, you typically have the WAN disabled, and therefore it's critical that the LAN section be fully configured (IP, netmask, default gateway, DNS server) in order for the router to be able to carry out its administrative functions, which includes updating the time.
I am *NOT* suggesting you configure the router as a WAP! I'm merely speculating if perhaps you did for some reason, and given the above, it *might* explain why the time is not being set. In a routed configuration (i.e., active WAN), the router is configured w/ an IP, netmask, default gateway, and DNS server(s) from the ISP. And now it becomes possible for the router to carry out its administrative functions over that WAN.
Under my WAN settings I see the attached. So does that mean that I need to input my ISPs default gateway IP of 192.168.1.1 and how do I find my ISP DNS server? Would it be under my primary routers settings?
Sorry for having so many questions, I have never set up a VPN before.
Joined: 08 May 2018 Posts: 14222 Location: Texas, USA
Posted: Sun Aug 02, 2020 1:34 Post subject:
It looks like your E4200 is on the wrong subnet if it's not getting a WAN IP. If your ISP router / modem is on 192.168.1.x, then you need to set your E4200 local IP to 192.168.2.1. Or, you need to change what subnet your ISP equipment is on, either or. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
tls certificate must be TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
for PIA, add those to advanced VPN box
persist-key
persist-tun
tls-client
remote-cert-tls server
ncp-disable
also as your router is very low specs use: SHA1 AES-128-GCM ca.rsa.2048.crt UDP 1198
make sure you have in advanced DNSmasq box
no-resolv
server=209.222.18.222
server=209.222.18.218
or any other DNS server you want
I personally have 9.9.9.9
do not expect VPN performance more than 5-10 Mbit max _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks everyone for the advice. I finally got the WAN settings for my router (I didn't have it plugged into my ISP modem, ).
I also have my VPN connecting successfully, but when doing an IP check, it shows my ISP's public ip and not my VPN IP. I looked in my WAN settings and for some reason, it shows the 2 DNS IPs from PIA and then one that is the same IP as my primary router, and I am not sure how to remove it or how it got in there.