[catchlight]

Hi All,

Any help would be greatly appreciated. I am using a
Linksys - WRT AC3200 Dual-Band WiFi 5 Router and have been using dd-wrt successfully for about 6 months but something has changed and I cant figure it out. It says I am connected to a PIA server but my ip address is not hidden. This is the "log" I see in the status tab. If you need more info, let me know and thanks in advance.

State
Client: WAIT
Local Address:
Remote Address:

Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 28
Auth read bytes 0
pre-compress bytes 0
post-compress bytes 0
pre-decompress bytes 0
post-decompress bytes 0

Log
Clientlog:
20200902 19:37:49 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20200902 19:37:49 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20200902 19:37:49 I OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200902 19:37:49 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200902 19:37:49 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200902 19:37:49 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200902 19:37:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200902 19:37:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]104.18.5.18:1198
20200902 19:37:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20200902 19:37:49 I UDPv4 link local: (not bound)
20200902 19:37:49 I UDPv4 link remote: [AF_INET]104.18.5.18:1198
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'status 2'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00

[eibgrad]

That log does NOT indicate you are connected. Quite the opposite. It's in a WAIT state, attempting to connect to the OpenVPN server @ 104.18.5.18, port 1198, using udp, and there's no response.

Could just be a simple case of that particular server being down, maybe for maintenance.

That's why it's smart to add additional servers (in the form of remote directives) to Additional Config, so the OpenVPN client can try other servers, and find one that is hopefully up and running.

[Alozaros]

LZO line means miss-configuration...as well i dont see the usual staff to confirm you are connected in the OpenVPN log

make sure you set an appropriate settings for PIA

1. make sure you have NTP time ...go to basic set up page and turn it on select your time zone (you can add IP if you want to use external NTP server) 216.239.35.4 - this is google NTP server
2. set: Port,Tunnel Protocol,Encryption Cipher,Hash Algorithm according to CA Cert used...
2048 requires port udp 1198, AES-128 GCM, SHA1
4096 requres port udp 1197, AES-256 GCM, SHA256

Inbound Firewall on TUN - thick that box
TLS Cipher - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
Compression - NO
NAT - enable
Firewall Protection - enable
Verify Server Cert. - tick that box
TLS Key choice - TLS Auth

in Additional Config:

persist-key
persist-tun
tls-client

remote-cert-tls server

ncp-disable
keepalive 10 120

first 3 are not needed on the new builds thats why its good to start with router model and current build running, its easy to identify problems and diagnose the set up..

'remote-cert-tls server' its not due unless you don't tick the 'Verify Server Cert' box in the OpenVPN set up...

for more info have a look on this recent discussion here... https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326273

you can also specify more servers to use if one fails in 10 seconds use eibgrad suggestions above...for more OpenVPN commands have a look at OpenVPN mans page, ggl it...

[catchlight]

I will try these suggestions. I am just so frustrated with this whole process. Mostly from PIA. They just regurgitate the same information over and over. I am going to reset my router and try over from step one with this forums help, hopefully Thank you for the replies.

[egc]

PIA is in a "transitional state" those are the words from their helpdesk.

Meaning it sucks at the moment.

See
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326414

How to setup.

Edit: Always state router model ( you did) and build number you are using an "old" build. I know your router sometimes works better on an old build. so I am not saying you have to upgrade