Posted: Thu Sep 03, 2020 0:51 Post subject: Help with this issue please? IP Address is not hidden..
Hi All,
Any help would be greatly appreciated. I am using a
Linksys - WRT AC3200 Dual-Band WiFi 5 Router and have been using dd-wrt successfully for about 6 months but something has changed and I cant figure it out. It says I am connected to a PIA server but my ip address is not hidden. This is the "log" I see in the status tab. If you need more info, let me know and thanks in advance.
Log
Clientlog:
20200902 19:37:49 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20200902 19:37:49 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20200902 19:37:49 I OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200902 19:37:49 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200902 19:37:49 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200902 19:37:49 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200902 19:37:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200902 19:37:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]104.18.5.18:1198
20200902 19:37:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20200902 19:37:49 I UDPv4 link local: (not bound)
20200902 19:37:49 I UDPv4 link remote: [AF_INET]104.18.5.18:1198
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'status 2'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00
That log does NOT indicate you are connected. Quite the opposite. It's in a WAIT state, attempting to connect to the OpenVPN server @ 104.18.5.18, port 1198, using udp, and there's no response.
Could just be a simple case of that particular server being down, maybe for maintenance.
That's why it's smart to add additional servers (in the form of remote directives) to Additional Config, so the OpenVPN client can try other servers, and find one that is hopefully up and running.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Thu Sep 03, 2020 17:01 Post subject:
LZO line means miss-configuration...as well i dont see the usual staff to confirm you are connected in the OpenVPN log
make sure you set an appropriate settings for PIA
1. make sure you have NTP time ...go to basic set up page and turn it on select your time zone (you can add IP if you want to use external NTP server) 216.239.35.4 - this is google NTP server
2. set: Port,Tunnel Protocol,Encryption Cipher,Hash Algorithm according to CA Cert used...
2048 requires port udp 1198, AES-128 GCM, SHA1
4096 requres port udp 1197, AES-256 GCM, SHA256
Inbound Firewall on TUN - thick that box
TLS Cipher - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
Compression - NO
NAT - enable
Firewall Protection - enable
Verify Server Cert. - tick that box
TLS Key choice - TLS Auth
in Additional Config:
persist-key
persist-tun
tls-client
remote-cert-tls server
ncp-disable
keepalive 10 120
first 3 are not needed on the new builds thats why its good to start with router model and current build running, its easy to identify problems and diagnose the set up..
'remote-cert-tls server' its not due unless you don't tick the 'Verify Server Cert' box in the OpenVPN set up...
you can also specify more servers to use if one fails in 10 seconds use eibgrad suggestions above...for more OpenVPN commands have a look at OpenVPN mans page, ggl it... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Thu Sep 03, 2020 17:11; edited 1 time in total
I will try these suggestions. I am just so frustrated with this whole process. Mostly from PIA. They just regurgitate the same information over and over. I am going to reset my router and try over from step one with this forums help, hopefully Thank you for the replies.