Posted: Mon Apr 05, 2021 16:42 Post subject: OpenVPN client on DD-WRT-flashed Netgear R6300V2 hangs
Am having a weird problem of "Site not reachable" when I enable "OpenVPN client" on a DD-WRT flashed router.
Backround:
o installed Netgear R6200V2 router (factory ROM)
o plugged R6200V2 into ISP
o installed OpenVPN/PiHole/unbound on a remote VPS
o created tablet.ovpn and installed "OpenVPN for Android" on my tablet
o Can toggle OpenVPN client on/off and get expected result when WiFi pointed to R6200V2
oo Using ipaddress.com, OpenVPN client off, my IP is 66.x.x.92 <- ISP assigned IP
oo Using ipaddress.com, OpenVPN client on, my IP is 192.x.x.184 <- VPN assigned IP
Next:
o installed Netgear R6300v2 router and flashed to DD-WRT
o plugged R6300v2 into ISP
o Can toggle OpenVPN client on/off and get expected result when WiFi pointed to R6300V2
oo Using ipaddress.com, OpenVPN client off, my IP is 66.x.x.92 <- ISP assigned IP
oo Using ipaddress.com, OpenVPN client on, my IP is 192.x.x.184 <- VPN assigned IP
At this point R6200V2 is non-VPN and R6300V2 is VPN-capable
Here's the problem;
o when "OpenVPN for Android" on tablet Disabled and WiFi pointed to R6300V2
o and OpenVPN client R6300V2 Enabled or Disabled, doesn't matter which
o then any/all browser queries from that tablet hang
o no errors reported in R6300V2 OpenVPN log nor Syslog
However;
o when "OpenVPN for Android" on tablet Enabled and WiFi pointed to R6300V2
o and OpenVPN client R6300V2 Enabled or Disabled, doesn't matter which
o browser works fine;
oo Using ipaddress.com, my IP is 192.x.x.184 <- VPN assigned IP
If I plug R6300V2 directly into the ISP I can replicate the problem so I'm confident that R6200V2 is not the problem.
My goal is to remove the "OpenVPN for Android" client from my tablet and selectively use Wifi R6300V2 (non-VPN) or R6300V2 (VPN). Obviously there's a missing step in my R6300V2 OpenVPN client configuration somewhere. Suggestions?
Posted: Mon Apr 05, 2021 21:27 Post subject: Log: Here's the problem;
Here's the problem;
o when "OpenVPN for Android" on tablet Disabled and WiFi pointed to R6300V2
o and OpenVPN client R6300V2 Enabled or Disabled, doesn't matter which
o then any/all browser queries from that tablet hang
o no errors reported in R6300V2 OpenVPN log nor Syslog
OpenVPN client Log
Clientlog:
20210405 15:18:53 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210405 15:18:53 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20210405 15:18:53 Current Parameter Settings:
20210405 15:18:53 config = '/tmp/openvpncl/openvpn.conf'
20210405 15:18:53 mode = 0
20210405 15:18:53 NOTE: --mute triggered...
20210405 15:18:53 233 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:18:53 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20210405 15:18:53 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20210405 15:18:53 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210405 15:18:53 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210405 15:18:53 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20210405 15:18:53 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
20210405 15:18:53 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20210405 15:18:53 NOTE: --mute triggered...
20210405 15:18:53 1 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:18:53 LZO compression initializing
20210405 15:18:53 Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
20210405 15:18:53 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20210405 15:18:53 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1602 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA512 keysize 256 key-method 2 tls-client'
20210405 15:18:53 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1602 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA512 keysize 256 key-method 2 tls-server'
20210405 15:18:53 I TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.184:1194
20210405 15:18:53 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210405 15:18:53 W --mtu-disc is not supported on this OS
20210405 15:18:53 I UDP link local: (not bound)
20210405 15:18:53 I UDP link remote: [AF_INET]x.x.x.184:1194
20210405 15:18:53 TLS: Initial packet from [AF_INET]x.x.x.184:1194 sid=2414b543 b15972be
20210405 15:18:53 VERIFY KU OK
20210405 15:18:53 Validating certificate extended key usage
20210405 15:18:53 NOTE: --mute triggered...
20210405 15:18:53 3 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:18:53 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1602' remote='link-mtu 1601'
20210405 15:18:53 W WARNING: 'comp-lzo' is present in local config but missing in remote config local='comp-lzo'
20210405 15:18:53 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 2048 bit RSA
20210405 15:18:53 I [server] Peer Connection Initiated with [AF_INET]x.x.x.184:1194
20210405 15:18:54 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20210405 15:18:54 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 ipv6 bypass-dhcp dhcp-option DNS 10.8.0.1 tun-ipv6 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig-ipv6 fddd:1194:1194:1194::1009/64 fddd:1194:1194:1194::1 ifconfig 10.8.0.11 255.255.255.0 peer-id 1'
20210405 15:18:54 OPTIONS IMPORT: timers and/or timeouts modified
20210405 15:18:54 NOTE: --mute triggered...
20210405 15:18:54 6 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:18:54 Using peer cipher 'AES-256-CBC'
20210405 15:18:54 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20210405 15:18:54 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20210405 15:18:54 NOTE: --mute triggered...
20210405 15:18:54 2 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:18:54 net_route_v4_best_gw query: dst 0.0.0.0
20210405 15:18:54 net_route_v4_best_gw result: via 192.168.1.1 dev vlan2
20210405 15:18:54 GDG6: remote_host_ipv6=n/a
20210405 15:18:54 net_route_v6_best_gw query: dst ::
20210405 15:18:54 net_route_v6_best_gw result: via :: dev vlan2
20210405 15:18:54 I TUN/TAP device tun1 opened
20210405 15:18:54 do_ifconfig ipv4=1 ipv6=1
20210405 15:18:54 I net_iface_mtu_set: mtu 1500 for tun1
20210405 15:18:54 I net_iface_up: set tun1 up
20210405 15:18:54 I net_addr_v4_add: 10.8.0.11/24 dev tun1
20210405 15:18:54 I net_iface_mtu_set: mtu 1500 for tun1
20210405 15:18:54 I net_iface_up: set tun1 up
20210405 15:18:54 I net_addr_v6_add: fddd:1194:1194:1194::1009/64 dev tun1
20210405 15:18:54 net_route_v4_add: x.x.x.184/32 via 192.168.1.1 dev [NULL] table 0 metric -1
20210405 15:18:54 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20210405 15:18:54 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20210405 15:18:54 I add_route_ipv6(::/3 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:18:54 net_route_v6_add: ::/3 via :: dev tun1 table 0 metric -1
20210405 15:18:54 I add_route_ipv6(2000::/4 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:18:54 net_route_v6_add: 2000::/4 via :: dev tun1 table 0 metric -1
20210405 15:18:54 I add_route_ipv6(3000::/4 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:18:54 net_route_v6_add: 3000::/4 via :: dev tun1 table 0 metric -1
20210405 15:18:54 I add_route_ipv6(fc00::/7 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:18:54 net_route_v6_add: fc00::/7 via :: dev tun1 table 0 metric -1
20210405 15:18:54 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20210405 15:18:54 I Initialization Sequence Completed
20210405 15:18:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:18:57 D MANAGEMENT: CMD 'state'
20210405 15:18:57 MANAGEMENT: Client disconnected
20210405 15:18:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:18:57 D MANAGEMENT: CMD 'state'
20210405 15:18:57 MANAGEMENT: Client disconnected
20210405 15:18:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:18:57 D MANAGEMENT: CMD 'state'
20210405 15:18:57 MANAGEMENT: Client disconnected
20210405 15:18:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:18:57 D MANAGEMENT: CMD 'status 2'
20210405 15:18:57 MANAGEMENT: Client disconnected
20210405 15:18:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:18:57 D MANAGEMENT: CMD 'log 500'
20210405 15:18:57 MANAGEMENT: Client disconnected
20210405 15:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:19:10 D MANAGEMENT: CMD 'state'
20210405 15:19:10 MANAGEMENT: Client disconnected
20210405 15:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:19:10 D MANAGEMENT: CMD 'state'
20210405 15:19:10 MANAGEMENT: Client disconnected
20210405 15:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:19:10 D MANAGEMENT: CMD 'state'
20210405 15:19:10 MANAGEMENT: Client disconnected
20210405 15:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:19:10 D MANAGEMENT: CMD 'status 2'
20210405 15:19:10 MANAGEMENT: Client disconnected
20210405 15:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:19:10 D MANAGEMENT: CMD 'log 500'
19691231 17:00:00
Posted: Mon Apr 05, 2021 21:29 Post subject: Log: However;
However;
o when "OpenVPN for Android" on tablet Enabled and WiFi pointed to R6300V2
o and OpenVPN client R6300V2 Enabled or Disabled, doesn't matter which
o browser works fine;
oo Using ipaddress.com, my IP is 192.x.x.184 <- VPN assigned IP
OpenVPN client Log
Log
Clientlog:
20210405 15:20:58 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20210405 15:20:58 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210405 15:20:58 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20210405 15:20:58 Current Parameter Settings:
20210405 15:20:58 config = '/tmp/openvpncl/openvpn.conf'
20210405 15:20:58 mode = 0
20210405 15:20:58 NOTE: --mute triggered...
20210405 15:20:58 233 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:20:58 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20210405 15:20:58 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20210405 15:20:58 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210405 15:20:58 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210405 15:20:58 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20210405 15:20:58 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
20210405 15:20:58 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20210405 15:20:58 NOTE: --mute triggered...
20210405 15:20:58 1 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:20:58 LZO compression initializing
20210405 15:20:58 Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
20210405 15:20:58 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20210405 15:20:58 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1602 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA512 keysize 256 key-method 2 tls-client'
20210405 15:20:58 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1602 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA512 keysize 256 key-method 2 tls-server'
20210405 15:20:58 I TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.184:1194
20210405 15:20:58 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210405 15:20:58 W --mtu-disc is not supported on this OS
20210405 15:20:58 I UDP link local: (not bound)
20210405 15:20:58 I UDP link remote: [AF_INET]x.x.x.184:1194
20210405 15:20:58 TLS: Initial packet from [AF_INET]x.x.x.184:1194 sid=56bef7b4 f9b46867
20210405 15:20:58 VERIFY KU OK
20210405 15:20:58 Validating certificate extended key usage
20210405 15:20:58 NOTE: --mute triggered...
20210405 15:20:59 3 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:20:59 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1602' remote='link-mtu 1601'
20210405 15:20:59 W WARNING: 'comp-lzo' is present in local config but missing in remote config local='comp-lzo'
20210405 15:20:59 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 2048 bit RSA
20210405 15:20:59 I [server] Peer Connection Initiated with [AF_INET]x.x.x.184:1194
20210405 15:21:00 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20210405 15:21:00 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 ipv6 bypass-dhcp dhcp-option DNS 10.8.0.1 tun-ipv6 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig-ipv6 fddd:1194:1194:1194::1009/64 fddd:1194:1194:1194::1 ifconfig 10.8.0.11 255.255.255.0 peer-id 6'
20210405 15:21:00 OPTIONS IMPORT: timers and/or timeouts modified
20210405 15:21:00 NOTE: --mute triggered...
20210405 15:21:00 6 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:21:00 Using peer cipher 'AES-256-CBC'
20210405 15:21:00 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20210405 15:21:00 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20210405 15:21:00 NOTE: --mute triggered...
20210405 15:21:00 2 variation(s) on previous 3 message(s) suppressed by --mute
20210405 15:21:00 net_route_v4_best_gw query: dst 0.0.0.0
20210405 15:21:00 net_route_v4_best_gw result: via 192.168.1.1 dev vlan2
20210405 15:21:00 GDG6: remote_host_ipv6=n/a
20210405 15:21:00 net_route_v6_best_gw query: dst ::
20210405 15:21:00 net_route_v6_best_gw result: via :: dev vlan2
20210405 15:21:00 I TUN/TAP device tun1 opened
20210405 15:21:00 do_ifconfig ipv4=1 ipv6=1
20210405 15:21:00 I net_iface_mtu_set: mtu 1500 for tun1
20210405 15:21:00 I net_iface_up: set tun1 up
20210405 15:21:00 I net_addr_v4_add: 10.8.0.11/24 dev tun1
20210405 15:21:00 I net_iface_mtu_set: mtu 1500 for tun1
20210405 15:21:00 I net_iface_up: set tun1 up
20210405 15:21:00 I net_addr_v6_add: fddd:1194:1194:1194::1009/64 dev tun1
20210405 15:21:00 net_route_v4_add: x.x.x.184/32 via 192.168.1.1 dev [NULL] table 0 metric -1
20210405 15:21:00 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20210405 15:21:00 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20210405 15:21:00 I add_route_ipv6(::/3 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:21:00 net_route_v6_add: ::/3 via :: dev tun1 table 0 metric -1
20210405 15:21:00 I add_route_ipv6(2000::/4 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:21:00 net_route_v6_add: 2000::/4 via :: dev tun1 table 0 metric -1
20210405 15:21:00 I add_route_ipv6(3000::/4 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:21:00 net_route_v6_add: 3000::/4 via :: dev tun1 table 0 metric -1
20210405 15:21:00 I add_route_ipv6(fc00::/7 -> fddd:1194:1194:1194::1 metric -1) dev tun1
20210405 15:21:00 net_route_v6_add: fc00::/7 via :: dev tun1 table 0 metric -1
20210405 15:21:00 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20210405 15:21:00 I Initialization Sequence Completed
20210405 15:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:21:13 D MANAGEMENT: CMD 'state'
20210405 15:21:13 MANAGEMENT: Client disconnected
20210405 15:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:21:13 D MANAGEMENT: CMD 'state'
20210405 15:21:13 MANAGEMENT: Client disconnected
20210405 15:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:21:13 D MANAGEMENT: CMD 'state'
20210405 15:21:13 MANAGEMENT: Client disconnected
20210405 15:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:21:13 D MANAGEMENT: CMD 'status 2'
20210405 15:21:13 MANAGEMENT: Client disconnected
20210405 15:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210405 15:21:13 D MANAGEMENT: CMD 'log 500'
19691231 17:00:00