Posted: Sun May 30, 2021 5:25 Post subject: [SOLVED] Secondary VPN Router Connected LAN
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.
I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:
Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8
All settings are default
Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled
WAN IP: 192.168.0.149
The secondary router does show up on my primary router. it shows up as an asterisk *.
I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sun May 30, 2021 7:48 Post subject: Re: Secondary VPN Router Connected LAN
Playaguy27 wrote:
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.
I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:
Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8
All settings are default
Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled
WAN IP: 192.168.0.149
The secondary router does show up on my primary router. it shows up as an asterisk *.
I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(
If you have not already read the forum guidelines, please do !!
What build number is the DDWRT router using?
To get Internet from the secondary router should be as easy as hitting the reset button and connect the WAN port from the DDWRT router to the LAN port of the primary/stock router
Start with doing that.
If you have internet then we should setup the VPN.
VPN guides see the links in my signature at the bottom
Posted: Tue Jun 01, 2021 18:09 Post subject: Re: Secondary VPN Router Connected LAN
egc wrote:
Playaguy27 wrote:
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.
I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:
Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8
All settings are default
Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled
WAN IP: 192.168.0.149
The secondary router does show up on my primary router. it shows up as an asterisk *.
I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(
If you have not already read the forum guidelines, please do !!
What build number is the DDWRT router using?
To get Internet from the secondary router should be as easy as hitting the reset button and connect the WAN port from the DDWRT router to the LAN port of the primary/stock router
Start with doing that.
If you have internet then we should setup the VPN.
VPN guides see the links in my signature at the bottom
To which provider are you setting up?
What instructions are you using?
Updated to the latest build. However, still no connection to the internet ;(. Would posting my log help provide ideas/solutions? What do I need to redact from my log to protect my privacy and security?
Use the instructions for PIA from the link I have send you.
Inputted all the new settings from the intructions:
Client: WAIT
Here is the log:
lientlog:
20210602 01:54:19 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20210602 01:54:19 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210602 01:54:19 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20210602 01:54:19 I OpenVPN 2.5.2 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 1 2021
20210602 01:54:19 I library versions: OpenSSL 1.1.1k 25 Mar 2021 LZO 2.09
20210602 01:54:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210602 01:54:19 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210602 01:54:20 I TCP/UDP: Preserving recently used remote address: [AF_INET]REDACTED:1194
20210602 01:54:20 Socket Buffers: R=[172032->172032] S=[172032->172032]
20210602 01:54:20 I UDPv4 link local: (not bound)
20210602 01:54:20 I UDPv4 link remote: [AF_INET]REDACTED:1194
20210602 01:55:20 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210602 01:55:20 N TLS Error: TLS handshake failed
20210602 01:55:20 I SIGUSR1[soft tls-error] received process restarting
20210602 01:55:20 Restart pause 5 second(s)
20210602 01:55:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210602 01:55:25 I TCP/UDP: Preserving recently used remote address: [AF_INET]REDACTED:1194
20210602 01:55:25 Socket Buffers: R=[172032->172032] S=[172032->172032]
20210602 01:55:25 I UDPv4 link local: (not bound)
20210602 01:55:25 I UDPv4 link remote: [AF_INET]REDACTED:1194
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'status 2'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'log 500'
19700101 07:00:00
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Tue Jun 01, 2021 19:26 Post subject:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup correctly):
• Check server address or use other address
• Check if the router has internet connection
• Check if the router has DNS
• Check port
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked. _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup correctly):
• Check server address or use other address
• Check if the router has internet connection
• Check if the router has DNS
• Check port
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.
I was able to connect to the VPN and the internet!!! Thank you for all the help. Here were my settings:
Server name: REDACTED
Port: 1198 (From OpenVPN PIA file)
Tunnel Device: TUN
Tunnel Protocol: udp4
Encryption Cipher: AES-128-CBC
Hash Algorithm: SHA1 (From OpenVPN PIA file and guide)
First Data Cipher: None
Second Data Cipher: Not set
Third Data Cipher: Not set
User Pass Authentication: Enable
Login: REDACTED
PW : REDACTED
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Jun 02, 2021 8:38 Post subject:
AES-128-GCM is better and faster than AES-128-CBC
if your router supports it try "chachapoly"...,
also disable compression...
if you have more struggles with PIA, i also use PIA, so i can share my set up... sadly on Archer router, its CPU is slow and VPN performance is slow...but it works...
also if you decide add those to advanced VPN box
keepalive 10 120 --- this ping server to keep it alive (im not using it, but some ppl do)
pull-filter ignore "dhcp-option DNS" -- this ignores VPN DNS and uses your's
pull-filter ignore "ifconfig-ipv6" --- this disables IPv6config
pull-filter ignore "route-ipv6" ---- this disables ipv6 routes
reneg-sec 0 ----this disables renegotiation
server-poll-timeout 10 ----- this count 10 sec if there is a server timout
remote ro.privacy.network 1198 --- remote command sets your alternative VPN server,
so you can add more servers using this format...either use a name or IP i have list of 5 VPN servers; 1198 is the port they use, if you use any other port you can specify it in this format above... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913