[SOLVED] Secondary VPN Router Connected LAN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Playaguy27
DD-WRT Novice


Joined: 29 May 2021
Posts: 5

PostPosted: Sun May 30, 2021 5:25    Post subject: [SOLVED] Secondary VPN Router Connected LAN Reply with quote
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.

I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:

Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8

All settings are default


Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled

WAN IP: 192.168.0.149


The secondary router does show up on my primary router. it shows up as an asterisk *.

I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun May 30, 2021 7:48    Post subject: Re: Secondary VPN Router Connected LAN Reply with quote
Playaguy27 wrote:
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.

I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:

Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8

All settings are default


Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled

WAN IP: 192.168.0.149


The secondary router does show up on my primary router. it shows up as an asterisk *.

I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(


Welcome to the forum

To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

If you have not already read the forum guidelines, please do !!

What build number is the DDWRT router using?

To get Internet from the secondary router should be as easy as hitting the reset button and connect the WAN port from the DDWRT router to the LAN port of the primary/stock router

Start with doing that.

If you have internet then we should setup the VPN.

VPN guides see the links in my signature at the bottom

To which provider are you setting up?
What instructions are you using?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Playaguy27
DD-WRT Novice


Joined: 29 May 2021
Posts: 5

PostPosted: Tue Jun 01, 2021 18:09    Post subject: Re: Secondary VPN Router Connected LAN Reply with quote
egc wrote:
Playaguy27 wrote:
Hi everyone. I am on my 4th or 5th day attempting to connect a secondary DD-WRT router through my primary router TP Link Archer A7. The primary TP Link Archer A7 is running the stock firmware. The secondary router which is also a TP Link Archer A7 is running DD-WRT.

I finally managed to setup the secondary DD-WRT router to connect to the VPN. However, I am unable to connect to the internet. The setup is as follows:

Primary router
IP Address: 192.168.0.1
Default Gateway: 192.168.0.1
DNS Server 1: 1.1.1.1
DNS Server 2: 8.8.8.8

All settings are default


Secondary router
IP Address: 192.168.1.1
Gateway: 0.0.0.0
Local DNS: 0.0.0.0
IPV6 disabled

WAN IP: 192.168.0.149


The secondary router does show up on my primary router. it shows up as an asterisk *.

I've probably sunk in 10+ hours at this point with various settings and watching several youtube tutorials. The issue stem from something not working with my settings or is the primary router blocking my secondary router from accessing the internet? Please help ;(
elp ;(


Welcome to the forum

To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

If you have not already read the forum guidelines, please do !!

What build number is the DDWRT router using?

To get Internet from the secondary router should be as easy as hitting the reset button and connect the WAN port from the DDWRT router to the LAN port of the primary/stock router

Start with doing that.

If you have internet then we should setup the VPN.

VPN guides see the links in my signature at the bottom

To which provider are you setting up?
What instructions are you using?


My VPN provider is privateinternetaccess with the instruction from the provider: https://www.privateinternetaccess.com/helpdesk/guides/routers/dd-wrt-v40559-openvpn-setup

The build number is DD-WRT v3.0-r38060 std 12/20/18
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jun 01, 2021 18:28    Post subject: Reply with quote
You have to use a recent build (latest is 46836 as of this moment), instructions for PIA see:
https://forum.dd-wrt.com/phpBB2/download.php?id=48550

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Playaguy27
DD-WRT Novice


Joined: 29 May 2021
Posts: 5

PostPosted: Tue Jun 01, 2021 18:40    Post subject: Reply with quote
egc wrote:
You have to use a recent build (latest is 46836 as of this moment), instructions for PIA see:
https://forum.dd-wrt.com/phpBB2/download.php?id=48550


Updated to the latest build. However, still no connection to the internet ;(. Would posting my log help provide ideas/solutions? What do I need to redact from my log to protect my privacy and security?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jun 01, 2021 18:43    Post subject: Reply with quote
Use the instructions for PIA from the link I have send you.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Playaguy27
DD-WRT Novice


Joined: 29 May 2021
Posts: 5

PostPosted: Tue Jun 01, 2021 19:00    Post subject: Reply with quote
egc wrote:
Use the instructions for PIA from the link I have send you.


Inputted all the new settings from the intructions:

Client: WAIT

Here is the log:

lientlog:
20210602 01:54:19 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20210602 01:54:19 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210602 01:54:19 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20210602 01:54:19 I OpenVPN 2.5.2 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 1 2021
20210602 01:54:19 I library versions: OpenSSL 1.1.1k 25 Mar 2021 LZO 2.09
20210602 01:54:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210602 01:54:19 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210602 01:54:20 I TCP/UDP: Preserving recently used remote address: [AF_INET]REDACTED:1194
20210602 01:54:20 Socket Buffers: R=[172032->172032] S=[172032->172032]
20210602 01:54:20 I UDPv4 link local: (not bound)
20210602 01:54:20 I UDPv4 link remote: [AF_INET]REDACTED:1194
20210602 01:55:20 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210602 01:55:20 N TLS Error: TLS handshake failed
20210602 01:55:20 I SIGUSR1[soft tls-error] received process restarting
20210602 01:55:20 Restart pause 5 second(s)
20210602 01:55:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210602 01:55:25 I TCP/UDP: Preserving recently used remote address: [AF_INET]REDACTED:1194
20210602 01:55:25 Socket Buffers: R=[172032->172032] S=[172032->172032]
20210602 01:55:25 I UDPv4 link local: (not bound)
20210602 01:55:25 I UDPv4 link remote: [AF_INET]REDACTED:1194
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'state'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'status 2'
20210602 01:56:18 MANAGEMENT: Client disconnected
20210602 01:56:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210602 01:56:18 D MANAGEMENT: CMD 'log 500'
19700101 07:00:00
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jun 01, 2021 19:26    Post subject: Reply with quote
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup correctly):
• Check server address or use other address
• Check if the router has internet connection
• Check if the router has DNS
• Check port
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Playaguy27
DD-WRT Novice


Joined: 29 May 2021
Posts: 5

PostPosted: Tue Jun 01, 2021 22:29    Post subject: Reply with quote
egc wrote:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup correctly):
• Check server address or use other address
• Check if the router has internet connection
• Check if the router has DNS
• Check port
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.


I was able to connect to the VPN and the internet!!! Thank you for all the help. Here were my settings:

Server name: REDACTED
Port: 1198 (From OpenVPN PIA file)
Tunnel Device: TUN
Tunnel Protocol: udp4
Encryption Cipher: AES-128-CBC
Hash Algorithm: SHA1 (From OpenVPN PIA file and guide)
First Data Cipher: None
Second Data Cipher: Not set
Third Data Cipher: Not set

User Pass Authentication: Enable
Login: REDACTED
PW : REDACTED

Advanced Options: Enable
TLS Cipher: None
Compression: Adaptive (From OpenVPN PIA file)
NAT: Enable
Inbound Firewall on TUN: Checked
Killswitch: Checked
IP Address: [blank]
Subnet Mask: [blank]
Tunnel UDP MSS-Fix: disable
Verify Server Cert.: unchecked
TLS Key Choice: Checked "TLS Auth"

CA Cert: REDACTED (From OpenVPN PIA file)

All other fields left blank
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Jun 02, 2021 8:38    Post subject: Reply with quote
AES-128-GCM is better and faster than AES-128-CBC

if your router supports it try "chachapoly"...,
also disable compression...

if you have more struggles with PIA, i also use PIA, so i can share my set up... sadly on Archer router, its CPU is slow and VPN performance is slow...but it works...

also if you decide add those to advanced VPN box
keepalive 10 120 --- this ping server to keep it alive (im not using it, but some ppl do)
pull-filter ignore "dhcp-option DNS" -- this ignores VPN DNS and uses your's
pull-filter ignore "ifconfig-ipv6" --- this disables IPv6config
pull-filter ignore "route-ipv6" ---- this disables ipv6 routes
reneg-sec 0 ----this disables renegotiation
server-poll-timeout 10 ----- this count 10 sec if there is a server timout
remote ro.privacy.network 1198 --- remote command sets your alternative VPN server,
so you can add more servers using this format...either use a name or IP i have list of 5 VPN servers; 1198 is the port they use, if you use any other port you can specify it in this format above...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum