Didn't work for me on a Dlink-DIR880L running DD-WRT v3.0-r48075 std (01/10/22) and DD-WRT v3.0-r44715 (11/03/20).
Seems on r48075 there is an issue with wget, had to use ssh to download and run the script.
On r44715 the command in the OP worked fine.
Result after configuring is unfortunately the same.
Any idea what could be wrong?
Code:
20220111 02:53:01 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20220111 02:53:01 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20220111 02:53:01 W DEPRECATED OPTION: --cipher set to 'CHACHA20-POLY1305' but missing in --data-ciphers (AES-128-GCM:AES-256-GCM:AES-128-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'CHACHA20-POLY1305' to --data-ciphers or change --cipher 'CHACHA20-POLY1305' to --data-ciphers-fallback 'CHACHA20-POLY1305' to silence this warning.
20220111 02:53:01 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20220111 02:53:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20220111 02:53:01 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20220111 02:53:01 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20220111 02:53:01 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20220111 02:53:01 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20220111 02:53:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20220111 02:53:01 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20220111 02:53:01 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20220111 02:53:01 I TCP/UDP: Preserving recently used remote address: [AF_INET]5.254.61.202:53
20220111 02:53:01 Socket Buffers: R=[180224->360448] S=[180224->360448]
20220111 02:53:01 I UDPv4 link local: (not bound)
20220111 02:53:01 I UDPv4 link remote: [AF_INET]5.254.61.202:53
20220111 02:53:01 TLS: Initial packet from [AF_INET]5.254.61.202:53 sid=6bf38958 ac5dce87
20220111 02:53:01 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20220111 02:53:01 VERIFY KU OK
20220111 02:53:01 Validating certificate extended key usage
20220111 02:53:01 ++ Certificate has EKU (str) TLS Web Server Authentication expects TLS Web Server Authentication
20220111 02:53:01 VERIFY EKU OK
20220111 02:53:01 VERIFY OK: depth=0 C=HK ST=Central L=HK O=Secure-Server OU=IT CN=Secure-Server name=changeme emailAddress=mail@host.domain
20220111 02:53:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220111 02:53:01 D MANAGEMENT: CMD 'state'
20220111 02:53:01 MANAGEMENT: Client disconnected
20220111 02:53:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220111 02:53:01 D MANAGEMENT: CMD 'state'
20220111 02:53:01 MANAGEMENT: Client disconnected
20220111 02:53:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220111 02:53:01 D MANAGEMENT: CMD 'state'
20220111 02:53:01 MANAGEMENT: Client disconnected
20220111 02:53:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220111 02:53:02 D MANAGEMENT: CMD 'status 2'
20220111 02:53:02 MANAGEMENT: Client disconnected
20220111 02:53:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220111 02:53:02 D MANAGEMENT: CMD 'log 500'
19691231 16:00:00