Yes, "Remote Management" on the Administration tab is for WAN access, not LAN access. If you do enable SSH WAN access, then set up key-based authentication and disable password authentication. Then you can also set up and SSH tunnel in PuTTY to access the WebUI if you wish. Otherwise, leave everything there disabled as suggested. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
After quite a bit of tweaking (with VPN disabled) I got the router to correctly pass through access to the internet. When I turn on OVPN I start to get errors again.
Code:
root@DD-WRT:~# grep -i openvpn /var/log/messages
Dec 31 16:00:32 DD-WRT daemon.warn openvpn[1625]: Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
Dec 31 16:00:32 DD-WRT daemon.warn openvpn[1625]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Dec 31 16:00:32 DD-WRT daemon.err openvpn[1625]: Options error: You must define CA file (--ca) or CA path (--capath) and/or peer fingerprint verification (--peer-fingerprint)
Dec 31 16:00:32 DD-WRT daemon.warn openvpn[1625]: Use --help for more information.
Dec 31 16:00:32 DD-WRT user.info : [openvpn] : Error on startup, returncode 1
Sep 11 22:53:03 DD-WRT user.info : [openvpn] : OpenVPN daemon (Client) starting/restarting...
Sep 11 22:53:03 DD-WRT daemon.err openvpn[3052]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpncl/openvpn.conf:26: keysize (2.6.6)
Sep 11 22:53:03 DD-WRT daemon.warn openvpn[3052]: Use --help for more information.
Sep 11 22:53:03 DD-WRT user.info : [openvpn] : Error on startup, returncode 1
Joined: 18 Mar 2014 Posts: 12499 Location: Netherlands
Posted: Tue Sep 12, 2023 7:08 Post subject:
Please also post a screenshot of the basic setup page.
Some snippets from the OpenVPN Client SEtup Guide (recommended reading):
Quote:
Before we are going to deal with VPN settings first some remarks about DNS.
• On Setup/Basic Setup page make sure to tick/enable "Ignore WAN DNS"
• Gateway and local DNS should be kept at their default 0.0.0.0 (assuming the router is in default gateway mode)
• Static DNS 1 and 2 should be set to a publicly available working DNS server to your liking e.g. 1.1.1.1, 9.9.9.9, 8.8.8.8 etc.
Note: Do not use DNS servers from VPN providers!
Also:
Quote:
As a general warning all settings can be done in the GUI or are already done by DDWRT so to start:
Do not add anything in the Additional Config, (only exception is: verb 5 )
Do not add any firewall rules
Do not add any (startup) scripts
Carefully check your settings with the settings from the guide e.g.:
Tunnel protocol should be UDP4
Data ciphers should be set as AES-256-CBC, AES-256-GCM, AES-128-GCM
Inbound Firewall on TUN should be Enabled
Verify server certificate should be Enabled
Basic settings page after making suggested changes. Whenever I turned on "Ignore WAN DNS" I lose internet connectivity in the past so I had it turned off. I suspect it was because my static DNS wasn't set correctly. Seems to be working now.
I'm able to access google so the internet connection is now working with these settings. OVPN still not happy.
Code:
root@R6850:~# grep -i openvpn /var/log/messages
Dec 31 16:00:32 R6850 daemon.err openvpn[1623]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpncl/openvpn.conf:28: keysize (2.6.6)
Dec 31 16:00:32 R6850 daemon.warn openvpn[1623]: Use --help for more information.
Dec 31 16:00:32 R6850 user.info : [openvpn] : Error on startup, returncode 1
Dec 31 16:00:39 R6850 user.info : [openvpn] : OpenVPN daemon (Client) starting/restarting...
Dec 31 16:00:39 R6850 daemon.err openvpn[2058]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpncl/openvpn.conf:28: keysize (2.6.6)
Dec 31 16:00:39 R6850 daemon.warn openvpn[2058]: Use --help for more information.
Dec 31 16:00:39 R6850 user.info : [openvpn] : Error on startup, returncode 1
I checked in the /tmp/openvpncl/openvpn.conf and it appears keysize is set to 256.
That line was provided by the Privado guide so perhaps I should update it to something else? Here's what they recommended adding to the "Additional Configuration" section:
Code:
persist-key
persist-tun
persist-remote-ip
keysize 256
remote-cert-tls server
I can contact Privado about that. I can connect with my PC so assumed it was the configuration. If this is now an issue with the VPN, I can definitely work on that end. I saw the auth issue but wasn't sure if it was premature to assume it was the server authentication or perhaps something in my setup still submitting the wrong info. Thanks!
Looks like the city I selected was either full or not allowed. I'm using the free 10GB option for testing which is limited to 12 cities and possibly not all servers. I switched to another one and it seems to have connected. I checked my externally visible IP and it's now what I'd expect from the VPN. Looks like it's currently working and should be good enough to test if this is a viable fix.
So after a few minutes of this working, the VPN disconnected. I contacted support and they said that router based VPN is not supported on the free license. I don't know how they would know the system connecting is a router vs any other linux machine, but it appears they may be bumping me. I'll try a few more servers but I wanted to mention that now that the settings are correct, I'm seeing the VPN connection details on the status OVPN page most of the time.
I noticed it's possible to have multiple servers so I'm hoping I can add a few in there from the free cities and hopefully I can get enough testing to confirm if this fixes my issue and get a premium subscription for full support.
