Dual Router Set-up problems

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Tyoryn
DD-WRT Novice


Joined: 03 Aug 2019
Posts: 8

PostPosted: Sat Aug 03, 2019 11:27    Post subject: Dual Router Set-up problems Reply with quote
Modem/Router: Arris Surfboard 6900-ac
DDWRT Router: Netgear R6200v2

VPN: VPNUnlimited

So I have a few problems with my setup currently. Half the time the openVPN connection logs say "Cannot resolve host address: ca-tr.vpnunlimitedapp.com: Name or service not known" and when it does connect (which i cant figure out what is changing that sometimes it does, sometimes not) it says

Quote:
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:33 D MANAGEMENT: CMD 'log 500'


I have followed the guide provided by VPNUnlimited to the letter. I got it to connect the first time by using the exact additional config info in their openVPN config file rather than the one provided in their guide.

I have seen other threads with this same issue saying to remove all of the additional config but when I try that it doesnt even attempt to establish a connection.

I have made sure all firewalls are off, all pass-through enabled (though I have read that openVPN doesnt require pass-through), tried adding my DDWRT router to my arris' MAC pass-through, I tried changing LZO to disabled and adaptive as Ive seen in other threads.

I am completely stumped.

From the setup manual:
Quote:
Server IP or DNS Name: ca-tr.vpnunlimitedapp.com
Port and Protocol: You can select 1194 udp (ovpn default)
Tunnel device: Select TUN
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA512
Advanced Options: Enabled
TLS Cipher: TLS-DHE-RSA-WITH-AES-128-CBC-SHA or higher
LZO Compression: No
NAT: Enabled
Firewall Protection: Disabled
Tunnel UDP MSS-Fix: Disabled
Additional Config section: Paste the below data
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
remote-random
remote-cert-tls server
route-metric 1


Additional Config as seen in the config file generated by VPNUnlimited for the Certificates and Key:
Quote:
client
dev
tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
cipher AES-256-CBC
auth SHA512


Full VPN log most recent attempt:
Quote:
Serverlog Clientlog 20190803 07:12:30 I OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 7 2014
20190803 07:12:30 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20190803 07:12:30 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20190803 07:12:30 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20190803 07:12:30 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20190803 07:12:30 Socket Buffers: R=[180224->131072] S=[180224->131072]
20190803 07:12:30 N RESOLVE: Cannot resolve host address: ca-tr.vpnunlimitedapp.com: Name or service not known
20190803 07:12:30 N RESOLVE: Cannot resolve host address: ca-tr.vpnunlimitedapp.com: Name or service not known
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:32 D MANAGEMENT: CMD 'state'
20190803 07:12:32 MANAGEMENT: Client disconnected
20190803 07:12:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:12:33 D MANAGEMENT: CMD 'log 500'


Any help would be greatly appreciated, trying to work with VPNUnlimited customer service has been time consuming and achieved nothing.

Thanks.

EDIT:
I converted the domain for ca-tr.vpnunlimitedapp.com to its IP and put that in, now its connecting reliably but the 'state'/disconnect issue persists.

Full Log when connecting:
Quote:
Serverlog Clientlog 20190803 07:32:02 I OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 7 2014
20190803 07:32:02 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20190803 07:32:02 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20190803 07:32:02 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20190803 07:32:02 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20190803 07:32:02 Socket Buffers: R=[180224->131072] S=[180224->131072]
20190803 07:32:02 I UDPv4 link local: [undef]
20190803 07:32:02 I UDPv4 link remote: [AF_INET]204.187.100.82:1194
20190803 07:32:02 TLS: Initial packet from [AF_INET]204.187.100.82:1194 sid=c7390ede fd257b29
20190803 07:32:02 VERIFY OK: depth=1 C=US ST=NY L=New York O=Simplex Solutions Inc. OU=Vpn Unlimited CN=server.vpnunlimitedapp.com name=server.vpnunlimitedapp.com emailAddress=support@simplexsolutionsinc.com
20190803 07:32:02 Validating certificate key usage
20190803 07:32:02 NOTE: --mute triggered...
20190803 07:32:06 6 variation(s) on previous 3 message(s) suppressed by --mute
20190803 07:32:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:32:06 D MANAGEMENT: CMD 'state'
20190803 07:32:06 MANAGEMENT: Client disconnected
20190803 07:32:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:32:06 D MANAGEMENT: CMD 'state'
20190803 07:32:06 MANAGEMENT: Client disconnected
20190803 07:32:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:32:06 D MANAGEMENT: CMD 'state'
20190803 07:32:06 MANAGEMENT: Client disconnected
20190803 07:32:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20190803 07:32:07 D MANAGEMENT: CMD 'log 500'
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12840
Location: Netherlands

PostPosted: Sun Aug 04, 2019 7:31    Post subject: Reply with quote
That is the management interface connecting i.e. you looking at the page status/OpenVPN
That is normal

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Tyoryn
DD-WRT Novice


Joined: 03 Aug 2019
Posts: 8

PostPosted: Sun Aug 04, 2019 7:35    Post subject: Reply with quote
Ah, OK. Then the issue is that I'm still showing my true ip even tho the vpn is connected.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12840
Location: Netherlands

PostPosted: Sun Aug 04, 2019 10:14    Post subject: Reply with quote
reset both routers to defaults
make sure the R600v2 has a different IP address then the Arris

Do not disable the firewalls

OpenVPN does not need any pass through

I checked the unlimited setup instructions:
https://www.vpnunlimitedapp.com/en/info/manuals/dd-wrt-open-vpn-configuration-guide

It looks like it could work.
I would keep the Firewall protection set to ON but it is of minor importance

There is also the flashrouters guide:
https://flashrouters.zendesk.com/hc/en-us/articles/115000894647-VPN-Unlimited-OpenVPN-DD-WRT-Router-Setup-Guide

Differences are not important LZO compression is overrided by server unless you disable it (which you should probably not do)

The VPN unlimited guide uses an address which will hand out the real addresses you are going to use (like a DNS server for VPN servers) therefore you need the remote-random.

The flashrouter guide specifies the real name and sometimes name resolving is troublesome and you can use the IP address.

the differences between both guides are minor

If you setup and it is not working:

Post a picture of the OVPN settings page, and a picture of the OVPN status page, we need the whole page to have a look

BTW you did not tell us (or I missed) the build you are using, maybe you are using an obsolete build?
I would at least use a build with OVPN 2.4

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14129
Location: Texas, USA

PostPosted: Sun Aug 04, 2019 10:22    Post subject: Reply with quote
Not to mention that OpenVPN does not change the IP on the WAN in the UI AFAIK. Otherwise, someone wouldn't be requesting to have it added to the UI.

https://svn.dd-wrt.com/ticket/6716
Tyoryn
DD-WRT Novice


Joined: 03 Aug 2019
Posts: 8

PostPosted: Wed Aug 07, 2019 19:55    Post subject: Dual Router Set-up problems Reply with quote
Attached is a screen shot of my VPN settings. The certs and key are exactly what was provided by the VPN Unlimited config generator. These settings are from the flashrouters setup guide, and the OpenVPN Server/Daemon is enabled as well per that guide. The other screenshot is of the VPN connection Log.

I am running DDWRT build r24170.[/img]
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12840
Location: Netherlands

PostPosted: Wed Aug 07, 2019 20:21    Post subject: Reply with quote
Hmm, I see a couple of potential problems but actually no real show stoppers

LZO compression must be set to No
nsCertype verfication should not be ticked

OpenVPN server should not be enabled

Your build is 5 years old that could be a problem. at least it is a security risk, but it might work.

In the addtional config add:
Code:
verb 4


Reboot

Show picture of the whole OpenVPN status page

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum