Connecting VPN to DD-WRT.

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Tue Jul 10, 2018 23:33    Post subject: Connecting VPN to DD-WRT. Reply with quote
Hello all, im trying to connect my vpn to my ddwrt router which is a nighthawk x6 r8000, and im using the info provided in my .ovpn that was created when i installed softether and openvpn on my nfo router, on the ddwrt page im putting all the configuration thats inside the .ovpn file but its not connercting, im getting this error

Client: RECONNECTING tls-error

and everything else is blank, not connecting

Local Address:
Remote Address:

Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 0
Auth read bytes

any help is much appreciated.
Back to top View user's profile Send private message
Sponsor
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Wed Jul 11, 2018 17:45    Post subject: Reply with quote
eibgrad wrote:
Not enough information to draw any conclusions. We need to see the OpenVPN status log too since it usually contains important messages. If the status log is empty, that usually means the error is so basic (syntax, invalid option, contradictory options, etc.), it can't even start. At that point we need to see exactly what you specified for each field in the OpenVPN client GUI, plus the details of the .ovpn file that you used to configure it (obviously you can edit out personal/security information).


heres the log

Code:
Clientlog:
19700109 11:37:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
19700109 11:37:01 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
19700109 11:37:01 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
19700109 11:37:01 I OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 19 2018
19700109 11:37:01 I library versions: OpenSSL 1.1.0g 2 Nov 2017 LZO 2.09
19700109 11:37:01 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700109 11:37:01 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
19700109 11:37:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700109 11:37:01 W WARNING: Your certificate is not yet valid!
19700109 11:37:01 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19700109 11:37:01 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19700109 11:37:01 I TCP/UDP: Preserving recently used remote address: [AF_INET]162.xxx.xx.xx:1194
19700109 11:37:01 Socket Buffers: R=[180224->180224] S=[180224->180224]
19700109 11:37:01 I UDPv4 link local: (not bound)
19700109 11:37:01 I UDPv4 link remote: [AF_INET]162.xxx.xx.xx:1194
19700109 11:37:01 TLS: Initial packet from [AF_INET]162.xxx.xx.xx:1194 sid=9b66315c 41617244
19700109 11:37:01 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
19700109 11:37:01 N VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=ChangeMe
19700109 11:37:01 N OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
19700109 11:37:01 N TLS_ERROR: BIO read tls_read_plaintext error
19700109 11:37:01 NOTE: --mute triggered...
19700109 11:37:01 2 variation(s) on previous 3 message(s) suppressed by --mute
19700109 11:37:01 I SIGUSR1[soft tls-error] received process restarting
19700109 11:37:01 Restart pause 5 second(s)
19700109 11:37:06 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
19700109 11:37:06 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700109 11:37:06 I TCP/UDP: Preserving recently used remote address: [AF_INET]162.xxx.xx.xx:1194
19700109 11:37:06 Socket Buffers: R=[180224->180224] S=[180224->180224]
19700109 11:37:06 I UDPv4 link local: (not bound)
19700109 11:37:06 I UDPv4 link remote: [AF_INET]162.xxx.xx.xx:1194
19700109 11:37:07 TLS: Initial packet from [AF_INET]162.xxx.xx.xx:1194 sid=56744c48 3ece160d
19700109 11:37:07 N VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=ChangeMe
19700109 11:37:07 N OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
19700109 11:37:07 N TLS_ERROR: BIO read tls_read_plaintext error
19700109 11:37:07 NOTE: --mute triggered...
19700109 11:37:07 2 variation(s) on previous 3 message(s) suppressed by --mute
19700109 11:37:07 I SIGUSR1[soft tls-error] received process restarting
19700109 11:37:07 Restart pause 5 second(s)
19700109 11:37:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700109 11:37:09 D MANAGEMENT: CMD 'state'
19700109 11:37:09 MANAGEMENT: Client disconnected
19700109 11:37:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700109 11:37:09 D MANAGEMENT: CMD 'state'
19700109 11:37:09 MANAGEMENT: Client disconnected
19700109 11:37:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700109 11:37:09 D MANAGEMENT: CMD 'state'
19700109 11:37:09 MANAGEMENT: Client disconnected
19700109 11:37:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700109 11:37:09 D MANAGEMENT: CMD 'status 2'
19700109 11:37:09 MANAGEMENT: Client disconnected
19700109 11:37:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700109 11:37:09 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00


in the openvpn client gui of ddwrt are some inputs i have to fill in like my ip address to the server, the username and password,
TLS Auth Key in which from my .ovpn file i put the code between <tls-auth></tls-auth>
into that slot, then ca cert in which in my .ovp file i put my the code between <ca></cert> into that slot, then public client cert in which i put the code from <cert</cert> into that slot, then private client key in which i put the code between <key></key> into that slot

heres the inside of my .ovpn file, i replaced the code with the words mycode.

Code:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 162.xxx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
mycode
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:7a:b3:c8:6c:ac:27:5e:44:d6:8c:c2:44:dd:63:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ChangeMe
        Validity
            Not Before: May 15 16:21:00 2018 GMT
            Not After : May 12 16:21:00 2028 GMT
        Subject: CN=iDon
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e3:74:30:4c:6d:67:56:26:71:5e:3c:81:f6:01:
                    40:57:8f:51:82:38:d1:19:e4:ea:3f:d9:3b:8d:e1:
                    11:f6:b2:5c:f4:a5:9d:73:27:72:de:4c:75:0b:a8:
                    0c:88:68:42:bf:3e:1f:8a:76:21:37:99:15:ff:87:
                    4e:47:98:e1:1a:c1:83:b0:a8:95:2e:96:46:45:82:
                    b7:91:3f:70:61:84:29:24:b5:94:23:b1:89:48:b6:
                    10:36:07:d7:3f:42:87:93:0e:60:e4:6d:4f:cd:8d:
                    71:41:ae:77:33:51:51:07:af:b4:4a:5b:1d:18:b9:
                    e1:c9:1e:50:7e:2b:ab:f2:70:32:46:ed:08:be:45:
                    7d:e3:62:b5:a3:58:e3:ab:4a:03:93:63:c2:bf:07:
                    7b:22:ad:4f:1f:05:d1:51:0f:fe:7f:dd:91:3a:a5:
                    cc:b2:96:94:46:de:0f:a0:9e:3e:d6:4b:a5:08:8c:
                    c8:a7:f6:13:2d:be:94:15:ec:db:a6:74:b7:cb:33:
                    32:82:af:f6:a6:8b:c9:d1:f3:18:00:a1:ac:c3:18:
                    de:1c:a1:ad:4e:d4:9e:72:ca:3b:ac:b4:5a:a3:8b:
                    82:11:0d:75:9f:9e:d6:3a:66:72:61:72:f3:b5:fc:
                    32:42:1f:80:61:66:b7:e8:ff:aa:84:93:71:f7:6c:
                    1b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                7B:C3:03:A3:FD:EF:34:1F:2C:9F:F7:9B:E4:61:94:C7:98:FE:FE:29
            X509v3 Authority Key Identifier:
                keyid:34:B9:7F:BE:98:CB:D7:E1:57:D9:6F:EF:C9:0C:8D:C6:1A:7B:2B:5B
                DirName:/CN=ChangeMe
                serial:98:16:67:52:45:14:7E:64

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         3b:dc:96:86:1e:52:1f:95:46:b0:19:32:4f:ed:88:34:34:0e:
         55:38:48:f9:18:9a:f9:ab:ec:d4:b5:df:c3:8a:22:41:0b:f2:
         ba:2e:8e:c6:89:2e:46:99:9c:5d:65:63:6b:0a:9d:c7:f0:a3:
         c5:4d:0b:05:24:2a:5c:88:6b:b3:61:27:69:78:1b:f8:62:5f:
         fc:d4:f3:8a:bd:ae:62:bc:31:46:02:d4:2e:a5:93:47:e9:03:
         cd:a9:d8:b1:08:61:6d:0c:43:7d:2b:fe:68:4c:1f:a9:44:c2:
         92:be:6f:25:0c:23:31:ee:a8:df:03:c0:64:c4:9c:ff:05:15:
         04:e8:3e:61:39:8a:b5:cf:2b:81:e1:47:ca:bd:2e:b5:97:c0:
         cd:b2:d1:7d:60:77:86:a5:f9:1b:8e:03:41:2c:4d:a9:f4:18:
         db:9f:43:f0:f9:51:11:2c:e4:68:20:86:45:2c:33:16:2a:7b:
         09:84:17:91:98:7d:7c:da:a3:c5:bb:a2:82:1b:39:79:4a:ff:
         e8:d9:6e:6b:a8:01:1b:85:0e:4b:17:59:9e:5c:b5:d4:81:43:
         91:3c:1c:50:60:b6:1c:cb:67:29:81:f1:03:7e:41:0c:37:ed:
         dc:aa:3b:4a:89:ff:ae:bd:04:41:54:62:0c:4e:37:1b:e8:51:
         f3:3f:ff:5f
-----BEGIN CERTIFICATE-----
mycode
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
mycode
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
mycode
-----END OpenVPN Static key V1-----
</tls-auth>


o i think im putting everything where it belongs. here are some pics of the openvpn client gui on the ddwrt


http://prntscr.com/k5aasv

http://prntscr.com/k5aba2

http://prntscr.com/k5abk5

please let me know if you see antyign wrong so i can correct it, thanks for the help
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Wed Jul 11, 2018 18:17    Post subject: Reply with quote
eibgrad wrote:
The problem (at least one of them) is identified in the following log entry.

19700109 11:37:07 N VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=ChangeMe

Your clock is not set properly, so it can't validate the certs!


how do i fix that? the server where the vpn is on its ubuntu 16.04.
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Wed Jul 11, 2018 18:40    Post subject: Reply with quote
eibgrad wrote:
That error message is coming from the OpenVPN client log, presumably the OpenVPN client running on the router. So it's that router's clock that's not properly set. And that's perhaps because you haven't enabled the NTP client on the Setup page (at bottom), or perhaps specified an invalid NTP server (which is optional, if nothing is specified, it uses a default server).


trying to find the correct ntp server and no luck
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 1:45    Post subject: Reply with quote
eibgrad wrote:
Xx_iDon_xX wrote:
eibgrad wrote:
That error message is coming from the OpenVPN client log, presumably the OpenVPN client running on the router. So it's that router's clock that's not properly set. And that's perhaps because you haven't enabled the NTP client on the Setup page (at bottom), or perhaps specified an invalid NTP server (which is optional, if nothing is specified, it uses a default server).


trying to find the correct ntp server and no luck


As I said, if you specify nothing for the ntp server (Server IP/Name field), it should still work. It will just use default ntp servers. If it still doesn't work for some reason, try time.apple.com


ok i put time.apple.com, applu settings and save and now it says this

Code:
Client: CONNECTED SUCCESS
Local Address: 10.8.0.2
Remote Address: 10.8.0.2

Status
VPN Client Stats
TUN/TAP read bytes   6798
TUN/TAP write bytes   0
TCP/UDP read bytes   4178
TCP/UDP write bytes   19718
Auth read bytes   0
pre-compress bytes   0
post-compress bytes   0
pre-decompress bytes   0
post-decompress bytes

Log
Clientlog:
20180711 21:35:26 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20180711 21:35:26 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20180711 21:35:26 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20180711 21:35:26 I OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 19 2018
20180711 21:35:26 I library versions: OpenSSL 1.1.0g 2 Nov 2017 LZO 2.09
20180711 21:35:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20180711 21:35:26 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20180711 21:35:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180711 21:35:26 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20180711 21:35:26 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20180711 21:35:26 I TCP/UDP: Preserving recently used remote address: [AF_INET]162.xxx.xx.xx:1194
20180711 21:35:26 Socket Buffers: R=[180224->180224] S=[180224->180224]
20180711 21:35:26 I UDPv4 link local: (not bound)
20180711 21:35:26 I UDPv4 link remote: [AF_INET]162.xxx.xx.xx:1194
20180711 21:35:26 TLS: Initial packet from [AF_INET]162.xxx.xx.xx:1194 sid=bff08b49 3641ab4d
20180711 21:35:26 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20180711 21:35:26 VERIFY OK: depth=1 CN=ChangeMe
20180711 21:35:26 VERIFY OK: nsCertType=SERVER
20180711 21:35:26 VERIFY OK: depth=0 CN=server
20180711 21:35:26 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1606' remote='link-mtu 1602'
20180711 21:35:26 W WARNING: 'mtu-dynamic' is present in local config but missing in remote config local='mtu-dynamic'
20180711 21:35:26 Control Channel: TLSv1.2 cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384 2048 bit RSA
20180711 21:35:26 I [server] Peer Connection Initiated with [AF_INET]162.xxx.xx.xx:1194
20180711 21:35:27 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20180711 21:35:27 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0'
20180711 21:35:27 OPTIONS IMPORT: timers and/or timeouts modified
20180711 21:35:27 NOTE: --mute triggered...
20180711 21:35:27 4 variation(s) on previous 3 message(s) suppressed by --mute
20180711 21:35:27 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180711 21:35:27 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20180711 21:35:27 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180711 21:35:27 NOTE: --mute triggered...
20180711 21:35:27 1 variation(s) on previous 3 message(s) suppressed by --mute
20180711 21:35:27 I TUN/TAP device tun1 opened
20180711 21:35:27 TUN/TAP TX queue length set to 100
20180711 21:35:27 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20180711 21:35:27 I /sbin/ifconfig tun1 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
20180711 21:35:27 /sbin/route add -net 162.xxx.xx.xx.39 netmask 255.255.255.255 gw 192.168.0.1
20180711 21:35:27 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
20180711 21:35:27 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
20180711 21:35:29 I Initialization Sequence Completed
20180711 21:35:37 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180711 21:35:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180711 21:35:46 D MANAGEMENT: CMD 'state'
20180711 21:35:46 MANAGEMENT: Client disconnected
20180711 21:35:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180711 21:35:46 D MANAGEMENT: CMD 'state'
20180711 21:35:46 MANAGEMENT: Client disconnected
20180711 21:35:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180711 21:35:46 D MANAGEMENT: CMD 'state'
20180711 21:35:46 MANAGEMENT: Client disconnected
20180711 21:35:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180711 21:35:46 D MANAGEMENT: CMD 'status 2'
20180711 21:35:46 MANAGEMENT: Client disconnected
20180711 21:35:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180711 21:35:46 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00


better then before but even though it says connected success on mt laptop its not connecting. I have the ssid for the vpn as follows on the screen shot, and it has an exclamation mark, and no internet access.

https://imgur.com/a/2Ik07dt
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 2:52    Post subject: Reply with quote
eibgrad wrote:
It does appear you are connected, and most things seem correct based on that log. But according to the VPN stats, there are no writes across the tunnel.

TUN/TAP read bytes 6798
TUN/TAP write bytes 0
TCP/UDP read bytes 4178
TCP/UDP write bytes 19718

That often means the compression settings are out-of-sync between the client and server. According the .ovpn file, it states the following directive for compression.

Code:
comp-lzo


Without an argument, it should default to adaptive. And according to a prior image of your config, you had specified Adaptive for the LZO Compression field (which maps down to the comp-lzo directive). So that would seem to be correct. I would try others settings for that option anyway to see if perhaps it helps.


so change the settings from lzo compression?

i tried all of them and still nothing, heres a pic

https://imgur.com/a/0eusr3i
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 3:25    Post subject: Reply with quote
eibgrad wrote:
Sometimes it's just a DNS problem. IOW, the connectivity is there, but just not DNS support. So if you use a browser to test connectivity, where you normally only reference domain names, it appears to not be working at all. Try to ping a public IP explicitly from a DOS prompt, e.g., ping 8.8.8.8


im new to this brother, how would i do that and from where?
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 3:45    Post subject: Reply with quote
eibgrad wrote:
https://iihelp.iinet.net.au/How_to_run_a_ping_test


but do i do it from te vpn server or my laptop and once i do the ping what am i looking for?
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 3:56    Post subject: Reply with quote
eibgrad wrote:
https://iihelp.iinet.net.au/How_to_run_a_ping_test


this is from my normal internet connection

C:\Users\xxx>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=51ms TTL=55
Reply from 8.8.8.8: bytes=32 time=49ms TTL=55
Reply from 8.8.8.8: bytes=32 time=50ms TTL=55
Reply from 8.8.8.8: bytes=32 time=40ms TTL=55

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 51ms, Average = 47ms

and this one from the vpn ssid

C:\Users\xxx>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Thu Jul 12, 2018 7:57    Post subject: Reply with quote
Ok here’s the thing, I have 2 routers, one main one and the second one is the DD-WRT which it’s for VPN use only. That’s why I said the VPN SSID. I never had a problem because I had a VPN paid subscription with another provider and I used their manual configuration for OpenVPN and it worked, I was able to use my second router for the VPN. So yes VPN SSID.
Back to top View user's profile Send private message
Xx_iDon_xX
DD-WRT Novice


Joined: 26 May 2018
Posts: 36
PostPosted: Fri Jul 13, 2018 0:51    Post subject: Reply with quote
eibgrad wrote:
Ok, that's fine. But I don't know these details. So when you say to me that ping works fine w/ the "normal internet connection", then say it doesn't work w/ "vpn ssid", then as I suspected, what you've done is used a different router for each test, which misses the point. Ideally I want to know if the **same** router supporting the OpenVPN client that doesn't respond to a ping when active/enabled, might also not be responding to a ping even if that OpenVPN client is inactive/disabled, which would suggest that something else is wrong on that router. But that's not what you did. You tested different routers.

I'm not trying to be critical here. I'm just trying to make it clear that you can't assume that I know such details, and that such details are not important. Just like I have to be careful in what I ask you to do because you may not be familiar w/ things like ping, YOU have to be as exacting as possible in describing your configuration in order for me to debug it.

That fact you're using a second router and that it worked previously, doesn't guarantee that simply changing VPN providers means it will work without issues. In fact, had I known that, I would have probably told you to reset that router to factory defaults and start over, because many times the prior configuration leaves artifacts that mess up the next configuration. Shouldn't normally be required, but these routers are not like other devices. They don't always cleanup nicely as you move from one configuration to another.

One last point. I'm assuming based on your initial post (and latest comments), that you are NOW using your own OpenVPN server rather than the prior paid, commercial OpenVPN/Softether server. And if that's the case, that further complicates matters since I don't know for sure if that OpenVPN/Softether server is configured properly. Not unless you tested it w/ some other OpenVPN client besides the router (e.g., an OpenVPN client running on Windows).

IOW, in the case of a commercial OpenVPN service provider, we *know* w/ 100% certainty that their servers work. And if we're having problems, it has to be the OpenVPN client. But I can't make such assumptions about your own OpenVPN server. Again, not unless you've confirmed that it works w/ some other OpenVPN client.

Frankly, I'm not even sure your OpenVPN/Softether server is running on some remote network. I've seen many ppl attempt to access their OpenVPN/Softether server from an OpenVPN client on the *same* local IP network, for testing purposes. And that won't typically work. The client and server *must* be on different local IP networks.


no problem, didnt mean to confuse you, and i believe that the ddwrt router was set to factory reset prior to this. heres what im getting now


Code:
Clientlog:
20180712 20:35:53 I [server] Inactivity timeout (--ping-restart) restarting
20180712 20:35:53 I SIGUSR1[soft ping-restart] received process restarting
20180712 20:35:53 Restart pause 5 second(s)
20180712 20:35:58 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20180712 20:35:58 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180712 20:35:58 I TCP/UDP: Preserving recently used remote address: [AF_INET]162.xxx.xx.xx:1194
20180712 20:35:58 Socket Buffers: R=[180224->180224] S=[180224->180224]
20180712 20:35:58 I UDPv4 link local: (not bound)
20180712 20:35:58 I UDPv4 link remote: [AF_INET]162.xxx.xx.xx:1194
20180712 20:35:58 TLS: Initial packet from [AF_INET]162.xxx.xx.xx:1194 sid=c022babf 213ad7bd
20180712 20:35:58 VERIFY OK: depth=1 CN=ChangeMe
20180712 20:35:58 VERIFY OK: depth=0 CN=server
20180712 20:35:58 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1606' remote='link-mtu 1602'
20180712 20:35:58 W WARNING: 'mtu-dynamic' is present in local config but missing in remote config local='mtu-dynamic'
20180712 20:35:58 Control Channel: TLSv1.2 cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384 2048 bit RSA
20180712 20:35:58 I [server] Peer Connection Initiated with [AF_INET]162.xxx.xx.xx:1194
20180712 20:35:59 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20180712 20:36:00 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0'
20180712 20:36:00 OPTIONS IMPORT: timers and/or timeouts modified
20180712 20:36:00 NOTE: --mute triggered...
20180712 20:36:00 4 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:36:00 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180712 20:36:00 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20180712 20:36:00 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180712 20:36:00 NOTE: --mute triggered...
20180712 20:36:00 1 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:36:00 I Preserving previous TUN/TAP instance: tun1
20180712 20:36:00 I Initialization Sequence Completed
20180712 20:36:10 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:36:19 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:36:29 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:36:40 NOTE: --mute triggered...
20180712 20:38:00 9 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:38:00 I [server] Inactivity timeout (--ping-restart) restarting
20180712 20:38:00 I SIGUSR1[soft ping-restart] received process restarting
20180712 20:38:00 Restart pause 5 second(s)
20180712 20:38:05 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20180712 20:38:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180712 20:38:05 I TCP/UDP: Preserving recently used remote address: [AF_INET]162.xxx.xx.xx:1194
20180712 20:38:05 Socket Buffers: R=[180224->180224] S=[180224->180224]
20180712 20:38:05 I UDPv4 link local: (not bound)
20180712 20:38:05 I UDPv4 link remote: [AF_INET]162.xxx.xx.xx:1194
20180712 20:38:05 TLS: Initial packet from [AF_INET]162.xxx.xx.xx:1194 sid=9b7ea7b9 c5d6cf70
20180712 20:38:05 VERIFY OK: depth=1 CN=ChangeMe
20180712 20:38:05 VERIFY OK: depth=0 CN=server
20180712 20:38:05 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1606' remote='link-mtu 1602'
20180712 20:38:05 W WARNING: 'mtu-dynamic' is present in local config but missing in remote config local='mtu-dynamic'
20180712 20:38:05 Control Channel: TLSv1.2 cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384 2048 bit RSA
20180712 20:38:05 I [server] Peer Connection Initiated with [AF_INET]162.xxx.xx.xx:1194
20180712 20:38:06 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20180712 20:38:06 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0'
20180712 20:38:06 OPTIONS IMPORT: timers and/or timeouts modified
20180712 20:38:06 NOTE: --mute triggered...
20180712 20:38:06 4 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:38:06 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180712 20:38:06 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20180712 20:38:06 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20180712 20:38:06 NOTE: --mute triggered...
20180712 20:38:06 1 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:38:06 I Preserving previous TUN/TAP instance: tun1
20180712 20:38:06 I Initialization Sequence Completed
20180712 20:38:16 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:38:26 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:38:36 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:38:46 NOTE: --mute triggered...
20180712 20:38:58 2 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:38:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:38:58 D MANAGEMENT: CMD 'state'
20180712 20:38:58 MANAGEMENT: Client disconnected
20180712 20:38:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:38:58 D MANAGEMENT: CMD 'state'
20180712 20:38:58 MANAGEMENT: Client disconnected
20180712 20:38:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:38:58 D MANAGEMENT: CMD 'state'
20180712 20:38:58 MANAGEMENT: Client disconnected
20180712 20:38:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:38:58 D MANAGEMENT: CMD 'status 2'
20180712 20:38:58 MANAGEMENT: Client disconnected
20180712 20:38:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:38:58 D MANAGEMENT: CMD 'log 500'
20180712 20:38:59 MANAGEMENT: Client disconnected
20180712 20:39:06 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:39:16 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:39:26 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
20180712 20:39:36 NOTE: --mute triggered...
20180712 20:40:00 3 variation(s) on previous 3 message(s) suppressed by --mute
20180712 20:40:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:40:00 D MANAGEMENT: CMD 'state'
20180712 20:40:00 MANAGEMENT: Client disconnected
20180712 20:40:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:40:00 D MANAGEMENT: CMD 'state'
20180712 20:40:00 MANAGEMENT: Client disconnected
20180712 20:40:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:40:00 D MANAGEMENT: CMD 'state'
20180712 20:40:00 MANAGEMENT: Client disconnected
20180712 20:40:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:40:00 D MANAGEMENT: CMD 'status 2'
20180712 20:40:00 MANAGEMENT: Client disconnected
20180712 20:40:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180712 20:40:00 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00


i dont know how is connecting succesfully and not working.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum