Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Tue Aug 20, 2019 7:32 Post subject:
Regarding the NAT rule of router C (your OVPN server), only the second NAT rule works on your router, which is strange, either something in this build or in your particular setup, but not important for now.
I will make a note of it for future reference
Your diagnosis of the problem of your OVPN client is spot on
Recent K2.6 builds are broken
One of our esteemed forum members @KP69 not long ago revived a ticket, I will try to push also to correct this problem but it has been a long time already so not very high hopes.
(see: https://svn.dd-wrt.com/ticket/6373)
Joined: 08 May 2018 Posts: 14126 Location: Texas, USA
Posted: Tue Aug 20, 2019 8:29 Post subject:
wcnngt wrote:
I read the troubleshooting guide and it seems to be due to k2.6 not being able to execute external scripts. Is there any workaround other than finding a k3 build. My router is F7D4301v1 and according to the router database, the latest is a k2.6 build.
egc wrote:
Your diagnosis of the problem of your OVPN client is spot on
Recent K2.6 builds are broken
One of our esteemed forum members @KP69 not long ago revived a ticket, I will try to push also to correct this problem but it has been a long time already so not very high hopes.
(see: https://svn.dd-wrt.com/ticket/6373)
In the mean time try to find a K3.x build or go back to an earlier build in the ticket there is mentioning of 35531 so try that build
First off, thanks for the back-up and support on that ticket, egc. I don't consider myself anyone special, but I try to do what I can to help, thank you for the kind words
Unfortunately, there are no (trailed) K3.x builds for his device that I could find, so rolling back as far as at least 35531 is worth a try. One thing to keep in mind, is another ticket referenced in my ticket ( https://svn.dd-wrt.com/ticket/5784 ) about the invalid argument message in the shell via CLI. I never had issues with startup scripts in 35531 K2.6 build that I recall, but just something to keep in mind. My secondary choices to roll back to would probably be 33772 or as far back as 30880 for a K2.6 build.
Also, I found this thread: Belkin Play Max F7D4301v1 now partially supported .... so, this leads me to wonder, was FULL support ever really achieved to the point of configuring and compiling a (trailed or non-trailed) K3.x build? Somehow, I think that may have slipped through the cracks. I didn't read that thread in entirety, so NOT knowing off the top of my head whether the device is an nv60k or nv64k kinda leaves me with no logical suggestion on 'what to try' to flash up to K3.x, so, unless there is a means to de-brick, I wouldn't suggest trying a k3.x non-trailed mega build, but that is an option if someone feels like it's worth trying -- but ONLY if you have means to recover from a brick. You can read through that thread to see if there is any information that may be relevant. FWIW, there is NO wiki for that device, so someone needs to probably undertake writing one. Just thought I would chime in on this
I flashed the 35531 build and it worked. But the speed is at about 2-3Mbps. This is less than half of the speed if I connect by iPhone. I know that OpenVPN is cpu intensive and my client router is an old one. If I don’t care about security and just want to use the server ip to access the internet, are there any parameters I can tweak to speed up? Thanks a lot for all the helps.
Joined: 08 May 2018 Posts: 14126 Location: Texas, USA
Posted: Tue Aug 20, 2019 23:32 Post subject:
wcnngt wrote:
I flashed the 35531 build and it worked. But the speed is at about 2-3Mbps. This is less than half of the speed if I connect by iPhone. I know that OpenVPN is cpu intensive and my client router is an old one. If I don’t care about security and just want to use the server ip to access the internet, are there any parameters I can tweak to speed up? Thanks a lot for all the helps.
Depends on if you can overclock the CPU. From what it looks like on WikiDevi, there aren't any heatsinks, so that might require some modification to even think about it. Wikidevi doesn't state CPU speed, what does it say it is in the webUI? I do know there are some parameters that you can tweak via startup script and stuff, but it usually depends on how the defaults compare to the recommended tweaks. One thing to note is, the next public beta should fix shell scripts and openvpn in the k2.6 builds.
Physical alteration is beyond my reach. I was thinking of using less demanding encryption or switching to PPTP. Any thought?
kernel-panic69 wrote:
wcnngt wrote:
I flashed the 35531 build and it worked. But the speed is at about 2-3Mbps. This is less than half of the speed if I connect by iPhone. I know that OpenVPN is cpu intensive and my client router is an old one. If I don’t care about security and just want to use the server ip to access the internet, are there any parameters I can tweak to speed up? Thanks a lot for all the helps.
Depends on if you can overclock the CPU. From what it looks like on WikiDevi, there aren't any heatsinks, so that might require some modification to even think about it. Wikidevi doesn't state CPU speed, what does it say it is in the webUI? I do know there are some parameters that you can tweak via startup script and stuff, but it usually depends on how the defaults compare to the recommended tweaks. One thing to note is, the next public beta should fix shell scripts and openvpn in the k2.6 builds.
I flashed the 35531 build and it worked. But the speed is at about 2-3Mbps. This is less than half of the speed if I connect by iPhone. I know that OpenVPN is cpu intensive and my client router is an old one. If I don’t care about security and just want to use the server ip to access the internet, are there any parameters I can tweak to speed up? Thanks a lot for all the helps.
I used the vpn to connect a smart speaker which has country ip limit. Right after rebooting the router it worked. Then it might have timed out. I am not sure exactly when but Sep 5 23:44:31 looks suspicious.
Thanks.
egc wrote:
Can not see anything wrong with this, the management interface connecting and disconnecting is normal
Posted: Sat Sep 07, 2019 6:50 Post subject: Is this for installing Openvpn latest release on the VPS?
Hiya,
I briefly look at your thread but I couldn't understand what kind of Openvpn installation is it? Is this Openvpn automatic installation on the VPS with manual settings that will be asked during the installation progress?
I used the vpn to connect a smart speaker which has country ip limit. Right after rebooting the router it worked. Then it might have timed out. I am not sure exactly when but Sep 5 23:44:31 looks suspicious.
Thanks.
egc wrote:
Can not see anything wrong with this, the management interface connecting and disconnecting is normal
After how long do you have a disconnection?
Is it only if the connection is idle?
The entry you noticed at 23:44:31 has nothing to do with OpenVPN it is you logging in to the router, you can disregard this.
But one other thing I noticed, there seem to be two remote addresses into play:
I have been testing according to you recommendations. Changing it to TCP doesn’t work. The 2 IPs came from server DDNS didn’t update correctly. After I checked the “check external ip”, it works now.
I used the vpn to connect a smart speaker which has country ip limit. Right after rebooting the router it worked. Then it might have timed out. I am not sure exactly when but Sep 5 23:44:31 looks suspicious.
Thanks.
egc wrote:
Can not see anything wrong with this, the management interface connecting and disconnecting is normal
After how long do you have a disconnection?
Is it only if the connection is idle?
The entry you noticed at 23:44:31 has nothing to do with OpenVPN it is you logging in to the router, you can disregard this.
But one other thing I noticed, there seem to be two remote addresses into play:
One other thing I noticed: you have some AEAD decrypt error which sometimes can be seen because of MTU problems most of the time you can ignore this but if it is frequent use TCP instead of UDP (alternatively enable "Tunnel UDP MSS-Fix" sometimes helps)
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sun Sep 15, 2019 9:20 Post subject:
The one that stands out is:
Code:
20190913 21:23:10 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20190913 21:23:10 N TLS Error: TLS handshake failed
Usually meaning a network error so the server or client cannot reach each other over the network so check if you have intrnet access without the VPN and also:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable:
• Check server address/DDNS
• Check DDNS,
• Check port,
• Check Port Forward if server is not on the primary router.
• Check /disable firewall
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked. _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
The client router keeps trying but won’t connect. Why rebooting the client router helps it to connect immediately?
egc wrote:
The one that stands out is:
Code:
20190913 21:23:10 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20190913 21:23:10 N TLS Error: TLS handshake failed
Usually meaning a network error so the server or client cannot reach each other over the network so check if you have intrnet access without the VPN and also:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable:
• Check server address/DDNS
• Check DDNS,
• Check port,
• Check Port Forward if server is not on the primary router.
• Check /disable firewall
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.