OpenVPN server setup guide by egc

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
deadeye09
DD-WRT Novice


Joined: 23 Jul 2018
Posts: 15

PostPosted: Fri Sep 27, 2019 22:05    Post subject: Reply with quote
AW JEEZE! It WAS the date/time! I assumed the date was correct because I was using an NTP server (nist1-lv.ustiming.org) but I guess it was giving me the wrong info for some reason? I switched to 0.pool.ntp.org and now the time is corrected. I looked back at your guide and found the part about the time being correct, and I remember checking the time up at the top of my router homepage and assumed it was off a few hours due to time zones or something. But it doesn't show the date and I didn't know the date was that far off until I started logging and saw December in there! Dangit! I knew it was something stupid. I even started from scratch twice to make sure that I didn't just miss a step.

Well, at least it now sort of connects, but now I just get warnings that I need to work through:
Fri Sep 27 15:54:05 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1570'
Fri Sep 27 15:54:05 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher AES-128-CBC'
Fri Sep 27 15:54:05 2019 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Fri Sep 27 15:54:05 2019 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

then I just get this message repeated a couple of times and then it disconnects.
Fri Sep 27 15:59:28 2019 AEAD Decrypt error: cipher final failed

They're probably all just issues with the settings and I'll try working through each one at a time when I have time. Thanks for your help!

I might have some feedback for your instructions that I'll put together if you're interested in getting some feedback from a complete newbie.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Sat Sep 28, 2019 6:40    Post subject: Reply with quote
deadeye09 wrote:
AW JEEZE! It WAS the date/time! I assumed the date was correct because I was using an NTP server (nist1-lv.ustiming.org) but I guess it was giving me the wrong info for some reason? I switched to 0.pool.ntp.org and now the time is corrected. I looked back at your guide and found the part about the time being correct, and I remember checking the time up at the top of my router homepage and assumed it was off a few hours due to time zones or something. But it doesn't show the date and I didn't know the date was that far off until I started logging and saw December in there! Dangit! I knew it was something stupid. I even started from scratch twice to make sure that I didn't just miss a step.

Well, at least it now sort of connects, but now I just get warnings that I need to work through:
Fri Sep 27 15:54:05 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1570'
Fri Sep 27 15:54:05 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher AES-128-CBC'
Fri Sep 27 15:54:05 2019 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Fri Sep 27 15:54:05 2019 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

then I just get this message repeated a couple of times and then it disconnects.
Fri Sep 27 15:59:28 2019 AEAD Decrypt error: cipher final failed

They're probably all just issues with the settings and I'll try working through each one at a time when I have time. Thanks for your help!

I might have some feedback for your instructions that I'll put together if you're interested in getting some feedback from a complete newbie.


Feedback is always welcome Smile

The time has to be right otherwise ceertificates are not valid like you have found out.

The link MTU warning you can ignore.
The 'auth' is used inconsistently, warning you can ignore

The cipher warning is due to server and client are not using the same cipher, the new cipher is the best to use that is AES-128-GCM, but both client and server have to use that.
The AEAD decrypt error also has to do with that.

Did you place " ncp-disable " in the additional config?

The comp-lzo warning you can also ignore although in both client it should be disabled (if you use a configuration file for a client there should be no "comp-lzo" in the file) and if both have it disabled (or at least use the same settings) the warning should be gone

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
deadeye09
DD-WRT Novice


Joined: 23 Jul 2018
Posts: 15

PostPosted: Mon Sep 30, 2019 15:18    Post subject: Reply with quote
Hmm, the reason for the cipher error is that on my version of DD-WRT, I only have AES-128 CBC (not GCM, all of my options are CBC instead of GCM). I just updated the client config to use CBC.

I accidentally left LZO Compression enabled on my router config (funny how many times I've gone over the settings, even started from scratch twice, and I still missed something like that).

Yep, I am using ncp-disable in the additional config because the guide mentioned that if I was using "Redirect default gateway" to use it (not sure what that does, but I only enabled it because I saw it in your screenshot).

But now I'm getting no errors and am able to connect! Thank you!

So, onto the feedback. When I created my certificates, it asked me for a "Challenge Password" and an "Optional Company Name". Not sure what these are used for as I was never asked for it again, but you might want to mention this in step 3 and step 4.

Also might want to provide directions on how to verify the date, because maybe the time in the top right might be correct, but it doesn't show the date and I don't know of anywhere else to verify the time AND date besides the logs (where I found out mine was WAY off). Perhaps bold that "Before you start check if the time is right on your router" and add "time AND DATE" to it for idiots like me.

I had other questions that I had written down, but they were answered while reading the guide further (the screenshots were GREAT at verifying I had the right settings).

I think that's it, but thanks again for doing this. This is BY FAR the best guide that I've read for setting up OpenVPN.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Mon Sep 30, 2019 16:02    Post subject: Reply with quote
Great you got it working and thanks for your feedback, I will look into it.
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
zeroprobe
DD-WRT Novice


Joined: 05 Oct 2015
Posts: 2

PostPosted: Thu Oct 03, 2019 21:09    Post subject: Reply with quote
I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT - Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:
WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE



Can you add this to the guide? I don't think it is mentioned?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Fri Oct 04, 2019 7:44    Post subject: Reply with quote
zeroprobe wrote:
I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT - Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:
WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE



Can you add this to the guide? I don't think it is mentioned?


Thanks for your feedback.

It is in step 8a on page 6.
Let me know if it is not clear or if you have trouble with it.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
zeroprobe
DD-WRT Novice


Joined: 05 Oct 2015
Posts: 2

PostPosted: Fri Oct 04, 2019 9:05    Post subject: Reply with quote
egc wrote:
zeroprobe wrote:
I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT - Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:
WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE



Can you add this to the guide? I don't think it is mentioned?


Thanks for your feedback.

It is in step 8a on page 6.
Let me know if it is not clear or if you have trouble with it.


Yes you are right, I got mixed up between guides. This command you mentioned also now works for me.

iptables -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Fri Oct 04, 2019 9:43    Post subject: Reply with quote
This is quote from this guide:

Quote:
A lot of existing guides are obsolete or wrong.


Wink Smile

But glad that it is working

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Zoot7
DD-WRT Novice


Joined: 07 Oct 2019
Posts: 6

PostPosted: Mon Oct 07, 2019 18:40    Post subject: Reply with quote
I can get OpenVPN to work in TAP mode, but unfortunately I can't use that with Android which is really where I want to use the VPN.

I've followed this guide to the letter (thanks for posting it), and it seems that I can't get the OpenVPN server to start on the router whenever I select Tun.

I've attached images of what I see in Status -> OpenVPN and the settings under Services -> VPN.

You can see that there's no mention of any server running in the status page, even after a reboot. The client of course fails to connect as a result.

Is this a common issue? Is there something I'm missing?

The router I have is a TP-Link Archer C7 V4 running v3.0-R40559.

It's disappointing considering the original TP-Link firmware had OpenVPN functionality that worked quite well, it just had a nasty bug that it would randomly drop PPPoE connections on the WAN port, hence why I'm here.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Mon Oct 07, 2019 19:12    Post subject: Reply with quote
If the server does not start it usually indicates a major setup fault.
Often the certificates/keys.
But in this case I suspect the netmask.
Use 255.255.255.0

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 4833
Location: Texas

PostPosted: Mon Oct 07, 2019 19:17    Post subject: Reply with quote
Zoot7,
I suggest to update the DD-WRT build you are using Rolling Eyes

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2019/
Zoot7
DD-WRT Novice


Joined: 07 Oct 2019
Posts: 6

PostPosted: Mon Oct 07, 2019 22:02    Post subject: Reply with quote
egc wrote:
If the server does not start it usually indicates a major setup fault.
Often the certificates/keys.
But in this case I suspect the netmask.
Use 255.255.255.0


Okay that was it - the server is now starting. I feel stupid now since I should have spotted that - Thank you! Smile

I can now also connect from outside the home network via the Android client on my phone, the only issue now is that I can't access the internet or my local server when connected to the VPN. I do have the firewall rules enabled in the guide.

New to all of this, I'd appreciate the help.

To be positive since the last poster probably thinks I'm complaining Wink, the nasty bug with WAN connection dropouts is gone since flashing DD-WRT. It boggles the mind that TP-Link couldn't get it right with their own firmware.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4203
Location: Netherlands

PostPosted: Tue Oct 08, 2019 7:34    Post subject: Reply with quote
When connected can you ping anything on your network?

Can you connect to your routers GUI itself when connected?

Can you show me the output of the following 4 commands (telnet/Putty to yout router):
Code:
nvram get wan_iface
nvram get wan_ifname
get_wanface
echo WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"


Can you post a picture of the Status/OpenVPN page from the router when you are connected (show the whole page)?

I am trying to establish if you can have traffic over the network.

Some pointers:
always test from outside your network so with your phone on cellular.
Check the LZO compression settings on client and router

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Zoot7
DD-WRT Novice


Joined: 07 Oct 2019
Posts: 6

PostPosted: Tue Oct 08, 2019 18:19    Post subject: Reply with quote
egc wrote:
When connected can you ping anything on your network?

Can you connect to your routers GUI itself when connected?

Can you show me the output of the following 4 commands (telnet/Putty to yout router):
Code:
nvram get wan_iface
nvram get wan_ifname
get_wanface
echo WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"


Can you post a picture of the Status/OpenVPN page from the router when you are connected (show the whole page)?

I am trying to establish if you can have traffic over the network.

Some pointers:
always test from outside your network so with your phone on cellular.
Check the LZO compression settings on client and router


So... when I connect with my phone from outside the WAN I can't access the internet regularly and I can't access any local IPs including my home server or the router's GUI either.

(The ping attempts time out)

Here are the outputs for the above commands:

Code:
root@DD-WRT:~# nvram get wan_iface
vlan2

root@DD-WRT:~# nvram get wan_ifname
vlan2

root@DD-WRT:~# get_wanface
ppp0

root@DD-WRT:~# echo WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
WAN_IF=ppp0


Here's the OpenVPN log after connecting.
Code:
Log
Serverlog:
19700101 00:00:33 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
19700101 00:00:33 I OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
19700101 00:00:33 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
19700101 00:00:33 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
19700101 00:00:33 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
19700101 00:00:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:40 Diffie-Hellman initialized with 2048 bit key
19700101 00:00:40 W WARNING: Your certificate is not yet valid!
19700101 00:00:40 I TUN/TAP device tun2 opened
19700101 00:00:40 TUN/TAP TX queue length set to 100
19700101 00:00:40 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
19700101 00:00:40 Socket Buffers: R=[172032->172032] S=[172032->172032]
19700101 00:00:40 I UDPv4 link local (bound): [AF_INET][undef]:1194
19700101 00:00:40 I UDPv4 link remote: [AF_UNSPEC]
19700101 00:00:40 MULTI: multi_init called r=256 v=256
19700101 00:00:40 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0
19700101 00:00:40 I Initialization Sequence Completed
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 D MANAGEMENT: CMD 'state'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 D MANAGEMENT: CMD 'state'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 D MANAGEMENT: CMD 'state'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 NOTE: --mute triggered...
20191008 19:12:50 1 variation(s) on previous 3 message(s) suppressed by --mute
20191008 19:12:50 D MANAGEMENT: CMD 'status 2'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 D MANAGEMENT: CMD 'status 2'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:12:50 D MANAGEMENT: CMD 'log 500'
20191008 19:12:50 MANAGEMENT: Client disconnected
20191008 19:13:09 213.233.147.95:41957 TLS: Initial packet from [AF_INET]213.233.147.95:41957 sid=a966730a 2ac175d0
20191008 19:13:09 213.233.147.95:41957 VERIFY OK: depth=1 C=IE ST=TP L=PiggyLand O=DickHead1 OU=Heneped CN=Fantasy name=World3 emailAddress=mfinnan101@gmail.com
20191008 19:13:09 213.233.147.95:41957 VERIFY OK: depth=0 C=IE ST=TP L=PiggyLand O=DickHead1 OU=Heneped CN=client1 name=World3 emailAddress=mfinnan101@gmail.com
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_VER=2.5_master
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_PLAT=android
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_PROTO=2
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_NCP=2
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZ4=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZ4v2=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZO=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_COMP_STUB=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_COMP_STUBv2=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_TCPNL=1
20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.8
20191008 19:13:09 W 213.233.147.95:41957 WARNING: 'link-mtu' is used inconsistently local='link-mtu 1569' remote='link-mtu 1549'
20191008 19:13:09 W 213.233.147.95:41957 WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher AES-128-GCM'
20191008 19:13:09 W 213.233.147.95:41957 WARNING: 'auth' is used inconsistently local='auth SHA256' remote='auth [null-digest]'
20191008 19:13:09 213.233.147.95:41957 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20191008 19:13:09 213.233.147.95:41957 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
20191008 19:13:09 213.233.147.95:41957 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20191008 19:13:09 213.233.147.95:41957 NOTE: --mute triggered...
20191008 19:13:10 213.233.147.95:41957 2 variation(s) on previous 3 message(s) suppressed by --mute
20191008 19:13:10 I 213.233.147.95:41957 [client1] Peer Connection Initiated with [AF_INET]213.233.147.95:41957
20191008 19:13:10 I client1/213.233.147.95:41957 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20191008 19:13:10 client1/213.233.147.95:41957 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_15e9437557c35a3b.tmp
20191008 19:13:10 client1/213.233.147.95:41957 MULTI: Learn: 10.8.0.2 -> client1/213.233.147.95:41957
20191008 19:13:10 client1/213.233.147.95:41957 MULTI: primary virtual IP for client1/213.233.147.95:41957: 10.8.0.2
20191008 19:13:11 client1/213.233.147.95:41957 PUSH: Received control message: 'PUSH_REQUEST'
20191008 19:13:11 client1/213.233.147.95:41957 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0' (status=1)
20191008 19:13:11 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed
20191008 19:13:12 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed
20191008 19:13:14 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed
20191008 19:13:16 client1/213.233.147.95:41957 NOTE: --mute triggered...
20191008 19:13:18 2 variation(s) on previous 3 message(s) suppressed by --mute
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 D MANAGEMENT: CMD 'state'
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 D MANAGEMENT: CMD 'state'
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 D MANAGEMENT: CMD 'state'
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 NOTE: --mute triggered...
20191008 19:13:18 1 variation(s) on previous 3 message(s) suppressed by --mute
20191008 19:13:18 D MANAGEMENT: CMD 'status 2'
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 D MANAGEMENT: CMD 'status 2'
20191008 19:13:18 MANAGEMENT: Client disconnected
20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20191008 19:13:18 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00


I see a Authenticate/Decrypt packet error: packet HMAC authentication failed, assuming this is the issue?

Regarding the LZO compression, is there a reason that you've specified to disable it in the guide? You mention re-enabling it above (I currently have it disabled)

On another note - thanks for all the help. Even getting this far is something with all the official guides being very far out of date. Smile
Zoot7
DD-WRT Novice


Joined: 07 Oct 2019
Posts: 6

PostPosted: Tue Oct 08, 2019 18:45    Post subject: Reply with quote
Here's a corresponding log from the client side after connecting.

The time of the AEAD Decrypt error: cipher final failed messages correspond to the Authenticate/Decrypt packet error: packet HMAC authentication failed on the server side.
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 7 of 8
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum