Posted: Thu Oct 31, 2019 10:07 Post subject: Linksys wrt 1200 no VPN with newer dd-wrt version SOLVED
Hello,since a couple of years I am running on my Linksys wrt1200ac v2 an VPN client configured to nordvpn.It had always ddwrt stable version 30796 on it. It quite worked stable. Now I thought it is time to upgrade.so I upgraded to 41328. Everything seemed to work fine, but I can't get VPN client to work. Even on status report there isn't any entrance.I tried downgrading 1 by 1 lower and none works.Only from version 31791 from march 2017 it works again. But it has instable USB and nat.
Does anyone has same issue and is there a solution for it? Thanks very much
Eddie
PS:VPN protocol is openvpn
Last edited by eddie4crazy on Fri Nov 01, 2019 11:53; edited 1 time in total
Joined: 04 Aug 2018 Posts: 1444 Location: Appalachian mountains, USA
Posted: Thu Oct 31, 2019 15:08 Post subject:
Also, the last truly solid version for the WRT1200 was 40009. You might give that one a try. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Thanks for reply,
i just installed version 40009, as last reply suggested. I made an hard reset with the reset bottom and configured all again from beginning.
But no success. Openvpn on vpnclient doesnt even start.I will try to make an attachment, i hope i will manage it.
Joined: 04 Aug 2018 Posts: 1444 Location: Appalachian mountains, USA
Posted: Thu Oct 31, 2019 20:46 Post subject:
These OpenVPN settings are based on recommendations from a specific vpn provider? The AES-512 looks a bit suspicious. I didn't know vpn providers offered that.
Here is my note to myself on what was working for me with NordVPN until I moved recently to AirVPN. This was working on a WRT1900ACSv2 on BS build 40009:
The last line is strictly optional, but I liked having the vpn log in a file I could easily look at in the CLI using ssh (or putty, if you are on Windows). I can't say that these config commands are optimal, and I'm not enough of an expert to have an opinion. But I can say that they worked for me with Nord on 40009 for many months.
Before considering any of that, try connecting to the same nordvpn server from their phone app. Of if that is not possible, at least try pinging the server. Lately they have been retiring servers at a furious pace, so if you get no response to those tests, you may have to pick a different one. Their .ca and .tls files are the same now for all servers in the US, and perhaps for all their servers worldwide. I'm not sure. But if you are using really old ones, you may want to update them on the nord site (or pm me and I'll send them to you).
If those measures don't provide success, you need to look through the vpn log for clues or post the log (you can skip those initial MANAGEMENT warnings) here for the rest of us to see. (If you post any more images, best shrink them to 600-pixel width or less first.) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
I went back to 31791. Here the same config works .
Nordvpn used till about 5 months ago AES 256 with sja 1 authentification. They turned them all. Now they are almost or all in AES 500 with Sha 512.
i attach screenshot
in fact i dont know if they realy use AES512 as in status report is something mentioned with aes256.
But nordvpn support told me 5 months ago to change my configuration to aes 512 and to sha512 authentification, as my older configuration didnt work anymore
I tried suggestions. I changed aes to 256 and added the
additional config. I also downloaded recent server files from nordvpn, they are all up to date.
But no progression. Openvpn doesnt even starts
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Fri Nov 01, 2019 7:41 Post subject:
Well your old build is complaining about the cipher of 512 and Comp LZO
so cipher must be AES 256 and Comp LZO should probably be set to No (that is not important).
But more importantly did you get the new certificates from NordVPN?
Because new builds will often not work with old certificates.
Thanks guys, i got it solved.
i went through all your suggestions one after other.
None worked.
So i tried what is strictly recommended not to do.
" First and most important: never do a ‘Hard Reset’ aka 30/30/30!. It's unnecessary and you can harm your router.
*The ‘Hard Reset’ applies only to much older routers. If the router you are installing or upgrading DD-WRT on is a WRT1200, WRT1900, WRT3200 or a WRT32X a simple hold of the reset button (located on the back of the router) for 20 seconds while router is powered ON will clear NVRAM and restore router to defaults..."
Well i have done the 30/30/30 hard reset, from then it worked.
And yes,,,, i have done always an reset before also, but only with the reset buttom on the back side, not the 30/30/30.
Thanks for your help
PS: what exactly solved the problem is maybe still not realy clear, it also can be an mix off all suggestions, but what finaly made it work was the hard reset
Wiki strikes again; it's a running joke how many people have unnecessarily risked bricking their router doing a 30/30/30 from the ancient WRT54GL days.
Hardware Reset – Press and hold the Reset button at the back panel of the Linksys WRT3200ACM for about 10 seconds then release.
As i wrote, i have done always an reset with the hardware botton at the back of the modem. It never solved the problem of not starting the openvpn client.
But to avoid damaging the router, may it works too with telnet and erase nvram with reboot