Linksys wrt 1200 no VPN with newer dd-wrt version SOLVED

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Thu Oct 31, 2019 10:07    Post subject: Linksys wrt 1200 no VPN with newer dd-wrt version SOLVED Reply with quote
Hello,since a couple of years I am running on my Linksys wrt1200ac v2 an VPN client configured to nordvpn.It had always ddwrt stable version 30796 on it. It quite worked stable. Now I thought it is time to upgrade.so I upgraded to 41328. Everything seemed to work fine, but I can't get VPN client to work. Even on status report there isn't any entrance.I tried downgrading 1 by 1 lower and none works.Only from version 31791 from march 2017 it works again. But it has instable USB and nat.
Does anyone has same issue and is there a solution for it? Thanks very much
Eddie
PS:VPN protocol is openvpn


Last edited by eddie4crazy on Fri Nov 01, 2019 11:53; edited 1 time in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Oct 31, 2019 13:13    Post subject: Reply with quote
If the status report is empty it indicates a major setup problem it indicates that OpenVPN is not started.
Ususally wrong keys/certificates.

Did you reset to defaults and put settings in manually (never restore from a backup file when switching between versions) ?

If so post a picture of the OVPN settings page so that we can have a look.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Thu Oct 31, 2019 15:08    Post subject: Reply with quote
Also, the last truly solid version for the WRT1200 was 40009. You might give that one a try.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Thu Oct 31, 2019 20:26    Post subject: Reply with quote
Thanks for reply,
i just installed version 40009, as last reply suggested. I made an hard reset with the reset bottom and configured all again from beginning.
But no success. Openvpn on vpnclient doesnt even start.I will try to make an attachment, i hope i will manage it.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Thu Oct 31, 2019 20:46    Post subject: Reply with quote
These OpenVPN settings are based on recommendations from a specific vpn provider? The AES-512 looks a bit suspicious. I didn't know vpn providers offered that.

Here is my note to myself on what was working for me with NordVPN until I moved recently to AirVPN. This was working on a WRT1900ACSv2 on BS build 40009:

1194, TUN, UDP, AES-256 CBC, SHA512, user/pass, TLS Cipher=none, LZO Compression, NAT, firewall, Tunnel MTU=1500, Tunnel UDP MSS-Fix disabled, NordVPN TLS Auth Key and CA Cert. Additional Config:

remote-cert-tls server
tun-mtu-extra 32
mssfix 1450
ping-timer-rem
reneg-sec 0
log /tmp/vpn.log

The last line is strictly optional, but I liked having the vpn log in a file I could easily look at in the CLI using ssh (or putty, if you are on Windows). I can't say that these config commands are optimal, and I'm not enough of an expert to have an opinion. But I can say that they worked for me with Nord on 40009 for many months.

Before considering any of that, try connecting to the same nordvpn server from their phone app. Of if that is not possible, at least try pinging the server. Lately they have been retiring servers at a furious pace, so if you get no response to those tests, you may have to pick a different one. Their .ca and .tls files are the same now for all servers in the US, and perhaps for all their servers worldwide. I'm not sure. But if you are using really old ones, you may want to update them on the nord site (or pm me and I'll send them to you).

If those measures don't provide success, you need to look through the vpn log for clues or post the log (you can skip those initial MANAGEMENT warnings) here for the rest of us to see. (If you post any more images, best shrink them to 600-pixel width or less first.)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Oct 31, 2019 21:06    Post subject: Reply with quote
I agree AES 512 must be wrong.
It should be AES 256

Also use the settings in additional config like @Surpriseditworks recommends

Also check that the certicates are complete with the END line and the 5 dashes at the end.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Thu Oct 31, 2019 21:59    Post subject: Reply with quote
I went back to 31791. Here the same config works .
Nordvpn used till about 5 months ago AES 256 with sja 1 authentification. They turned them all. Now they are almost or all in AES 500 with Sha 512.
i attach screenshot
in fact i dont know if they realy use AES512 as in status report is something mentioned with aes256.
But nordvpn support told me 5 months ago to change my configuration to aes 512 and to sha512 authentification, as my older configuration didnt work anymore
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Thu Oct 31, 2019 22:42    Post subject: Reply with quote
I tried suggestions. I changed aes to 256 and added the
additional config. I also downloaded recent server files from nordvpn, they are all up to date.
But no progression. Openvpn doesnt even starts
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Nov 01, 2019 7:41    Post subject: Reply with quote
Well your old build is complaining about the cipher of 512 and Comp LZO
so cipher must be AES 256 and Comp LZO should probably be set to No (that is not important).

But more importantly did you get the new certificates from NordVPN?
Because new builds will often not work with old certificates.

Actually just follow Nord's own advise:
https://support.nordvpn.com/Connectivity/Router/1047410342/DD-WRT-setup-with-NordVPN.htm

But use the settings for Addtional Config like @SurpirseditWorks advised you.

Most important is probably to get the new certificates from NordVPN.

Another thing reset to defaults and put settings in manually when upgrading to a new build if you experience problems.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Fri Nov 01, 2019 11:48    Post subject: Reply with quote
Thanks guys, i got it solved.
i went through all your suggestions one after other.
None worked.
So i tried what is strictly recommended not to do.

" First and most important: never do a ‘Hard Reset’ aka 30/30/30!. It's unnecessary and you can harm your router.

*The ‘Hard Reset’ applies only to much older routers. If the router you are installing or upgrading DD-WRT on is a WRT1200, WRT1900, WRT3200 or a WRT32X a simple hold of the reset button (located on the back of the router) for 20 seconds while router is powered ON will clear NVRAM and restore router to defaults..."


Well i have done the 30/30/30 hard reset, from then it worked.
And yes,,,, i have done always an reset before also, but only with the reset buttom on the back side, not the 30/30/30.
Thanks for your help

PS: what exactly solved the problem is maybe still not realy clear, it also can be an mix off all suggestions, but what finaly made it work was the hard reset
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Nov 01, 2019 16:53    Post subject: Reply with quote
Great you got it solved.

The best i.c. most thorough way to reset is running these commands from the CLI/putty:
Code:
nvram erase && reboot


At least it is for Broadcom and Atheros, I don't know if this also applies to Marvell

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Fri Nov 01, 2019 18:13    Post subject: Reply with quote
Wiki strikes again; it's a running joke how many people have unnecessarily risked bricking their router doing a 30/30/30 from the ancient WRT54GL days.

Hardware Reset – Press and hold the Reset button at the back panel of the Linksys WRT3200ACM for about 10 seconds then release.

Source: https://www.linksys.com/us/support-article?articleNum=208662#t1

nvram erase && reboot works too

A factory reset from within GUI or during upgrade only writes default config and certainly does not clear nvram like the above two methods.
eddie4crazy
DD-WRT Novice


Joined: 29 Oct 2019
Posts: 17

PostPosted: Fri Nov 01, 2019 21:50    Post subject: Reply with quote
As i wrote, i have done always an reset with the hardware botton at the back of the modem. It never solved the problem of not starting the openvpn client.
But to avoid damaging the router, may it works too with telnet and erase nvram with reboot
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum