Problem with OpenVPN (PureVPN) client configuration

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Sun May 31, 2020 19:08    Post subject: Problem with OpenVPN (PureVPN) client configuration Reply with quote
Hello,

I am a new user and after a recent purchase of a Linksys e900 to have it dedicated to VPN (PureVPN) connections, I am working on the following setup:

Router 1: ISP modem/router (standard firmware) LAN <-> Router 2: WAN Linksys e900 (DD-WRT v3.0-r43209 mega (05/21/20))

Router 1 is on subnet 192.168.1.1 (DHCP enabled with reserved IP for Router 2: 192.168.1.224)

Router 2 is on subnet 192.168.2.1, below the screenshots with current configuration.

With regard to setting up the VPN with PureVPN, I have used the script in the second post of this thread (I have replaced server keys/certs with latest from purevpn): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=307250

Now the problem: as long as I do not enable the OpenVPN client, I can perfectly use the Router 2 to access internet, so the network configuration seems to be fine.
When I enable OpenVPN client, I do not have internet connection and also I can not access the webgui of the Router 2 - I have to use a wired PC to Router 2 connection to see the webgui again.

Any suggestion to solve the issue and have a successful connection through the OpenVPN client?

Many thanks in advance for your help!









Last edited by vedderMI on Sun May 31, 2020 21:04; edited 1 time in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun May 31, 2020 20:40    Post subject: Reply with quote
I have not looked into detail but the gateway should be left at its default 0.0.0.0 and not at the routers ip address.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Sun May 31, 2020 21:02    Post subject: Reply with quote
egc wrote:
I have not looked into detail but the gateway should be left at its default 0.0.0.0 and not at the routers ip address.


Updated 0.0.0.0 for gateway, but still no connection with openvpn.

Unfortunately, as I cannot load the webgui after starting openVPN client, I don't know how to check the openvpn syslog and then post it here.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun May 31, 2020 21:31    Post subject: Reply with quote
If you "Save" and "Apply", you probably won't get any joy. "Save" (twice or three times, if you choose!) and "Reboot".
If you are using a Chromium-based browser, that is likely 90% of your problem.
I'm not going to expound for the 83230894038403840284023948320842038th time.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Sun May 31, 2020 21:57    Post subject: Reply with quote
kernel-panic69 wrote:
If you "Save" and "Apply", you probably won't get any joy. "Save" (twice or three times, if you choose!) and "Reboot".
If you are using a Chromium-based browser, that is likely 90% of your problem.
I'm not going to expound for the 83230894038403840284023948320842038th time.


This is not the case: I have rebooted every time after change of settings.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Jun 01, 2020 9:51    Post subject: Reply with quote
Post a picture of the OpenVPN status page (whole page)

I saw you have NAT disabled, usually NAT should be enabled for commercial OpenVPN providers

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Mon Jun 01, 2020 16:09    Post subject: Reply with quote
egc wrote:
Post a picture of the OpenVPN status page (whole page)

I saw you have NAT disabled, usually NAT should be enabled for commercial OpenVPN providers


I tried enabling the NAT, still no connection.

I can not access the GUI (tried also ssh) after having enabled the OpenVPN client in order to post the log. For the sake of clarity I recap the current status:

1) With current settings (as first post), and OpenVPN client OFF, I can normally access GUI and connect to internet through Router 2;

2) once I enable OpenVPN client, no more access to GUI or internet connection;

3) the only way to load GUI is to turn off the router 2, and make a LAN to PC wired connection, then turn it back ON;

4) by performing 3) I can now access the status page with OpenVPN logs, but (correct me if I am wrong) the log reported here should be not meaningful as it represents the activity since Router 2 was ON again -> i.e. once connected LAN to PC (to allow me to load GUI again)

How should I proceed to solve accessibility to GUI and post relevant log to finally understand what is the issue with the OpenVPN settings?

Many thanks for the help
Medo
DD-WRT Novice


Joined: 23 Apr 2020
Posts: 6

PostPosted: Mon Jun 01, 2020 22:46    Post subject: Reply with quote
I am using purevpn with almost same settings you applied except
1- mss fix disabled
2- nat enabled
3- ipv6 disabled
4- linksys e900 on wan port

Just try may be it can help , otherwise reset to factory and enter everything manually, no need for a script.
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Tue Jun 02, 2020 1:08    Post subject: Reply with quote
egc wrote:
Post a picture of the OpenVPN status page (whole page)

I saw you have NAT disabled, usually NAT should be enabled for commercial OpenVPN providers


This time after enabling the opnevpn client, i just clicked on apply without rebooting: I managed to access the openvpn status log for a short time - below the screenshot with the log.

I have enabled NAT as your suggestion, plus also applied suggestions posted by Medo (disabled Mss fix and IPv6).


Last edited by vedderMI on Fri Jun 05, 2020 11:27; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jun 02, 2020 6:37    Post subject: Reply with quote
First of all why can you not see the OpenVPN status page when you reboot?

How are you connected to the router?

The settings PureVPN is pushing are Encryption cipher AES-256-GCM (and not CBC) and Compression: NO

But that should not stop you from getting a connection.

The fact that you cannot connect to the router when you reboot with VPN enabled, the fact that you have entered a time server (DDWRT works best when no time server is specified) the fact that you had entered a Gateway address led me starting to believe that there might be something wrong in your general setup

Perhaps reset to defaults and only change the Routers IP address from 192.168.1.1 to 192.168.2.1 and then setup OpenVPN so that you know the router is setup correctly

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Fri Jun 05, 2020 11:25    Post subject: Reply with quote
egc wrote:
Perhaps reset to defaults and only change the Routers IP address from 192.168.1.1 to 192.168.2.1 and then setup OpenVPN so that you know the router is setup correctly


Finally, I had some time to perform an hard reset and reconfigure as you suggested: 1) changed subnet to 192.168.2.1; 2) manually (no script) entered OpenVPN configuration settings, this time enabling NAT and disabling MSS-fix.

Result: everything works fine! Very Happy

Now, would you suggest me to further improve this basic configuration by (e.g.) adding a kill switch options or other settings that should improve the connection / general setup?
One thing that I was testing: I have a reserved IP for router 2 in router 1 config, but I can not load the webgui from a pc connected on subnet 1...



Thanks a lot to all for the help!


Last edited by vedderMI on Fri Jun 05, 2020 11:36; edited 1 time in total
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Fri Jun 05, 2020 11:31    Post subject: Reply with quote
Medo wrote:
I am using purevpn with almost same settings you applied except
1- mss fix disabled
2- nat enabled
3- ipv6 disabled
4- linksys e900 on wan port

Just try may be it can help , otherwise reset to factory and enter everything manually, no need for a script.


Hi, what settings do you have for PureVPN in "additional config" ?

I nowI have only this two lines:
reneg-sec 0
ping 10

Many thanks
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jun 05, 2020 11:47    Post subject: Reply with quote
Great to hear you got it working

Curious what @Medo has for settings in additional config.

In general you should not need anything Smile
Some providers tell you to add:
reneg-sec 0

This means that no new key is renegotiated (normally every hour), a slight security risk, but some connections are lost and not recovered on key negotiation

A useful addition is to keep the connection alive:
keepalive 10 120
(the ping 10 is part of this command)

Sometimes upping the send and receive buffer can give you a slight improvement but on these lower specced routers you will loose valuable memory

Very useful and if I was in charge I made it default, is to select (tick/enable) the "Inbound firewall on TUN"
This was one of the later additions when @eibgrad found out that PureVPN had no firewall at all so when connected to PureVPN your router and network was wide open to the internet (All other providers had their own firewall so that you were not exposed)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Medo
DD-WRT Novice


Joined: 23 Apr 2020
Posts: 6

PostPosted: Sun Jun 07, 2020 23:19    Post subject: Reply with quote
vedderMI wrote:
Medo wrote:
I am using purevpn with almost same settings you applied except
1- mss fix disabled
2- nat enabled
3- ipv6 disabled
4- linksys e900 on wan port

Just try may be it can help , otherwise reset to factory and enter everything manually, no need for a script.


Hi, what settings do you have for PureVPN in "additional config" ?

I nowI have only this two lines:
reneg-sec 0
ping 10

Many thanks


Hi VedderMI, Glad you get it working.

as egc mentioned, No need to add any additional configuration except keep alive and there are no specific recommendations from purevpn.

Previously, I added some commands from the .ovpn file as they are common with all providers but didn't notice any difference.

persist-key
persist-tun
nobind
remote-cert-tls server
vedderMI
DD-WRT Novice


Joined: 27 May 2020
Posts: 8

PostPosted: Thu Jun 11, 2020 9:22    Post subject: Reply with quote
Thanks Medo and egc,
I indeed cleaned the additional config box, and left only:
keepalive 10 120

The PureVPN connection seems now working, except for the fact that some streaming providers detect the fact that I am using a VPN/proxy server. I contacted PureVPN support, they suggested a couple of different servers where to connect but...didn't work at all.

One more question:
While trying to complete the general configuration of my home network, I can not access router 2 webgui (192.168.1.xxx - reserved IP for router 2 set on router 1) from a pc in subnet 1. I have enabled webgui remote access option in router 2....as I wrote, together with reserving an IP in router 1 configuration. What else should I configure?

Many thanks again for the help!
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum