Help with this issue please? IP Address is not hidden..

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
catchlight
DD-WRT Novice


Joined: 03 Sep 2020
Posts: 2

PostPosted: Thu Sep 03, 2020 0:51    Post subject: Help with this issue please? IP Address is not hidden.. Reply with quote
Hi All,

Any help would be greatly appreciated. I am using a
Linksys - WRT AC3200 Dual-Band WiFi 5 Router and have been using dd-wrt successfully for about 6 months but something has changed and I cant figure it out. It says I am connected to a PIA server but my ip address is not hidden. This is the "log" I see in the status tab. If you need more info, let me know and thanks in advance.

State
Client: WAIT
Local Address:
Remote Address:

Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 28
Auth read bytes 0
pre-compress bytes 0
post-compress bytes 0
pre-decompress bytes 0
post-decompress bytes 0

Log
Clientlog:
20200902 19:37:49 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20200902 19:37:49 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20200902 19:37:49 I OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200902 19:37:49 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200902 19:37:49 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200902 19:37:49 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200902 19:37:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200902 19:37:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]104.18.5.18:1198
20200902 19:37:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20200902 19:37:49 I UDPv4 link local: (not bound)
20200902 19:37:49 I UDPv4 link remote: [AF_INET]104.18.5.18:1198
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'state'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'status 2'
20200902 19:37:52 MANAGEMENT: Client disconnected
20200902 19:37:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200902 19:37:52 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8343

PostPosted: Thu Sep 03, 2020 4:22    Post subject: Reply with quote
That log does NOT indicate you are connected. Quite the opposite. It's in a WAIT state, attempting to connect to the OpenVPN server @ 104.18.5.18, port 1198, using udp, and there's no response.

Could just be a simple case of that particular server being down, maybe for maintenance.

That's why it's smart to add additional servers (in the form of remote directives) to Additional Config, so the OpenVPN client can try other servers, and find one that is hopefully up and running.

Code:
server-poll-timeout 10
remote <domain-name|ip> <port> <udp|tcp>
remote <domain-name|ip> <port> <udp|tcp>
remote <domain-name|ip> <port> <udp|tcp>


The server-poll-timeout directive limits (in secs) how long the OpenVPN client will wait for a successful connection w/ a given server/remote before giving up and trying another.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
ddwrt-ovpn-split-basic.sh (UPDATED!)
ddwrt-ovpn-split-advanced.sh (UPDATED!)
ddwrt-blacklist-domains.sh (UPDATED!)
ddwrt-ovpn-client-backup.sh
ddwrt-mount-usb-drives.sh
ddwrt-ovpn-remote-access.sh
ddwrt-pptp-policy-based-routing.sh
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3858
Location: UK, London, just across the river..

PostPosted: Thu Sep 03, 2020 17:01    Post subject: Reply with quote
LZO line means miss-configuration...as well i dont see the usual staff to confirm you are connected in the OpenVPN log

make sure you set an appropriate settings for PIA

1. make sure you have NTP time ...go to basic set up page and turn it on select your time zone (you can add IP if you want to use external NTP server) 216.239.35.4 - this is google NTP server
2. set: Port,Tunnel Protocol,Encryption Cipher,Hash Algorithm according to CA Cert used...
2048 requires port udp 1198, AES-128 GCM, SHA1
4096 requres port udp 1197, AES-256 GCM, SHA256

Inbound Firewall on TUN - thick that box
TLS Cipher - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
Compression - NO
NAT - enable
Firewall Protection - enable
Verify Server Cert. - tick that box
TLS Key choice - TLS Auth

in Additional Config:

persist-key
persist-tun
tls-client

remote-cert-tls server

ncp-disable
keepalive 10 120

first 3 are not needed on the new builds thats why its good to start with router model and current build running, its easy to identify problems and diagnose the set up..

'remote-cert-tls server' its not due unless you don't tick the 'Verify Server Cert' box in the OpenVPN set up...

for more info have a look on this recent discussion here... https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326273

you can also specify more servers to use if one fails in 10 seconds use eibgrad suggestions above...for more OpenVPN commands have a look at OpenVPN mans page, ggl it...

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Thu Sep 03, 2020 17:11; edited 1 time in total
catchlight
DD-WRT Novice


Joined: 03 Sep 2020
Posts: 2

PostPosted: Thu Sep 03, 2020 17:08    Post subject: Reply with quote
I will try these suggestions. I am just so frustrated with this whole process. Mostly from PIA. They just regurgitate the same information over and over. I am going to reset my router and try over from step one with this forums help, hopefully Very Happy Thank you for the replies.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6361
Location: Netherlands

PostPosted: Thu Sep 03, 2020 17:45    Post subject: Reply with quote
PIA is in a "transitional state" those are the words from their helpdesk.

Meaning it sucks at the moment.

See
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326414

How to setup.

Edit: Always state router model ( you did) and build number you are using an "old" build. I know your router sometimes works better on an old build. so I am not saying you have to upgrade

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum