Posted: Wed Jul 07, 2021 10:16 Post subject: [SOLVED] OpenVPN client no longer being used after holiday?
Hi everyone,
I have DD WRT setup with an OpenVPN client using NordVPN settings. When I left for my vacation, everything was working properly and my location was in the US so I could watch Hulu etc.
When I come back from my vacation, I have internet on my router, but my location shows up at home. If I change the OpenVPN client settings to something fake, I still have internet. This leads me to believe the OpenVPN client is just not being used.
I connect to the WiFi on my phone also, and still, my location is at home.
How can I check or debug why OpenVPN is no longer being used even though it's turned on and I changed no settings, I was on vacation? It's very strange.
I want to supply you with all the information needed. Please let me know what to give you.
Chances are the OpenVPN server is down, so try another.
You can set multiple servers see the OpenVPN client setup guide link in my signature.
OpenVPN log can be seen at Status/OpenVPN page, provided you have syslog enabled on Services page
OpenVPN clients have a tendency to go down and not recover so you often have to use a watchdog script to restart OpenVPN client or reboot the router.
Thank you for the reply. I would like to add that:
- I have tried over 7 different servers from NordVPN today. None of them show me as anywhere else other than at home.
- I have rebooted the router through DD WRT dashboard.
- Normally when a NordVPN server is down, I will just not have internet anymore. But in this case, the VPN is just not 'active'? Like if I enter wrong credentials, it should not give me internet. But I still have internet. So it seems to me like it's just not used or loaded.
Would it help if I posted the "OpenVPN log"?
Thanks again so much!
-Aaron
Edit: On OpenVPN log page, I see this (it's empty):
State
Client:
Local Address:
Remote Address:
Status
VPN Client Stats
Log
Clientlog:
Edit 2: I want to Services/Syslog and enabled it. Now I get this in Status/Syslog (but Status/OpenVPN is still empty):
Code:
System Log
Jul 7 15:16:08 DD-WRT syslog.info syslogd started: BusyBox v1.33.0
Jul 7 15:16:08 DD-WRT user.info : syslogd : daemon successfully started
Jul 7 15:16:08 DD-WRT user.info : ttraff : traffic counter daemon successfully started
Jul 7 15:16:08 DD-WRT user.debug : ttraff: data collection started
Jul 7 15:16:08 DD-WRT user.info : sfe : shortcut forwarding engine successfully stopped
Jul 7 15:16:08 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:08 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:09 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Jul 7 15:16:09 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 7 15:16:09 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Jul 7 15:16:09 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Jul 7 15:16:09 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Jul 7 15:16:09 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:09 DD-WRT user.info : dnsmasq : daemon successfully stopped
Jul 7 15:16:09 DD-WRT user.info : pptpd : daemon successfully stopped
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[1705]: started, version 2.84 cachesize 1500
Jul 7 15:16:09 DD-WRT daemon.warn dnsmasq[1705]: overflow: 40 log entries lost
Jul 7 15:16:09 DD-WRT user.info : hwmon : successfully started
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: started, version 2.84 cachesize 1500
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset no-auth cryptohash DNSSEC loop-detect no-inotify no-dumpfile
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq-dhcp[4322]: DHCP, IP range 192.168.2.100 -- 192.168.2.149, lease time 1d
Jul 7 15:16:09 DD-WRT user.info : dnsmasq : daemon successfully started
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain test
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain onion
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain localhost
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain local
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain invalid
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain bind
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: reading /tmp/resolv.dnsmasq
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain test
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain onion
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain localhost
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain local
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain invalid
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using only locally-known addresses for domain bind
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using nameserver 103.86.96.100#53
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using nameserver 103.86.99.100#53
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: using nameserver 192.168.86.1#53
Jul 7 15:16:09 DD-WRT daemon.info dnsmasq[4322]: read /etc/hosts - 2 addresses
Jul 7 15:16:09 DD-WRT user.info : sfe : shortcut forwarding engine successfully stopped
Jul 7 15:16:09 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:10 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:10 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Jul 7 15:16:10 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 7 15:16:10 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Jul 7 15:16:10 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Jul 7 15:16:10 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Jul 7 15:16:10 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:11 DD-WRT user.info : openvpn : OpenVPN daemon (Client) starting/restarting...
System Log
Jul 7 15:16:11 DD-WRT daemon.warn openvpn[4719]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-128-GCM:AES-256-GCM:AES-128-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphe
Jul 7 15:16:11 DD-WRT daemon.warn openvpn[4719]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Jul 7 15:16:11 DD-WRT daemon.warn openvpn[4719]: WARNING: file '/tmp/openvpncl/user.conf' is group or others accessible
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4719]: OpenVPN 2.5.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 4 2021
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4719]: library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.09
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jul 7 15:16:11 DD-WRT daemon.warn openvpn[4722]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jul 7 15:16:11 DD-WRT user.info : sfe : shortcut forwarding engine successfully started
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: TCP/UDP: Preserving recently used remote address: [AF_INET]62.182.99.126:1194
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Jul 7 15:16:11 DD-WRT daemon.warn openvpn[4722]: --mtu-disc is not supported on this OS
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: UDP link local: (not bound)
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: UDP link remote: [AF_INET]62.182.99.126:1194
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: TLS: Initial packet from [AF_INET]62.182.99.126:1194, sid=3f2f5a79 3b788d55
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
Jul 7 15:16:11 DD-WRT daemon.notice openvpn[4722]: NOTE: --mute triggered...
Jul 7 15:16:13 DD-WRT daemon.notice openvpn[4722]: 5 variation(s) on previous 3 message(s) suppressed by --mute
Jul 7 15:16:13 DD-WRT daemon.warn openvpn[4722]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Jul 7 15:16:13 DD-WRT daemon.warn openvpn[4722]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jul 7 15:16:13 DD-WRT daemon.notice openvpn[4722]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Jul 7 15:16:13 DD-WRT daemon.notice openvpn[4722]: [us6946.nordvpn.com] Peer Connection Initiated with [AF_INET]62.182.99.126:1194
Jul 7 15:16:14 DD-WRT daemon.notice openvpn[4722]: SENT CONTROL [us6946.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Jul 7 15:16:14 DD-WRT daemon.notice openvpn[4722]: AUTH: Received control message: AUTH_FAILED
Jul 7 15:16:14 DD-WRT daemon.notice openvpn[4722]: SIGTERM[soft,auth-failure] received, process exiting
So after following your advice, I actually looked into the Syslog and I saw that my credentials were wrong. How can that be? Well, I looked into it further, and it seems that NordVPN requires special credentials to login to the VPN service.
Before I was able to use my username and password of the account, but for the first time I had to switch to a different method. I have no idea when, how, or why that changed in the one week I was on vacation.
Glad you solved it the log already gave it away, AUTH_FAILED means wrong credentials.
Thank you!
Yeah, really strange because it was working fine when I left. But then upon returning, NordVPN is asking me to use special "server credentials" instead of my "account credentials". Maybe they did a low-key security upgrade while I was gone or who knows.
