[SOLVED] Help NordVPN OpenVPN client

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:09    Post subject: [SOLVED] Help NordVPN OpenVPN client Reply with quote
Hi All,

I am using a Netgear XR300 router for VPN access using NordVPN and OpenVPN client, so that any device connected to the XR3000 goes over the VPN .

The XR300 is connected to the internet via an ISP router with IP address 192.168.1.1.

I have followed the guide here https://forum.dd-wrt.com/phpBB2/download.php?id=48550

According to this thread https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399&postdays=0&postorder=asc&start=0 the XR300 is a rebranded rebranded R6700v3 and therefore I used the builds for the R6700v3.

I am using build r48646

However any device connected to the XR300 does not go over the VPN it will always go directly to the internet from the gateway router. This is with ìSource Routing (PBR)î set to ìRoute all sources to VPNî, I also added the command ìredirect-gateway def1î In "Additional Config".

In Status > OpenVPN The State is showing as "Client: CONNECTED SUCCESS" , but looking at the log the router seems to to connect / disconnect the NordVPN.

I am not a network export and have tried to follow the guide but maybe I missed something.

Attached are screen shots of the configuration I am using.

Any help appreciated.

Thanks.
Sponsor
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:12    Post subject: Reply with quote
And the OpenVPN config
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:19    Post subject: Reply with quote
Basic Settings
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:21    Post subject: Reply with quote
Services Setup
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Mon Apr 25, 2022 9:21    Post subject: Reply with quote
Try changing compression to disabled (not no)
_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:23    Post subject: Reply with quote
Services Advanced Routing and Routing Table
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 9:27    Post subject: Reply with quote
foz111 wrote:
Try changing compression to disabled (not no)


I already tried using Disabled but it's the same.

I also tried setting the router as Gateway and as Router, it is also the same.
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Mon Apr 25, 2022 9:38    Post subject: Reply with quote
Something wrong as its showing WAN as disabled in gateway mode. Check Ethernet cable.
ISP router LAN to xr300 WAN Port for gateway mode.

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 25, 2022 9:40    Post subject: Reply with quote
The WAN is disabled all traffic will bypass this router.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Apr 25, 2022 9:42    Post subject: Reply with quote
not sure why at Capture-setup-basicsetup.JPG WAN is disabled...
as well why you do specify local DNS in the local DNS box...

a normal client VPN on a Gateway router would've require
-WAN connection (ISP settings/static or dynamic or pppoe)
-and valid NTP time

is your router in a WAP mode.... ? than read carefully OpenVPN Client on a Wireless Access Point (WAP) section

as well show the advanced VPN config rules as some of those may not be needed...on the new builds...

if you follow and read the VPN guide, carefully... you should be up an running...

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Mon Apr 25, 2022 17:06; edited 1 time in total
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 11:14    Post subject: Reply with quote
Thanks for your replies.

It seems the bit I am strugling with is how to set up the XR300 as a cascaded router from the ISPs router. The VPN guides don't cover this.

I would like to have
- all devices on the XR300 sent ove the VPN only
- no need to connect directly to internet if VPN not there
- no need for devices from the XR300 LAN to connect with devices on the IPS router LAN

Can someone help a bit with the settings for that, please.

Thanks
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 25, 2022 11:26    Post subject: Reply with quote
Then reset to defaults and connect WAN from XR300 to LAN of the ISP router.

After reset make sure the XR300 has a different local IP address then the ISP router in the third octet, e.g. if your ISP router is 192.168.1.1 then set the XR300 as 192.168.2.1
Subnet /24

If you really want to stop XR300 clients viewing ISP clients add:
Code:
iptables -I FORWARD -d $(nvram get wan_ipaddr)/$(nvram get wan_netmask) -m state --state NEW -j REJECT


First test from CLI (telnet/Putty) and if it works Administration/Commands, Save as Firewall

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Apr 25, 2022 14:50    Post subject: Reply with quote
Looks as if the original plan was to set the XR300 up as a Wired Access Point with a VPN client, which I believe has been discussed and documented as well...
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
stephengrenfell
DD-WRT Novice


Joined: 24 Apr 2022
Posts: 13

PostPosted: Mon Apr 25, 2022 17:44    Post subject: Reply with quote
kernel-panic69 wrote:
Looks as if the original plan was to set the XR300 up as a Wired Access Point with a VPN client, which I believe has been discussed and documented as well...


Yes the plan was / is to set the XR300 up as a Wired Access Point with a VPN client.



Alozaros wrote:
not sure why at Capture-setup-basicsetup.JPG WAN is disabled...
as well why you do specify local DNS in the local DNS box...

a normal client VPN on a Gateway router would've require
-WAN connection (ISP settings/static or dynamic or pppoe)
-and valid NTP time

is your router in a WAP mode.... ? than read carefully OpenVPN Client on a Wireless Access Point (WAP) section

as well show the advanced VPN config rules as some of those may not be needed...on the new builds...

if you follow and read the VPN guide, carefully... you should be up an running...

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398


So back to basics.

I have reset router to factory settings.

The OpenVPN Client setup guide (pdf document) For NordVPN settings refers to this thread https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328049&highlight=nordvpn

So I followed the settings listed (listed below) and left all other settings at thier factory default.

Thus the WAN connection type is left as « Automatic Configuration DHCP » but ignore WAN DNS is checked. And the Operating Mode in Advanced Routing is left as « Gateway »

In accordance with « DD-WRT OpenVPN Client Setup Guide with NordVPN » thread I added only the following commands in Additional Config

verb 4
tun-mtu-extra 32
tun-mtu 1500
mssfix 1450I


The result is it will still not connect.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 25, 2022 17:55    Post subject: Reply with quote
You cannot reach the VPN server.

Do you have internet on the router when the VPN is disabled?
(you can disable VPN, your settings are retained)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum