Netgear R7000 OpenVPN connecting, but not working

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
K4sum1
DD-WRT Novice


Joined: 04 Sep 2023
Posts: 7

PostPosted: Fri Oct 11, 2024 7:45    Post subject: Netgear R7000 OpenVPN connecting, but not working Reply with quote
I have a Netgear R7000 that I'm wanting to use as VPN router for devices that can't use a VPN, or I don't want to bother with installing a VPN on. I have Windscribe, and originally I wanted to use Wireguard, but DD-WRT doesn't have the option I guess, and FreshTomato Wireguard doesn't work, so I'm now trying OpenVPN.

My setup is a bit weird, I'm going from ISP modem to a WRT1900ACv2, then to the R7000. Mostly because I don't have a long enough cable, and due to some of the devices being wired, I also can't move it much. I also don't feel like buying whatever expensive long cable I'd need for this. The only way I've found to make this configuration work is to disable the WAN stuff, and configure both routers as DHCP Forwarders. Not sure if this has anything to do with the issue.

I did most of the configuration by importing the .ovpn file, but I made a few changes to better match their DD-WRT setup guide. I get Client: CONNECTED SUCCESS when looking at OpenVPN Status, so I can only assume it works. However I still see my IP when checking. I've attached a screenshot of my settings to the post. I'm not sure what all I should keep private or not, but I figured I would censor part of the Server IP URL in case someone is able to trace the specific server I'm connected to or something idk. Also all of my username/password because of course.

Here's the Client Log as well:
Code:
20241011 02:29:19 I Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
20241011 02:29:19 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco disabling data channel offload.
20241011 02:29:19 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20241011 02:29:19 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20241011 02:29:19 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20241011 02:29:19 I OpenVPN 2.6.12 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
20241011 02:29:19 I library versions: OpenSSL 1.1.1w 11 Sep 2023 LZO 2.10
20241011 02:29:19 I DCO version: N/A
20241011 02:29:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20241011 02:29:19 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20241011 02:29:19 I TCP/UDP: Preserving recently used remote address: [AF_INET]104.129.18.131:443
20241011 02:29:19 Socket Buffers: R=[262144->262144] S=[262144->262144]
20241011 02:29:19 I UDPv4 link local: (not bound)
20241011 02:29:19 I UDPv4 link remote: [AF_INET]104.129.18.131:443
20241011 02:29:19 TLS: Initial packet from [AF_INET]104.129.18.131:443 sid=503b6b7a 462a2684
20241011 02:29:19 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20241011 02:29:19 VERIFY OK: depth=2 C=CA ST=ON L=Toronto O=Windscribe Limited OU=Systems CN=Windscribe Node CA X1
20241011 02:29:19 NOTE: --mute triggered...
20241011 02:29:19 8 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:29:19 I [atl-109.windscribe.com] Peer Connection Initiated with [AF_INET]104.129.18.131:443
20241011 02:29:19 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
20241011 02:29:19 NOTE: --mute triggered...
20241011 02:29:20 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:29:20 SENT CONTROL [atl-109.windscribe.com]: 'PUSH_REQUEST' (status=1)
20241011 02:29:20 NOTE: --mute triggered...
20241011 02:29:20 2 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:29:20 Socket Buffers: R=[262144->512000] S=[262144->512000]
20241011 02:29:20 OPTIONS IMPORT: --ifconfig/up options modified
20241011 02:29:20 NOTE: --mute triggered...
20241011 02:29:20 3 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:29:20 net_route_v4_best_gw query: dst 0.0.0.0
20241011 02:29:20 net_route_v4_best_gw result: via 192.168.0.1 dev br0
20241011 02:29:20 I TUN/TAP device tun1 opened
20241011 02:29:20 I net_iface_mtu_set: mtu 1500 for tun1
20241011 02:29:20 I net_iface_up: set tun1 up
20241011 02:29:20 I net_addr_v4_add: 10.114.206.46/23 dev tun1
20241011 02:29:20 net_route_v4_add: 104.129.18.131/32 via 192.168.0.1 dev [NULL] table 0 metric -1
20241011 02:29:20 net_route_v4_add: 0.0.0.0/1 via 10.114.206.1 dev [NULL] table 0 metric -1
20241011 02:29:20 net_route_v4_add: 128.0.0.0/1 via 10.114.206.1 dev [NULL] table 0 metric -1
20241011 02:29:20 I Initialization Sequence Completed
20241011 02:29:20 Data Channel: cipher 'AES-256-GCM' peer-id: 34
20241011 02:29:20 NOTE: --mute triggered...
20241011 02:32:30 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:32:30 N AEAD Decrypt error: cipher final failed
20241011 02:37:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:40588
20241011 02:37:16 D MANAGEMENT: CMD 'state'
20241011 02:37:16 MANAGEMENT: Client disconnected
20241011 02:37:16 NOTE: --mute triggered...
20241011 02:37:16 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:37:16 D MANAGEMENT: CMD 'state'
20241011 02:37:16 MANAGEMENT: Client disconnected
20241011 02:37:16 NOTE: --mute triggered...
20241011 02:37:16 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:37:16 D MANAGEMENT: CMD 'state'
20241011 02:37:16 MANAGEMENT: Client disconnected
20241011 02:37:16 NOTE: --mute triggered...
20241011 02:37:16 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:37:16 D MANAGEMENT: CMD 'status 2'
20241011 02:37:16 MANAGEMENT: Client disconnected
20241011 02:37:16 NOTE: --mute triggered...
20241011 02:37:16 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:37:16 D MANAGEMENT: CMD 'log 500'
20241011 02:37:16 MANAGEMENT: Client disconnected
20241011 02:39:29 NOTE: --mute triggered...
20241011 02:39:29 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:39:29 D MANAGEMENT: CMD 'state'
20241011 02:39:29 MANAGEMENT: Client disconnected
20241011 02:39:29 NOTE: --mute triggered...
20241011 02:39:29 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:39:29 D MANAGEMENT: CMD 'state'
20241011 02:39:29 MANAGEMENT: Client disconnected
20241011 02:39:29 NOTE: --mute triggered...
20241011 02:39:29 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:39:29 D MANAGEMENT: CMD 'state'
20241011 02:39:29 MANAGEMENT: Client disconnected
20241011 02:39:29 NOTE: --mute triggered...
20241011 02:39:29 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:39:29 D MANAGEMENT: CMD 'status 2'
20241011 02:39:29 MANAGEMENT: Client disconnected
20241011 02:39:29 NOTE: --mute triggered...
20241011 02:39:29 1 variation(s) on previous 3 message(s) suppressed by --mute
20241011 02:39:29 D MANAGEMENT: CMD 'log 500'


I did try looking this up, and the only relevant thing I could find was someone fixing it by adding redirect-gateway def1 to Additional Configuration. This did nothing for me, even after rebooting the router.

Please help.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13446
Location: Netherlands

PostPosted: Fri Oct 11, 2024 9:25    Post subject: Reply with quote
Please start with sharing your build number (it looks like a recent build so that should not be a porblem)

Of course DDWRT has WireGuard already a long time before FT even heard of it Wink
It is under the Tunnels tab

WireGuard Guides (and OpenVPN) are stickies in the Advanced Networking forum to which I will transfer this thread

However your OpenVPN seems to function.

It seems you have setup your routers a Wireless Access Points connected LAN<>LAN on the same subnet although not correctly as you should never use DHCP Forwarder.

IF you setup a VPN client on a WAP then your clients traffic will just bypass the VPN.
Only when you setup a guest wifi on the WAP (VAP on a WAP) that will use the VPN. alternatively you can point your LAN client to the R7000 as gateway.

As stated OpenVPN and WG Client setup guides are stickies in the Advanced Forum.
For basic setup you need the Client setup guide.
For using WireGuard on a WAP see the WG Advanced setup guide

Setting up a WAP: https://github.com/egc112/ddwrt/blob/main/Wireless%20Access%20Point.md
VAP on a WAP see page 9 of : https://github.com/egc112/ddwrt/blob/main/DDWRT%20Virtual%20Access%20Point-8.pdf

I am traveling so not much time to review things

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 15250
Location: Texas, USA

PostPosted: Fri Oct 11, 2024 15:32    Post subject: Reply with quote
Sticky: WireGuard guides and documentation

Sticky: OpenVPN guides and documentation

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum