DD-WRT VPN server not working beyond r30016

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3  Next
View previous topic :: View next topic  
Author Message
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889
PostPosted: Sun May 21, 2017 18:41    Post subject: Re: OpenVPN error still not fixed??? Reply with quote
jpaquette wrote:
I just downloaded and flashed the most recent version of DD-WRT (r31924) and tried to get OpenVPN working on it. To my surprise, no luck.



Openvpn works fine, at least on all recent Kong builds. You must have a configuration problem. Follow the instructions in the wiki or setup in the GUI. On Openvpn 2.4 "proto udp4" is necessary if a manual setup.
_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Back to top View user's profile Send private message
Sponsor
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Fri May 26, 2017 14:44    Post subject: New keys and DH params? Reply with quote
So am I going to have to generate new keys and/or a new DH params file in order to upgrade to OpenVPN 2.4?
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Fri May 26, 2017 16:23    Post subject: Re: New keys and DH params? Reply with quote
jpaquette wrote:
So am I going to have to generate new keys and/or a new DH params file in order to upgrade to OpenVPN 2.4?

No, you dont need make new keys.
Probably reset router. Best to setup conf all in GUI and then only add firewall rules you may need.
I have no problem access all devices, samba, other shares thu TUN.
openvpn server works fine on newest Kong or BS.
works fine for me on:
wrt54gsv2
e1200v2
e2500v1
rtn12d1
wndr3700v4
ea8500
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Fri May 26, 2017 20:42    Post subject: OpenVPN appears not event to startup in recent versions Reply with quote
So as far as I can see OpenVPN simply doesn’t start at all on my router in the most recent versions of DD-WRT. Here is what I get from version 30016M on startup.

Code:

messages:

May 26 19:53:34 Paq-DD-WRT daemon.notice openvpn[2980]: Pxxxxxxx/192.xxx.xxx.100:57946 SENT CONTROL [Pxxxxxxx]: 'PUSH_REPLY,route-gateway 192.xxx.xxx.1,ping 10,ping-restart 120,ifconfig 192.xxx.xxx.133 255.255.255.0' (status=1)
May 26 19:53:34 Paq-DD-WRT daemon.notice openvpn[2980]: Pxxxxxxx/192.xxx.xxx.100:57946 MULTI: Learn: 00:ff:f7:7f:f7:cf -> Pxxxxxxx/192.xxx.xxx.100:57946
May 26 19:53:34 Paq-DD-WRT user.warn igmpproxy[2998]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.130 to 192.xxx.xxx.133
May 26 19:55:15 Paq-DD-WRT user.warn igmpproxy[2998]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.133 to 192.xxx.xxx.108
May 26 19:56:51 Paq-DD-WRT authpriv.info dropbear[7032]: Child connection from 192.xxx.xxx.100:64652
May 26 19:56:54 Paq-DD-WRT authpriv.notice dropbear[7032]: Password auth succeeded for 'root' from 192.xxx.xxx.100:64652
May 26 19:57:04 Paq-DD-WRT authpriv.info dropbear[7032]: Exit (root): Exited normally
May 26 19:57:07 Paq-DD-WRT authpriv.info dropbear[7119]: Child connection from 192.xxx.xxx.100:64659
May 26 19:57:09 Paq-DD-WRT authpriv.notice dropbear[7119]: Password auth succeeded for 'root' from 192.xxx.xxx.100:64659
May 26 19:57:21 Paq-DD-WRT authpriv.info dropbear[7119]: Exit (root): Exited normally




Serverlog:

 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto udp cipher bf-cbc auth sha1 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /jffs/etc/openvpn/ccd comp-lzo yes tls-server ifconfig-pool-persist /tmp/openvpn/ip-pool 86400 client-to-client fast-io tun-mtu 1500 mtu-disc yes server-bridge 192.xxx.xxx.1 255.255.255.0 192.xxx.xxx.130 192.xxx.xxx.149 dev tap2 passtos server-bridge 192.xxx.xxx.1 255.255.255.0 192.xxx.xxx.130 192.xxx.xxx.149 #client-config-dir ccd port 1194 dev tap0 #dev-node TAP-Pxxxxxxx #dev-node TAP-paquette2 #dev-node TAP-paquette_home #dev-node TAP-paquette_note3 #proto udp keepalive 10 120 fragment 1400 mssfix 1400 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem keysize 128 # Only use crl-verify if you are using the revoke list - otherwise leave it commented out # crl-verify /tmp/openvpn/ca.crl # management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port # port must be 5001 for scripts embedded in firmware to work management localhost 16 verb 5


Here is what I get from version 31924 on startup.

Code:

messages

May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl0 interface) successfully started
May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl1 interface) successfully started
May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl2 interface) successfully started
May 26 20:12:32 Paq-DD-WRT user.info : syslogd : syslog daemon successfully stopped
May 26 20:12:32 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully stopped
May 26 16:12:32 Paq-DD-WRT syslog.info syslogd exiting
May 26 16:12:32 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2
May 26 20:12:32 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully started
May 26 20:12:50 Paq-DD-WRT user.warn igmpproxy[2156]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.100 to 192.xxx.xxx.106
May 26 20:12:56 Paq-DD-WRT user.warn igmpproxy[2156]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.106 to 192.xxx.xxx.108

Syslog

Dec 31 19:00:17 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2 
Jan 1 00:00:17 Paq-DD-WRT user.info : cron : cron daemon successfully started 
Jan 1 00:00:17 Paq-DD-WRT cron.info cron[972]: (CRON) STARTUP (fork ok) 
Jan 1 00:00:17 Paq-DD-WRT user.info : dropbear : ssh daemon successfully started 
Jan 1 00:00:17 Paq-DD-WRT authpriv.info dropbear[987]: Running in background 
Jan 1 00:00:17 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started 
Jan 1 00:00:18 Paq-DD-WRT user.info : dnsmasq : dnsmasq daemon successfully started 
Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded 
Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded 
Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded 
Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded 
Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded 
Jan 1 00:00:19 Paq-DD-WRT user.info : ttraff : traffic counter daemon successfully started 
Jan 1 00:00:19 Paq-DD-WRT user.info : udhcpd : DHCP daemon successfully stopped 
Jan 1 00:00:19 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started 
Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded 
Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded 
Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded 
Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded 
Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded 
Jan 1 00:00:20 Paq-DD-WRT user.info : process_monitor successfully started 
May 26 20:12:18 Paq-DD-WRT user.info : cron : cron daemon successfully stopped 
May 26 20:12:19 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded 
May 26 20:12:19 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded 
May 26 20:12:19 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded 
May 26 20:12:19 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded 
May 26 20:12:19 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded 
May 26 20:12:19 Paq-DD-WRT daemon.debug process_monitor[1604]: Restarting cron (time sync change) 
May 26 20:12:19 Paq-DD-WRT daemon.debug process_monitor[1604]: We need to re-update after 3600 seconds 
May 26 20:12:19 Paq-DD-WRT daemon.info process_monitor[1604]: set timer: 3600 seconds, callback: ntp_main() 
May 26 20:12:19 Paq-DD-WRT user.info : cron : cron daemon successfully started 
May 26 20:12:19 Paq-DD-WRT cron.info cron[1756]: (CRON) STARTUP (fork ok) 
May 26 20:12:19 Paq-DD-WRT user.info : wland : WLAN daemon successfully stopped 
May 26 20:12:20 Paq-DD-WRT user.info : wland : WLAN daemon successfully started 
May 26 20:12:20 Paq-DD-WRT user.info : WAN is up. IP: 66.11.165.170 
May 26 20:12:20 Paq-DD-WRT user.info : openvpn : OpenVPN daemon (Server) starting/restarting... 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: Current Parameter Settings: 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: config = '/tmp/openvpn/openvpn.conf' 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: mode = 1 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: NOTE: --mute triggered... 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: 228 variation(s) on previous 3 message(s) suppressed by --mute 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 2 2017 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2153]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2155]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 
May 26 20:12:21 Paq-DD-WRT daemon.warn openvpn[2155]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to 
May 26 20:12:21 Paq-DD-WRT daemon.warn openvpn[2155]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
May 26 20:12:21 Paq-DD-WRT user.info : igmprt : multicast daemon successfully started 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2155]: Diffie-Hellman initialized with 2048 bit key 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2155]: TLS-Auth MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ] 
May 26 20:12:21 Paq-DD-WRT daemon.notice openvpn[2155]: TUN/TAP TX queue length set to 100 
May 26 20:12:21 Paq-DD-WRT user.info : udhcpd : DHCP daemon successfully stopped 
May 26 20:12:22 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started 
May 26 20:12:22 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded 
May 26 20:12:22 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded 
May 26 20:12:22 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded 
May 26 20:12:22 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded 
May 26 20:12:22 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded 
May 26 20:12:23 Paq-DD-WRT user.info : process_monitor : Process Monitor successfully stopped 
May 26 20:12:23 Paq-DD-WRT user.info : process_monitor successfully started 
May 26 20:12:23 Paq-DD-WRT daemon.debug process_monitor[2311]: We need to re-update after 3600 seconds 
May 26 20:12:23 Paq-DD-WRT daemon.info process_monitor[2311]: set timer: 3600 seconds, callback: ntp_main() 
May 26 20:12:24 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded 
May 26 20:12:24 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded 
May 26 20:12:24 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded 
May 26 20:12:24 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded 
May 26 20:12:24 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded 
May 26 20:12:24 Paq-DD-WRT user.info : wland : WLAN daemon successfully stopped 
May 26 20:12:25 Paq-DD-WRT user.info : wland : WLAN daemon successfully started 
May 26 20:12:25 Paq-DD-WRT user.info : WAN is up. IP: 66.11.165.170 
May 26 20:12:25 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) successfully stopped 
May 26 20:12:28 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) hanging, send SIGKILL 
May 26 20:12:31 Paq-DD-WRT user.debug : ttraff: data collection started 
May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl0 interface) successfully started 
May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl1 interface) successfully started 
May 26 20:12:32 Paq-DD-WRT user.info : NAS : NAS lan (wl2 interface) successfully started 
May 26 20:12:32 Paq-DD-WRT user.info : syslogd : syslog daemon successfully stopped 
May 26 20:12:32 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully stopped 
May 26 16:12:32 Paq-DD-WRT syslog.info syslogd exiting 
May 26 16:12:32 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2 
May 26 20:12:32 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully started 
May 26 20:12:50 Paq-DD-WRT user.warn igmpproxy[2156]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.100 to 192.xxx.xxx.106 
May 26 20:12:56 Paq-DD-WRT user.warn igmpproxy[2156]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.106 to 192.xxx.xxx.108 



Serverlog:




I also tried another version after the switch to OpenVPN 2.4 and it similarly does not work. As you can see the OpenVPN server log is completely empty and there seems to be no evidence anywhere that it is actually running in the most recent release. Why might this be so?
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Sat May 27, 2017 1:56    Post subject: Re: OpenVPN appears not event to startup in recent versions Reply with quote
jpaquette wrote:
...Here is what I get from version 31924 on startup. ...
..As you can see the OpenVPN server log is completely empty ...Why might this be so?

openVPN server log hasn't worked in a while on new BS builds... some Kong builds. I believe partially fixed on lastest Kong.
http://svn.dd-wrt.com/ticket/5802
I don't use TAP so can't help much. You should ask in advanced networking forum.
I would also reset router and reconfig all in GUI with new build.
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Sat May 27, 2017 12:07    Post subject: Reply with quote
Tried resetting and using only GUI--no luck!
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway
PostPosted: Sat May 27, 2017 13:22    Post subject: Reply with quote
Quote:
May 26 20:12:25 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) successfully stopped
May 26 20:12:28 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) hanging, send SIGKILL


The VPN Server does not start. The is an error in the configuration file.

Last edited by Per Yngve Berg on Sat May 27, 2017 13:46; edited 1 time in total
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Sat May 27, 2017 13:26    Post subject: Reply with quote
jpaquette wrote:
Tried resetting and using only GUI--no luck!

I never used TAP with ddwrt but will try set one up in day or so to see what it looks like.
I did run site to site TAP w/tomato for years and it was fairly straight forward setup if you
pay attention to IPs and DHCP ranges. Remember a TAP is all on same subnet including the VPN bridge.
I am not sure if dd-wrt lets you choose the specific range for the bridge or if it will default to the
first few IPs in a subnet (simalar to a TUN). When I run tomato I first had server hand DHCP just for its
local clients and vpn client site do DHCP for its local and all could communicate with each other but
that got complicated when also using local DNS. Best working senerio I used was let openVPN server do
all DHCP & local DNS for all clients. That worked great for site to site and 3rd site or however many
clients from wherever could always be on same subnet. This of course means all internet always going
thru the vpn server. I created VAPs on each site to connect with so some clients could have straight-thru
internet away from main subnet. This worked well for site to site or multiple sites.

If you just have a few clients that need VPN I suggest to setup a routed TUN.
I'll get back with this when I get time to play with a TAP setup.... or maybe someone else can tell you more.

Another problem with TAP is it is not easily availible for moble devices...hence I use openVPN TUN with
android devices -- openVPN Client free, openVPN for andriod, & openVPN Connect all work perfectly fine
to access shares via local DNS .... I can even stream a movie from (local WIN10 DLNA) across cell network
on the phone connected to the DLNA share directory via android Total Commander File Manager opening the
movie in VLC for android ... need a fast device + good cell signal + decent upload speed from the server end Razz
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Sat May 27, 2017 16:09    Post subject: OpenVPN appears not event to startup in recent versions Reply with quote
I made the decision to use TAP rather than TUN many years ago when I first started using OpenVPN. TAP has served me very well both on my computers and devices (I use OpenVPN Client on android). This problem could of course be related to configuration but I wonder at this point about something in the recent DD-WRT code that my router (DLink 890L) doesn't like when it comes to OpenVPN. I certainly had no problems recently prior to the introduction of OpenVPN 2.4 after version r30016.

By the way, I now use part of the regular local router IP pool for OpenVPN and that works just fine.

On the configuration possibility, I am going to crosspost a complete description of the problem and my current server and client configurations and the results. For the record, I have tried many different configurations that are documented as successful but nothing works with the new versions of DD-WRT.

Good luck with your test — I look forward to hearing about your results.
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Sun May 28, 2017 13:01    Post subject: Test results and specific configs Reply with quote
To date I have never been able to get OpenVPN server in DD-WRT to work properly any version of DD-WRT after OpenVPN 2.4 was introduced in DD-WRT version r30016.

At this point I am wondering whether my problem is configuration (more likely given the success of others with OpenVPN 2.4 after r30016) or something specifically related to the router I am using, a D-Link 890L.

I have tried many different server and client configuration combinations many of which I am reasonably confident should work based upon results reported by others with the same or analogous configurations. Still, I want to present a complete picture of what is happening in the hope that someone will spot an error in what I am doing and offer an explanation of how to fix it.

I will use the most recent firmware version (r31924 std) as an example but I have reproduce the problem on other post- r30016 versions.

First, the server log under Status/OpenVPN is blank but that apparently is a known problem with recent versions of DD-WRT. Second, a tail -f /var/log/messages command shows no sign of OpenVPN activity at all:


    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl0 interface) successfully started
    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl1 interface) successfully started
    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl2 interface) successfully started
    May 27 16:25:22 Paq-DD-WRT user.info : syslogd : syslog daemon successfully stopped
    May 27 12:25:22 Paq-DD-WRT syslog.info syslogd exiting
    May 27 12:25:22 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2
    May 27 16:25:22 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully started
    May 27 16:25:37 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.108 to 192.xxx.xxx.100
    May 27 16:25:39 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.100 to 192.xxx.xxx.106
    May 27 16:25:56 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.106 to 192.xxx.xxx.107


I don’t know whether that behaviour is related or not to the server log problem.


    Dec 31 19:00:17 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2
    Jan 1 00:00:17 Paq-DD-WRT user.info : wland : WLAN daemon successfully started
    Jan 1 00:00:17 Paq-DD-WRT user.info : dropbear : ssh daemon successfully started
    Jan 1 00:00:17 Paq-DD-WRT authpriv.info dropbear[988]: Running in background
    Jan 1 00:00:17 Paq-DD-WRT user.info : cron : cron daemon successfully started
    Jan 1 00:00:17 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started
    Jan 1 00:00:17 Paq-DD-WRT cron.info cron[990]: (CRON) STARTUP (fork ok)
    Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded
    Jan 1 00:00:18 Paq-DD-WRT user.info : dnsmasq : dnsmasq daemon successfully started
    Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
    Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
    Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
    Jan 1 00:00:18 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
    Jan 1 00:00:19 Paq-DD-WRT user.info : ttraff : traffic counter daemon successfully started
    Jan 1 00:00:19 Paq-DD-WRT user.info : udhcpd : DHCP daemon successfully stopped
    Jan 1 00:00:19 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started
    Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded
    Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
    Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
    Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
    Jan 1 00:00:20 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
    Jan 1 00:00:20 Paq-DD-WRT user.info : process_monitor successfully started
    May 27 16:25:07 Paq-DD-WRT user.info : cron : cron daemon successfully stopped
    May 27 16:25:08 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded
    May 27 16:25:08 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
    May 27 16:25:08 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
    May 27 16:25:08 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
    May 27 16:25:08 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
    May 27 16:25:08 Paq-DD-WRT daemon.debug process_monitor[1603]: Restarting cron (time sync change)
    May 27 16:25:08 Paq-DD-WRT daemon.debug process_monitor[1603]: We need to re-update after 3600 seconds
    May 27 16:25:08 Paq-DD-WRT daemon.info process_monitor[1603]: set timer: 3600 seconds, callback: ntp_main()
    May 27 16:25:08 Paq-DD-WRT user.info : cron : cron daemon successfully started
    May 27 16:25:08 Paq-DD-WRT cron.info cron[1749]: (CRON) STARTUP (fork ok)
    May 27 16:25:09 Paq-DD-WRT user.info : wland : WLAN daemon successfully stopped
    May 27 16:25:10 Paq-DD-WRT user.info : wland : WLAN daemon successfully started
    May 27 16:25:10 Paq-DD-WRT user.info : WAN is up. IP: 66.11.165.170
    May 27 16:25:10 Paq-DD-WRT user.info : openvpn : OpenVPN daemon (Server) starting/restarting...
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: Current Parameter Settings:
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: config = '/tmp/openvpn/openvpn.conf'
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: mode = 1
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: NOTE: --mute triggered...
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: 228 variation(s) on previous 3 message(s) suppressed by --mute
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 2 2017
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2152]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2154]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
    May 27 16:25:10 Paq-DD-WRT daemon.warn openvpn[2154]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
    May 27 16:25:10 Paq-DD-WRT daemon.warn openvpn[2154]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    May 27 16:25:10 Paq-DD-WRT user.info : igmprt : multicast daemon successfully started
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2154]: Diffie-Hellman initialized with 2048 bit key
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2154]: TUN/TAP device tap0 opened
    May 27 16:25:10 Paq-DD-WRT daemon.notice openvpn[2154]: TUN/TAP TX queue length set to 100
    May 27 16:25:11 Paq-DD-WRT user.info : udhcpd : DHCP daemon successfully stopped
    May 27 16:25:11 Paq-DD-WRT user.info : udhcpd : udhcp daemon successfully started
    May 27 16:25:12 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded
    May 27 16:25:12 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
    May 27 16:25:12 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
    May 27 16:25:12 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
    May 27 16:25:12 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
    May 27 16:25:12 Paq-DD-WRT user.info : process_monitor : Process Monitor successfully stopped
    May 27 16:25:12 Paq-DD-WRT user.info : process_monitor successfully started
    May 27 16:25:12 Paq-DD-WRT daemon.debug process_monitor[2306]: We need to re-update after 3600 seconds
    May 27 16:25:12 Paq-DD-WRT daemon.info process_monitor[2306]: set timer: 3600 seconds, callback: ntp_main()
    May 27 16:25:13 Paq-DD-WRT user.info : vpn modules : vpn modules successfully unloaded
    May 27 16:25:13 Paq-DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
    May 27 16:25:13 Paq-DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
    May 27 16:25:13 Paq-DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
    May 27 16:25:13 Paq-DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
    May 27 16:25:13 Paq-DD-WRT user.info : wland : WLAN daemon successfully stopped
    May 27 16:25:15 Paq-DD-WRT user.info : wland : WLAN daemon successfully started
    May 27 16:25:15 Paq-DD-WRT user.info : WAN is up. IP: 66.11.165.170
    May 27 16:25:15 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) successfully stopped
    May 27 16:25:17 Paq-DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) hanging, send SIGKILL
    May 27 16:25:21 Paq-DD-WRT user.debug : ttraff: data collection started
    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl0 interface) successfully started
    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl1 interface) successfully started
    May 27 16:25:21 Paq-DD-WRT user.info : NAS : NAS lan (wl2 interface) successfully started
    May 27 16:25:22 Paq-DD-WRT user.info : syslogd : syslog daemon successfully stopped
    May 27 12:25:22 Paq-DD-WRT syslog.info syslogd exiting
    May 27 12:25:22 Paq-DD-WRT syslog.info syslogd started: BusyBox v1.26.2
    May 27 16:25:22 Paq-DD-WRT user.info : resetbutton : resetbutton daemon successfully started
    May 27 16:25:37 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.108 to 192.xxx.xxx.100
    May 27 16:25:39 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.100 to 192.xxx.xxx.106
    May 27 16:25:56 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.106 to 192.xxx.xxx.107
    May 27 16:34:12 Paq-DD-WRT user.warn igmpproxy[2155]: The origin for route 239.255.255.250 changed from 192.xxx.xxx.107 to 192.xxx.xxx.105


The only sign of OpenVPN today in the syslog is something about it being “unloaded.”

The router OpenVPN server configuration the GUI is shown below.

Additional server configuration script is:


    server-bridge 192.xxx.xxx.1 255.255.255.0 192.xxx.xxx.130 192.xxx.xxx.149
    port 1194
    dev tap0
    keepalive 10 120
    ncp-ciphers AES-256-GCM:AES-256-CBC
    fragment 1400
    mssfix 1400
    dh /tmp/openvpn/dh.pem
    ca /tmp/openvpn/ca.crt
    cert /tmp/openvpn/cert.pem
    key /tmp/openvpn/key.pem
    keysize 128

    # management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port 5001
    # port must be 5001 for scripts embedded in firmware to work
    management localhost 16

    verb 5


A client OpenVPN (version 2.4) is configured as follows.


    #remote xxx.xxx.xxx.xxx 1194
    remote 192.xxx.xxx.1

    proto udp
    tls-client
    pull
    dev tap0
    remote-cert-tls server
    ncp-ciphers AES-256-GCM:AES-256-CBC
    resolv-retry infinite
    nobind
    tun-mtu 1500
    fragment 1400
    mssfix 1400
    persist-key
    persist-tun
    comp-lzo
    float

    ca "C:\\Program Files\\OpenVPN\\easy-rsa\\2.0\\keys\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\easy-rsa\\2.0\\keys\\Pxxxxxxx.crt"
    key "C:\\Program Files\\OpenVPN\\easy-rsa\\2.0\\keys\\Pxxxxxxx.key"

    verb 6


The client log shows the following.


    Sat May 27 16:25:05 2017 us=803948 Current Parameter Settings:
    Sat May 27 16:25:05 2017 us=803948 config = 'Pxxxxxxx.ovpn'
    Sat May 27 16:25:05 2017 us=803948 mode = 0
    Sat May 27 16:25:05 2017 us=803948 show_ciphers = DISABLED
    Sat May 27 16:25:05 2017 us=803948 show_digests = DISABLED
    Sat May 27 16:25:05 2017 us=803948 show_engines = DISABLED
    Sat May 27 16:25:05 2017 us=803948 genkey = DISABLED
    Sat May 27 16:25:05 2017 us=803948 key_pass_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 show_tls_ciphers = DISABLED
    Sat May 27 16:25:05 2017 us=803948 connect_retry_max = 0
    Sat May 27 16:25:05 2017 us=803948 Connection profiles [0]:
    Sat May 27 16:25:05 2017 us=803948 proto = udp
    Sat May 27 16:25:05 2017 us=803948 local = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 local_port = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 remote = '192.xxx.xxx.1'
    Sat May 27 16:25:05 2017 us=803948 remote_port = '1194'
    Sat May 27 16:25:05 2017 us=803948 remote_float = ENABLED
    Sat May 27 16:25:05 2017 us=803948 bind_defined = DISABLED
    Sat May 27 16:25:05 2017 us=803948 bind_local = DISABLED
    Sat May 27 16:25:05 2017 us=803948 bind_ipv6_only = DISABLED
    Sat May 27 16:25:05 2017 us=803948 connect_retry_seconds = 5
    Sat May 27 16:25:05 2017 us=803948 connect_timeout = 120
    Sat May 27 16:25:05 2017 us=803948 socks_proxy_server = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 socks_proxy_port = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 tun_mtu = 1500
    Sat May 27 16:25:05 2017 us=803948 tun_mtu_defined = ENABLED
    Sat May 27 16:25:05 2017 us=803948 link_mtu = 1500
    Sat May 27 16:25:05 2017 us=803948 link_mtu_defined = DISABLED
    Sat May 27 16:25:05 2017 us=803948 tun_mtu_extra = 32
    Sat May 27 16:25:05 2017 us=803948 tun_mtu_extra_defined = ENABLED
    Sat May 27 16:25:05 2017 us=803948 mtu_discover_type = -1
    Sat May 27 16:25:05 2017 us=803948 fragment = 1400
    Sat May 27 16:25:05 2017 us=803948 mssfix = 1400
    Sat May 27 16:25:05 2017 us=803948 explicit_exit_notification = 0
    Sat May 27 16:25:05 2017 us=803948 Connection profiles END
    Sat May 27 16:25:05 2017 us=803948 remote_random = DISABLED
    Sat May 27 16:25:05 2017 us=803948 ipchange = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=803948 dev = 'tap0'
    Sat May 27 16:25:05 2017 us=804949 dev_type = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 dev_node = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 lladdr = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 topology = 1
    Sat May 27 16:25:05 2017 us=804949 ifconfig_local = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 ifconfig_remote_netmask = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 ifconfig_noexec = DISABLED
    Sat May 27 16:25:05 2017 us=804949 ifconfig_nowarn = DISABLED
    Sat May 27 16:25:05 2017 us=804949 ifconfig_ipv6_local = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 ifconfig_ipv6_netbits = 0
    Sat May 27 16:25:05 2017 us=804949 ifconfig_ipv6_remote = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 shaper = 0
    Sat May 27 16:25:05 2017 us=804949 mtu_test = 0
    Sat May 27 16:25:05 2017 us=804949 mlock = DISABLED
    Sat May 27 16:25:05 2017 us=804949 keepalive_ping = 0
    Sat May 27 16:25:05 2017 us=804949 keepalive_timeout = 0
    Sat May 27 16:25:05 2017 us=804949 inactivity_timeout = 0
    Sat May 27 16:25:05 2017 us=804949 ping_send_timeout = 0
    Sat May 27 16:25:05 2017 us=804949 ping_rec_timeout = 0
    Sat May 27 16:25:05 2017 us=804949 ping_rec_timeout_action = 0
    Sat May 27 16:25:05 2017 us=804949 ping_timer_remote = DISABLED
    Sat May 27 16:25:05 2017 us=804949 remap_sigusr1 = 0
    Sat May 27 16:25:05 2017 us=804949 persist_tun = ENABLED
    Sat May 27 16:25:05 2017 us=804949 persist_local_ip = DISABLED
    Sat May 27 16:25:05 2017 us=804949 persist_remote_ip = DISABLED
    Sat May 27 16:25:05 2017 us=804949 persist_key = ENABLED
    Sat May 27 16:25:05 2017 us=804949 passtos = DISABLED
    Sat May 27 16:25:05 2017 us=804949 resolve_retry_seconds = 1000000000
    Sat May 27 16:25:05 2017 us=804949 resolve_in_advance = DISABLED
    Sat May 27 16:25:05 2017 us=804949 username = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 groupname = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 chroot_dir = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 cd_dir = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 writepid = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 up_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 down_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 down_pre = DISABLED
    Sat May 27 16:25:05 2017 us=804949 up_restart = DISABLED
    Sat May 27 16:25:05 2017 us=804949 up_delay = DISABLED
    Sat May 27 16:25:05 2017 us=804949 daemon = DISABLED
    Sat May 27 16:25:05 2017 us=804949 inetd = 0
    Sat May 27 16:25:05 2017 us=804949 log = ENABLED
    Sat May 27 16:25:05 2017 us=804949 suppress_timestamps = DISABLED
    Sat May 27 16:25:05 2017 us=804949 machine_readable_output = DISABLED
    Sat May 27 16:25:05 2017 us=804949 nice = 0
    Sat May 27 16:25:05 2017 us=804949 verbosity = 6
    Sat May 27 16:25:05 2017 us=804949 mute = 0
    Sat May 27 16:25:05 2017 us=804949 gremlin = 0
    Sat May 27 16:25:05 2017 us=804949 status_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 status_file_version = 1
    Sat May 27 16:25:05 2017 us=804949 status_file_update_freq = 60
    Sat May 27 16:25:05 2017 us=804949 occ = ENABLED
    Sat May 27 16:25:05 2017 us=804949 rcvbuf = 0
    Sat May 27 16:25:05 2017 us=804949 sndbuf = 0
    Sat May 27 16:25:05 2017 us=804949 sockflags = 0
    Sat May 27 16:25:05 2017 us=804949 fast_io = DISABLED
    Sat May 27 16:25:05 2017 us=804949 comp.alg = 2
    Sat May 27 16:25:05 2017 us=804949 comp.flags = 1
    Sat May 27 16:25:05 2017 us=804949 route_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 route_default_gateway = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 route_default_metric = 0
    Sat May 27 16:25:05 2017 us=804949 route_noexec = DISABLED
    Sat May 27 16:25:05 2017 us=804949 route_delay = 5
    Sat May 27 16:25:05 2017 us=804949 route_delay_window = 30
    Sat May 27 16:25:05 2017 us=804949 route_delay_defined = ENABLED
    Sat May 27 16:25:05 2017 us=804949 route_nopull = DISABLED
    Sat May 27 16:25:05 2017 us=804949 route_gateway_via_dhcp = DISABLED
    Sat May 27 16:25:05 2017 us=804949 allow_pull_fqdn = DISABLED
    Sat May 27 16:25:05 2017 us=804949 management_addr = '127.0.0.1'
    Sat May 27 16:25:05 2017 us=804949 management_port = '25346'
    Sat May 27 16:25:05 2017 us=804949 management_user_pass = 'stdin'
    Sat May 27 16:25:05 2017 us=804949 management_log_history_cache = 250
    Sat May 27 16:25:05 2017 us=804949 management_echo_buffer_size = 100
    Sat May 27 16:25:05 2017 us=804949 management_write_peer_info_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 management_client_user = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 management_client_group = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 management_flags = 6
    Sat May 27 16:25:05 2017 us=804949 shared_secret_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 key_direction = 0
    Sat May 27 16:25:05 2017 us=804949 ciphername = 'BF-CBC'
    Sat May 27 16:25:05 2017 us=804949 ncp_enabled = ENABLED
    Sat May 27 16:25:05 2017 us=804949 ncp_ciphers = 'AES-256-GCM:AES-256-CBC'
    Sat May 27 16:25:05 2017 us=804949 authname = 'SHA1'
    Sat May 27 16:25:05 2017 us=804949 prng_hash = 'SHA1'
    Sat May 27 16:25:05 2017 us=804949 prng_nonce_secret_len = 16
    Sat May 27 16:25:05 2017 us=804949 keysize = 0
    Sat May 27 16:25:05 2017 us=804949 engine = DISABLED
    Sat May 27 16:25:05 2017 us=804949 replay = ENABLED
    Sat May 27 16:25:05 2017 us=804949 mute_replay_warnings = DISABLED
    Sat May 27 16:25:05 2017 us=804949 replay_window = 64
    Sat May 27 16:25:05 2017 us=804949 replay_time = 15
    Sat May 27 16:25:05 2017 us=804949 packet_id_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 use_iv = ENABLED
    Sat May 27 16:25:05 2017 us=804949 test_crypto = DISABLED
    Sat May 27 16:25:05 2017 us=804949 tls_server = DISABLED
    Sat May 27 16:25:05 2017 us=804949 tls_client = ENABLED
    Sat May 27 16:25:05 2017 us=804949 key_method = 2
    Sat May 27 16:25:05 2017 us=804949 ca_file = 'C:\Program Files\OpenVPN\easy-rsa\2.0\keys\ca.crt'
    Sat May 27 16:25:05 2017 us=804949 ca_path = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 dh_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 cert_file = 'C:\Program Files\OpenVPN\easy-rsa\2.0\keys\Pxxxxxxx.crt'
    Sat May 27 16:25:05 2017 us=804949 extra_certs_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 priv_key_file = 'C:\Program Files\OpenVPN\easy-rsa\2.0\keys\Pxxxxxxx.key'
    Sat May 27 16:25:05 2017 us=804949 pkcs12_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 cryptoapi_cert = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 cipher_list = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 tls_verify = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 tls_export_cert = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 verify_x509_type = 0
    Sat May 27 16:25:05 2017 us=804949 verify_x509_name = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 crl_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=804949 ns_cert_type = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 65535
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_ku[i] = 0
    Sat May 27 16:25:05 2017 us=805950 remote_cert_eku = 'TLS Web Server Authentication'
    Sat May 27 16:25:05 2017 us=805950 ssl_flags = 0
    Sat May 27 16:25:05 2017 us=805950 tls_timeout = 2
    Sat May 27 16:25:05 2017 us=805950 renegotiate_bytes = -1
    Sat May 27 16:25:05 2017 us=805950 renegotiate_packets = 0
    Sat May 27 16:25:05 2017 us=805950 renegotiate_seconds = 3600
    Sat May 27 16:25:05 2017 us=805950 handshake_window = 60
    Sat May 27 16:25:05 2017 us=805950 transition_window = 3600
    Sat May 27 16:25:05 2017 us=805950 single_session = DISABLED
    Sat May 27 16:25:05 2017 us=805950 push_peer_info = DISABLED
    Sat May 27 16:25:05 2017 us=805950 tls_exit = DISABLED
    Sat May 27 16:25:05 2017 us=805950 tls_auth_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 tls_crypt_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_protected_authentication = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_private_mode = 00000000
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_cert_private = DISABLED
    Sat May 27 16:25:05 2017 us=805950 pkcs11_pin_cache_period = -1
    Sat May 27 16:25:05 2017 us=805950 pkcs11_id = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 pkcs11_id_management = DISABLED
    Sat May 27 16:25:05 2017 us=805950 server_network = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 server_netmask = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 server_network_ipv6 = ::
    Sat May 27 16:25:05 2017 us=805950 server_netbits_ipv6 = 0
    Sat May 27 16:25:05 2017 us=805950 server_bridge_ip = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 server_bridge_netmask = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 server_bridge_pool_start = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 server_bridge_pool_end = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_defined = DISABLED
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_start = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_end = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_netmask = 0.0.0.0
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_persist_filename = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 ifconfig_pool_persist_refresh_freq = 600
    Sat May 27 16:25:05 2017 us=805950 ifconfig_ipv6_pool_defined = DISABLED
    Sat May 27 16:25:05 2017 us=805950 ifconfig_ipv6_pool_base = ::
    Sat May 27 16:25:05 2017 us=805950 ifconfig_ipv6_pool_netbits = 0
    Sat May 27 16:25:05 2017 us=805950 n_bcast_buf = 256
    Sat May 27 16:25:05 2017 us=805950 tcp_queue_limit = 64
    Sat May 27 16:25:05 2017 us=805950 real_hash_size = 256
    Sat May 27 16:25:05 2017 us=805950 virtual_hash_size = 256
    Sat May 27 16:25:05 2017 us=805950 client_connect_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 learn_address_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=805950 client_disconnect_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 client_config_dir = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 ccd_exclusive = DISABLED
    Sat May 27 16:25:05 2017 us=806951 tmp_dir = 'C:\Users\jerrypaq\AppData\Local\Temp\'
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_defined = DISABLED
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_local = 0.0.0.0
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_remote_netmask = 0.0.0.0
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_ipv6_defined = DISABLED
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_ipv6_local = ::/0
    Sat May 27 16:25:05 2017 us=806951 push_ifconfig_ipv6_remote = ::
    Sat May 27 16:25:05 2017 us=806951 enable_c2c = DISABLED
    Sat May 27 16:25:05 2017 us=806951 duplicate_cn = DISABLED
    Sat May 27 16:25:05 2017 us=806951 cf_max = 0
    Sat May 27 16:25:05 2017 us=806951 cf_per = 0
    Sat May 27 16:25:05 2017 us=806951 max_clients = 1024
    Sat May 27 16:25:05 2017 us=806951 max_routes_per_client = 256
    Sat May 27 16:25:05 2017 us=806951 auth_user_pass_verify_script = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 auth_user_pass_verify_script_via_file = DISABLED
    Sat May 27 16:25:05 2017 us=806951 auth_token_generate = DISABLED
    Sat May 27 16:25:05 2017 us=806951 auth_token_lifetime = 0
    Sat May 27 16:25:05 2017 us=806951 client = DISABLED
    Sat May 27 16:25:05 2017 us=806951 pull = ENABLED
    Sat May 27 16:25:05 2017 us=806951 auth_user_pass_file = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 show_net_up = DISABLED
    Sat May 27 16:25:05 2017 us=806951 route_method = 3
    Sat May 27 16:25:05 2017 us=806951 block_outside_dns = DISABLED
    Sat May 27 16:25:05 2017 us=806951 ip_win32_defined = DISABLED
    Sat May 27 16:25:05 2017 us=806951 ip_win32_type = 3
    Sat May 27 16:25:05 2017 us=806951 dhcp_masq_offset = 0
    Sat May 27 16:25:05 2017 us=806951 dhcp_lease_time = 31536000
    Sat May 27 16:25:05 2017 us=806951 tap_sleep = 0
    Sat May 27 16:25:05 2017 us=806951 dhcp_options = DISABLED
    Sat May 27 16:25:05 2017 us=806951 dhcp_renew = DISABLED
    Sat May 27 16:25:05 2017 us=806951 dhcp_pre_release = DISABLED
    Sat May 27 16:25:05 2017 us=806951 domain = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 netbios_scope = '[UNDEF]'
    Sat May 27 16:25:05 2017 us=806951 netbios_node_type = 0
    Sat May 27 16:25:05 2017 us=806951 disable_nbt = DISABLED
    Sat May 27 16:25:05 2017 us=806951 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
    Sat May 27 16:25:05 2017 us=806951 Windows version 6.2 (Windows 8 or greater) 64bit
    Sat May 27 16:25:05 2017 us=806951 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
    Enter Management Password:
    Sat May 27 16:25:05 2017 us=807951 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25346
    Sat May 27 16:25:05 2017 us=807951 Need hold release from management interface, waiting...
    Sat May 27 16:25:06 2017 us=293818 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25346
    Sat May 27 16:25:06 2017 us=394941 MANAGEMENT: CMD 'state on'
    Sat May 27 16:25:06 2017 us=394941 MANAGEMENT: CMD 'log all on'
    Sat May 27 16:25:06 2017 us=643767 MANAGEMENT: CMD 'echo all on'
    Sat May 27 16:25:06 2017 us=647769 MANAGEMENT: CMD 'hold off'
    Sat May 27 16:25:06 2017 us=651772 MANAGEMENT: CMD 'hold release'
    Sat May 27 16:25:06 2017 us=780365 LZO compression initializing
    Sat May 27 16:25:06 2017 us=780365 Control Channel MTU parms [ L:1658 D:1212 EF:38 EB:0 ET:0 EL:3 ]
    Sat May 27 16:25:06 2017 us=780365 Data Channel MTU parms [ L:1658 D:1400 EF:126 EB:412 ET:32 EL:3 ]
    Sat May 27 16:25:06 2017 us=780365 Fragmentation MTU parms [ L:1658 D:1400 EF:125 EB:412 ET:33 EL:3 ]
    Sat May 27 16:25:06 2017 us=780365 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Sat May 27 16:25:06 2017 us=780365 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Sat May 27 16:25:06 2017 us=780365 TCP/UDP: Preserving recently used remote address: [AF_INET]192.xxx.xxx.1:1194
    Sat May 27 16:25:06 2017 us=780365 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sat May 27 16:25:06 2017 us=780365 UDP link local: (not bound)
    Sat May 27 16:25:06 2017 us=780365 UDP link remote: [AF_INET]192.xxx.xxx.1:1194
    Sat May 27 16:25:06 2017 us=780365 MANAGEMENT: >STATE:1495916706,WAIT,,,,,,
    Sat May 27 16:25:06 2017 us=780365 UDP WRITE [14] to [AF_INET]192.xxx.xxx.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
    Sat May 27 16:25:06 2017 us=780365 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
    Sat May 27 16:25:06 2017 us=781366 read UDP: Connection reset by peer (WSAECONNRESET) (code=10054)
    Sat May 27 16:25:06 2017 us=781366 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
    Sat May 27 16:25:09 2017 us=98537 UDP WRITE [14] to [AF_INET]192.xxx.xxx.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
    Sat May 27 16:25:09 2017 us=98537 read UDP: Connection reset by peer (WSAECONNRESET) (code=10054)
    Sat May 27 16:25:09 2017 us=98537 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
    Sat May 27 16:25:13 2017 us=732167 UDP WRITE [14] to [AF_INET]192.xxx.xxx.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
    Sat May 27 16:25:13 2017 us=732167 read UDP: Connection reset by peer (WSAECONNRESET) (code=10054)
    Sat May 27 16:25:13 2017 us=732167 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
    Sat May 27 16:25:16 2017 us=606368 TCP/UDP: Closing socket
    Sat May 27 16:25:16 2017 us=606368 SIGTERM[hard,] received, process exiting
    Sat May 27 16:25:16 2017 us=606368 MANAGEMENT: >STATE:1495916716,EXITING,SIGTERM,,,,,


Every server/client combination I have tried, and I have tried a great many, leads to almost exactly this type of WSAECONNRESET infinite loop so the handshake is never completed.

Any help with this problem would be greatly appreciated since I am a little concerned at being unable to use newer firmware upgrades.

Test router config 5-27-2017 4-26-18 PM.jpg
 Description:
 Filesize:  79.74 KB
 Viewed:  8100 Time(s)

Test router config 5-27-2017 4-26-18 PM.jpg
Back to top View user's profile Send private message
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889
PostPosted: Sun May 28, 2017 18:54    Post subject: Reply with quote
On Openvpn 2.4 you need to specify "proto udp4" in manual scripts.
As stated earlier Openvpn works fine, if script is correct. I'm not using the GUI so cannot tell if it works flawless
_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Back to top View user's profile Send private message
diabolo
DD-WRT Novice


Joined: 28 Feb 2015
Posts: 12
PostPosted: Mon May 29, 2017 10:02    Post subject: Reply with quote
I had some trouble with the Openvpn too with TAP configuration since 30016. But I figured out a configuration, by using my own launch script.


All have not read all answer but i have a stupid question... : does "Openvpn" service is up ?



For your information, on my routeur Asus RT-N18U, since the version 30016, "Ebtables" command is buggy (see http://svn.dd-wrt.com/ticket/5807).
You will see CPU load is high or not, if you have the same problem. If yes, you can see with "top" command, the following process consume all CPU
Quote:
/usr/sbin/ebtables -t nat -D POSTROUTING -o tap1 --pkttype-type multicast -j DROP



If it can help, this is my config which work with R31924.
I use the DHCP of the routeur to deliver IP address.

Startup script :
Code:

#---Open VPN Managment----------
openvpn --mktun --dev tap2
brctl addif br0 tap2
ifconfig tap2 0.0.0.0 promisc up
ifconfig br0 $WANIF netmask $LAN_MASK broadcast $LAN_BROADCAST 
openvpn --config /tmp/mnt/sda1/openvpn/openvpn.conf



#openvpn server configuration file (store into SDA1)
Code:

dh /tmp/mnt/sda1/openvpn/dh.pem
ca /tmp/mnt/sda1/openvpn/ca.crt
cert /tmp/mnt/sda1/openvpn/cert.pem
key /tmp/mnt/sda1/openvpn/key.pem

# Tunnel options
mode server       # Set OpenVPN major mode
proto udp         # Setup the protocol (server)
port 1194         # TCP/UDP port number
dev tap2          # TUN/TAP virtual network device
server-bridge
local 172.18.25.20

#script-security 2

keepalive 15 60   # Simplify the expression of --ping
daemon            # Become a daemon after all initialization
verb 5            # Set output verbosity to n
comp-lzo          # Use fast LZO compression
dev-type tap
#link-mtu 1573
#tun-mtu 1451

cipher BF-CBC
auth SHA1
#keysize 128
#key-method 2

# OpenVPN server mode options
client-to-client  # tells OpenVPN to internally route client-to-client traffic
duplicate-cn      # Allow multiple clients with the same common name

# TLS Mode Options
tls-server        # Enable TLS and assume server role during TLS handshake



Client Configuration :
Code:
client

dev tap
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 172.18.25.20

resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

#link-mtu 1573
#tun-mtu 1451

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert test1.crt
key test1.key


# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 5

I hope that it can help for you.
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Mon May 29, 2017 13:34    Post subject: Reply with quote
wabe wrote:
On Openvpn 2.4 you need to specify "proto udp4" in manual scripts.
As stated earlier Openvpn works fine, if script is correct. I'm not using the GUI so cannot tell if it works flawless


Thanks wabe — I tried explicit “proto udp4” in both server and client configuration multiple times but that didn't help with this problem.
Back to top View user's profile Send private message
jpaquette
DD-WRT Novice


Joined: 09 Sep 2013
Posts: 46
PostPosted: Mon May 29, 2017 17:02    Post subject: Reply with quote
diabolo wrote:

#---Open VPN Managment----------
openvpn --mktun --dev tap2
brctl addif br0 tap2
ifconfig tap2 0.0.0.0 promisc up
ifconfig br0 $WANIF netmask $LAN_MASK broadcast $LAN_BROADCAST
openvpn --config /tmp/mnt/sda1/openvpn/openvpn.conf


Thanks diabolo— I will have a closer look at this as soon as I have time. I couldn't resist comparing your startup code with mine. The only real difference is the

Code:
ifconfig br0 $WANIF netmask $LAN_MASK broadcast $LAN_BROADCAST


line — do you remember what that is for?
Back to top View user's profile Send private message
diabolo
DD-WRT Novice


Joined: 28 Feb 2015
Posts: 12
PostPosted: Tue May 30, 2017 8:13    Post subject: Reply with quote
Yes this line has been placed in order to be sure that the ip configuration of bridge was well defined as i want. Not really necessary.

The real difference for my point of view is and only for my problem of ebtables issue:
openvpn --config /tmp/mnt/sda1/openvpn/openvpn.conf

When you use the web-gui, it will use this type of command with the two script to active/desactivate brigde and tap card and ebtables conf.:
/tmp/openvpnserver --config /tmp/openvpn/openvpn.conf --route-up /tmp/openvpn/route-up.sh --down-pre /tmp/openvpn/route-down.sh

But i am not sure that your problem is coming from the start-up.
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum