In your log we can see an error with your certicate. Check it, it must include "-----begin certificate-----" and "-----end certificate-----", something like this for CA certificate and tls auth.
For the openvpn files you can't use it because in DD-WRT it is not possible to import the files, but it's not a problem, in the menu Service/vpn configure the openvpn client with all information you have, like the first message of this topic, you can verify that parameters are well written with telnet connection
Code in cmd or terminal (windows or macOS ):
Tenlnet "ip adresse of the routeur"
Cd /tmp/openvpncl
Ls ( for seeing the list of files )
Cat user.conf (for read the text in the files, your username and password must be written here )
And if all is correct reboot the router and it must connect the vpn correctly
I hope I'm clear because my English is not perfect !
Hi Kusanagi78, thanks for your answer.
I did everything again, but still no luck.
It's weird because it says it's connected, but no Internet.
Here are the Status page:
Client: CONNECTED SUCCESS
Local Address: 10.7.7.178
Remote Address: 10.7.7.177
I don't see any obvious errors in the log. But if it shows Connected, and it still doesn't work, it's possible you failed to NAT the tunnel (so packets get over the tunnel, but don't know how to find their way back). It's an option on the OpenVPN client GUI.
Thanks for the answer eibgrad, but NAT is enabled See image attached for details.
Is there any other place I could configure to enable packet routing? Or other place to check for logs/troubleshooting?
After trying almost everything, it worked.
My dd-wrt was siting behind my internet provider cable modem and after changing this cable modem to bridge mode and letting the dd-wrt router act as gateway, it worked!
The weird thing is that any VPN started from a device behind the dd-wrt would work with this config, but the dd-wrt itself.
Everything is fine now, thank you @eibgrad and others for the help!
Posted: Sat Mar 04, 2017 23:44 Post subject: Policy Based Routing and DDWRT (via the UI)
Hey all, wanted to ask whether anyone had tried to configure Policy Based routing with NordVPN and DDWRT. I am attempting to configure the routing so that a single IP range will utilize the OpenVPN configuration while others will not. I am utilizing the UI for this and I was under the impression that it was simple as having the following under Policy Based Routing.
"10.0.1.0/32"
and then all of my other clients (10.0.0.0/32) would connect directly to the internet.
However when I check my IP address from 10.0.0.x it shows the VPN IP.
I assume that the local subnet you want to route through the VPN is 10.0.1.0 and your DHCP IP address is 10.0.1.1 (if you have one). Then you want the range 10.0.1.2 - 10.0.1.254 to route through the VPN. Fo that you should add:
I don't think this page existed when I first started trying to set this up a few months ago: https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/. But I tried it again recently and it basically worked almost verbatim with the server us323 with a minor amount of tinkering (but this server, being static IP, has certain practical limitations, shall we say...)
However, when trying to get this configuration to work with other servers (e.g. us5xx+) there was one line in that page which I skimmed over but proved to be critical: note: newer NordVPN servers use SHA-512 instead. If SHA-1 does not work, select SHA-512. Once I switched to SHA512...golden.[/b]
Posted: Tue Jul 18, 2017 0:44 Post subject: killswitch reboot
I am a complete rookie at this dd-wrt setup but I currently have everything nordvpn related working on my router. However I am having trouble figuring out how to create a script to restart my router after the killswitch is engaged. I do not know where to begin and am in need of either somewhere to begin reading or a walkthrough. I tried using the keepalive from the GUI but it doesn't seem to work for me.
I don't think this page existed when I first started trying to set this up a few months ago: https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/. But I tried it again recently and it basically worked almost verbatim with the server us323 with a minor amount of tinkering (but this server, being static IP, has certain practical limitations, shall we say...)
However, when trying to get this configuration to work with other servers (e.g. us5xx+) there was one line in that page which I skimmed over but proved to be critical: note: newer NordVPN servers use SHA-512 instead. If SHA-1 does not work, select SHA-512. Once I switched to SHA512...golden.[/b]
I've still had issues with disconnects using those settings.
Corroborated here:
https://openvpn.net/archive/openvpn-users/2004-09/msg00535.html
"...ping-timer-rem only makes sense on the passively listening side of a point-to-point VPN connection. It is essentially enabled by default on the server side of server mode connection. It doesn't make sense on the client side because the client side is actively trying to connect to the server, and is not passively listening."
I've been using these additional settings along with Firmware: DD-WRT v3.0-r32170M kongac (06/11/17).
Posted: Sun Sep 17, 2017 10:07 Post subject: Please do a dummies guide for dd-wrt nordvpn users!
@usershmusername.
You seems to be the only one online who has figured out how to configure dd-wrt version 3 for nordvpn! Congratulations of not having frequent lost connections.
Could you please, please do a dummies guide? Please post your refined full script. You will be very popular, just look at the amount of views of this thread!!
Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Sun Sep 17, 2017 18:59 Post subject: Problems
As I set these up professionally I figured I'd share this info for all of you going nuts on NordVPN
1) NordVPN servers get frequently taken down by DMCA mandates. (Expect that if you are using one it will die at some point)
2) Each NordVPN server requires a different certs (found in the .ovpn files) This is extremely annoying and is the primary thing that pisses me off about their service. None of their servers are Dynamic and also you cant just simply change the server name and be good on the router.
3) Disconnects. The primary reason I built the VPN Watchdog was because of NordVPN and PureVPN disconnects. There isnt any way around them. My theory is that they are constantly updating their servers with something that requires a quick restart of the OpenVPN server.
4) As one user stated above. Inconsistent SHA1 or SHA512 usage. No standardization. Again. Annoyance.
My primary work around's have been to use servers people are unlikely to use (like in the 800 rang)
I also install my sw_watchdog script to keep the tunnel alive in less than 1 minute upon failure in combination with the firewall kill switch. This has been favored so far by my customers using it.
Preferable I tell people to change VPN providers from Nord of they want easier router maintenance.
Also for routers, any company that forces 256bit encryption is crazy. It just slows down the connection for no reason. AES-128 is fine _________________ My Karma ran over your Dogma
SploitWorks Custom Flashed Routers