ANSWERED DD-WRT keeps disconnecting

[In*the*AIR 1]

Hello,

 

I have no problems connecting with tunnelblick.

 

When I try to setup openvpn on dd-wrt, the connection is open but it keeps being disconnected.

 

I am uploading some screen shots, they are a bit big so I will post each one on single posts.

 

 

[In*the*AIR 1]

Sorry but I cannot upload the other screen shot, there is a limit for the total size of uploaded files and it seems I have reached it.

 

 

Do you see something in the log that could explain the disconnection?

 

Thanks

[Staff 9771]

Sorry but I cannot upload the other screen shot, there is a limit for the total size of uploaded files and it seems I have reached it.

 

 

Do you see something in the log that could explain the disconnection?

 

Thanks

 

Hello,

 

please try again now.

 

Kind regards

[In*the*AIR 1]

Hi,

 

I tried a different approach:

I logged into the router dd-wrt and I download to /tmp my airvpn.ovpn file

then I run 

 

 

/usr/sbin/openvpn --config /tmp/airvpn.ovpn  --daemon
 

 

 

 

 

 

My airvpn.ovpn file looks like:

 

 

 

clientdev tun1
proto tcp
remote airvpnip 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
verb 3
status /tmp/var/log/openvpn-status_tap.log
log-append /tmp/var/log/openvpn_tap.log
mute 100
<ca>
-----BEGIN CERTIFICATE-----
hidden text
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
hidden text
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
hidden text
-----END RSA PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
hidden text
-----END OpenVPN Static key V1-----
</tls-auth>
 

 

 

 

My Firewall rules are (the router uses tun1 not tun0):

 

 

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
 

 

 

Here is the log:

 

 

 

Tue Apr 29 13:45:40 2014 OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 18 2014
Tue Apr 29 13:45:40 2014 Control Channel Authentication: tls-auth using INLINE static key file
Tue Apr 29 13:45:40 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 29 13:45:40 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 29 13:45:40 2014 Socket Buffers: R=[43689->65534] S=[16384->65534]
Tue Apr 29 13:45:40 2014 Attempting to establish TCP connection with [AF_INET]airvpnip:443 [nonblock]
Tue Apr 29 13:45:41 2014 TCP connection established with [AF_INET]airvpnip:443
Tue Apr 29 13:45:41 2014 TCPv4_CLIENT link local: [undef]
Tue Apr 29 13:45:41 2014 TCPv4_CLIENT link remote: [AF_INET]airvpnip:443
Tue Apr 29 13:45:41 2014 TLS: Initial packet from [AF_INET]airvpnip:443, sid=airvpnsip
Tue Apr 29 13:45:42 2014 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Tue Apr 29 13:45:42 2014 Validating certificate key usage
Tue Apr 29 13:45:42 2014 ++ Certificate has key usage  00a0, expects 00a0
Tue Apr 29 13:45:42 2014 VERIFY KU OK
Tue Apr 29 13:45:42 2014 Validating certificate extended key usage
Tue Apr 29 13:45:42 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Apr 29 13:45:42 2014 VERIFY EKU OK
Tue Apr 29 13:45:42 2014 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Tue Apr 29 13:46:17 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr 29 13:46:17 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 29 13:46:17 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Apr 29 13:46:17 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 29 13:46:17 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Tue Apr 29 13:46:17 2014 [server] Peer Connection Initiated with [AF_INET]airvpnip:443
Tue Apr 29 13:46:19 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 29 13:46:19 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology n
Tue Apr 29 13:46:19 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 29 13:46:19 2014 OPTIONS IMPORT: LZO parms modified
Tue Apr 29 13:46:19 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 29 13:46:19 2014 OPTIONS IMPORT: route options modified
Tue Apr 29 13:46:19 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Apr 29 13:46:19 2014 ROUTE_GATEWAY myip/255.255.255.0 IFACE=vlan1 HWADDR=hiddenaddress
Tue Apr 29 13:46:19 2014 TUN/TAP device tun1 opened
Tue Apr 29 13:46:19 2014 TUN/TAP TX queue length set to 100
Tue Apr 29 13:46:19 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 29 13:46:19 2014 /sbin/ifconfig tun1 10.5.3.174 pointopoint 10.5.3.173 mtu 1500
Tue Apr 29 13:46:19 2014 /sbin/route add -net airvpnip netmask 255.255.255.255 gw myip
Tue Apr 29 13:46:19 2014 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.3.173
Tue Apr 29 13:46:19 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.3.173
Tue Apr 29 13:46:19 2014 /sbin/route add -net 10.5.0.1 netmask 255.255.255.255 gw 10.5.3.173
Tue Apr 29 13:46:19 2014 Initialization Sequence Completed
 

 

 

Then it does not log anything more.

 

But when I try to browse a website, nothing is reachable, I cannot load a single page.

 

Any thoughts?

 

Thanks

[Staff 9771]

Hello!

 

The connection appears to be fully successful. Check your DNS and whether you can ping/reach IP addresses, because it could be just a DNS issue.

 

The VPN DNS server private IP address is 10.4.0.1, reachable from any VPN server regardless of the connection port and protocol.

 

Kind regards

[In*the*AIR 1]

You are absolutely right!

As soon as I found the way to change the DNS to 10.4.0.1 on my computer and on any other device I want to connect to it, then I could load the pages.

 

I thought that putting the DNS on the router was the only step to do, but you have to change it on each device you want to connect to the routeur (by ethernet or WIFI).

 

I am so happy it finally works through my router, yet as soon as it will restart I will have to download back the file, as the /tmp folder is erase each time the rooter reboots.

 

I don't understand why it does not work when I fill the parameters on the rooter interface, but works if I give it a file to read directly.

 

In any case, thank you!