ANSWERED DD-WRT router behind DSL Router not connecting?

[wuffles 7]

Ok. Am on a trial usage at the moment because I didn't know if this was going to work, I'm fairly sure it's a port forwarding issue but can't seem to find an answer.

 

I have a DSL router connected to the Internet (A) which internally is connected to a Netgear DD-WRT ( which in turn is connected to my computer (as I am testing). I have followed the config setup for the OpenVPN setup and can connect to the airvpn.org website through the router(s). However it says I am not connected to the VPN, also if I try to browse to anything else whilst connected to router B it fails to recognise. As you would expect, connecting directly through router A is fine as that's how it's always worked.

 

Do I need to port forward on router A to get something working on router B?

 

Could my config be wrong?

 

I haven't done the DHCP part of the setup on this page - https://airvpn.org/ddwrt/ - as I am only testing this via a wired connection and a fixed IP and don't want to disturb the eco system that is my LAN arrangement.

 

Status from the DD-WRT status/OpenVPN is "State Server: : Local Address: Remote Address: Client: : Local Address: Remote Address:" - which leads me to believe it's not even connecting.

 

Thanks in advance.

[wuffles 7]

And naturally it happens exactly at the time this happens at http://www.dd-wrt.com/wiki/index.php/Port_Forwarding_Troubleshooting

DD-WRT Wiki has a problem

Sorry! This site is experiencing technical difficulties.

[wuffles 7]

An update.

 

I've enabled DHCP with the settings from the tutorial, placed router B in the DMZ for router A (as I don't know which port to forward if indeed any) and it's still not working. Can't browse to anything now.

 

I've done a couple of screen grabs as a picture, thousand words etc.

 

In the tutorial (which obviously wasn't written for my scenario) it leaves the gateway empty in the local network settings, I've had to assign router A or I wouldn't get very far, does that sounds about rght?

 

 

[go558a83nk 364]

you'll need to paste here the logs of your dd-wrt router attempting to make an openvpn connection for us to begin to diagnose the problem.

[wuffles 7]

Yes, I am unfortunately stuck in a moderated time warp where my posts don't seem to get here on time.

 

/waves from the past.

[dj77 6]

My ddwrt Router is on my dsl Router connected Standard Settings no fixed ip no Problem

[wuffles 7]

@DJ77 good to know, perhaps you can see exactly where I am going wrong when my posts arrive. I've got the trial until 6pm this evening, so hopefully before then or my testing won't be very fruitful.

 

Fingers crossed when this post gets modded and posted it'll be my 5th post and the moderation will cease.

[dj77 6]

Without openvpn Internet work on r7000? Tls cipher try aes 128 and lzo compression adaptive are you sure the ip adress is correct? Try Domain Name se.vpn.airdns.org or nl.vpn.airdns.org Click Save and apply

 

Tls auth key / ca cert / Public Client / private Client should Start from ---Begin ....---- to -- end ...----

 

 

Do you Need fixed ip on r7000? You Could reset it and use Standard Setup (dhcp..)

[wuffles 7]

I've removed the remark lines from the top of TLS Auth Key. The tutorial does explicitly say "Open up "ta.key" and copy all of the contents into TLS Auth Key" so that's why they were in there.

 

 

I've switched the IP to the one you said to try and it appears to have made no difference.

 

It's acting like it's not even trying to bring up an OpenVPN connection. Nothing in status but with it plugged into router A I am able to browse the Internet without a problem.

[dj77 6]

Can you reset r7000 and try with Standard Setup?

[wuffles 7]

How reset are we talking here? I could remove the iptables entries and disable OpenVPN if that's reset enough.

 

I didn't start down this route before checking it worked without all the OpenVPN stuff being added, so I know it works fine as a router through router A.

[wuffles 7]

Or rather, is there a way to force an OpenVPN connection into being brought up, then hopefully something will appear in the logs. Or a debug mode you know of?

[dj77 6]

Administration tab them Factory default tab

 

Then Setup wlan password / save&apply

 

Basic Setup Page: save&apply

static dns1: 8.8.8.8

static dns2: 8.8.4.4

static dns3: 10.0.0.0

 

Openvpn Setup save&apply

 

Reboot router

[wuffles 7]

Ok, I've done that but when you say OpenVPN setup, you mean to just enable it or to go through and recreate everything in there that I had before before saving and applying?

[wuffles 7]

I will also have to change the IP of router B from the factory default and enter a gateway of router A or nothing's going to work. Ok?

[dj77 6]

I mean Setup openvpn like on the Tutorial Page https://airvpn.org/ddwrt/

 

But on Basic Setup dont change anything like fixed ip only statistic dns 1-3

[dj77 6]

Which ddwrt Version you use?

[wuffles 7]

V24-sp2

[dj77 6]

Yes but exact Version number? Click on v24 there Must be a number 24xxx 25xxxx 26xxx

[wuffles 7]

dd-wrt v23-sp2 (03/25/13) vpn-small (SVN revision 21061)

 

How I bought it.

[wuffles 7]

Administration tab them Factory default tab

 

Then Setup wlan password / save&apply

 

Basic Setup Page: save&apply

static dns1: 8.8.8.8

static dns2: 8.8.4.4

static dns3: 10.0.0.0

 

Openvpn Setup save&apply

 

Reboot router

 

Just to clarify (and I am about to be dragged out to lunch). You say to set the static dns to these IPs

 

I mean Setup openvpn like on the Tutorial Page https://airvpn.org/ddwrt/

 

But on Basic Setup dont change anything like fixed ip only statistic dns 1-3

 

Then say to change the static dns IPs here.

 

Which do you have set?

 

[dj77 6]

No only on Basic Setup you change the static ips then you Setup openvpn your Firmware is very Old a Update Would be better but try now openvpn first

[wuffles 7]

I clearly missed one of the certs when I set it up before, it's attempting to connect now as there's something appearing in logs. Airvpn still doesn't seem to think I am connected but may need to reconfigure some routing.

 

I ran the IPtables commands as per the instructions too.

 

Am being dragged out to lunch now, back in about an hour or so. Thanks for your perseverance, I think we might be getting somewhere.

 

Log is below:

 

Serverlog Clientlog 19700101 00:28:43 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:28:43 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:28:43 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_ACK_V1)
19700101 00:28:44 NOTE: --mute triggered...
19700101 00:29:34 22 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:29:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:29:34 D MANAGEMENT: CMD 'state'
19700101 00:29:34 MANAGEMENT: Client disconnected
19700101 00:29:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:29:34 D MANAGEMENT: CMD 'state'
19700101 00:29:34 MANAGEMENT: Client disconnected
19700101 00:29:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:29:34 D MANAGEMENT: CMD 'state'
19700101 00:29:34 MANAGEMENT: Client disconnected
19700101 00:29:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:29:34 D MANAGEMENT: CMD 'log 500'
19700101 00:29:34 MANAGEMENT: Client disconnected
19700101 00:29:43 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
19700101 00:29:43 N TLS Error: TLS handshake failed
19700101 00:29:43 I SIGUSR1[soft tls-error] received process restarting
19700101 00:29:43 Restart pause 2 second(s)
19700101 00:29:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:29:45 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:29:45 I UDPv4 link local: [undef]
19700101 00:29:45 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:29:45 TLS: Initial packet from [AF_INET]213.152.161.73:443 sid=fc2dc714 fd58c2f2
19700101 00:29:45 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:29:45 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:29:45 N TLS Error: TLS object -> incoming plaintext read error
19700101 00:29:45 NOTE: --mute triggered...
19700101 00:29:45 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:29:45 I SIGUSR1[soft tls-error] received process restarting
19700101 00:29:45 Restart pause 2 second(s)
19700101 00:29:47 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:29:47 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:29:47 I UDPv4 link local: [undef]
19700101 00:29:47 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:29:47 TLS: Initial packet from [AF_INET]213.152.161.73:443 sid=3b07a49b d33ad347
19700101 00:29:48 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:29:48 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:29:48 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:29:48 NOTE: --mute triggered...
19700101 00:29:48 2 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:29:48 I SIGUSR1[soft tls-error] received process restarting
19700101 00:29:48 Restart pause 2 second(s)
19700101 00:29:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:29:50 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:29:50 I UDPv4 link local: [undef]
19700101 00:29:50 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:29:50 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_ACK_V1)
19700101 00:29:52 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:29:52 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:29:52 NOTE: --mute triggered...
19700101 00:30:51 22 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:30:51 I SIGUSR1[soft tls-error] received process restarting
19700101 00:30:51 Restart pause 2 second(s)
19700101 00:30:53 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:30:53 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:30:53 I UDPv4 link local: [undef]
19700101 00:30:53 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:30:53 TLS: Initial packet from [AF_INET]213.152.161.73:443 sid=6d7d0486 145fca54
19700101 00:30:53 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:30:53 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:30:53 N TLS Error: TLS object -> incoming plaintext read error
19700101 00:30:53 NOTE: --mute triggered...
19700101 00:30:53 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:30:53 I SIGUSR1[soft tls-error] received process restarting
19700101 00:30:53 Restart pause 2 second(s)
19700101 00:30:55 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:30:55 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:30:55 I UDPv4 link local: [undef]
19700101 00:30:55 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:30:55 TLS: Initial packet from [AF_INET]213.152.161.73:443 sid=12d8e03d 23fdef7d
19700101 00:30:55 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:30:55 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:30:55 N TLS Error: TLS object -> incoming plaintext read error
19700101 00:30:55 NOTE: --mute triggered...
19700101 00:30:55 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:30:55 I SIGUSR1[soft tls-error] received process restarting
19700101 00:30:55 Restart pause 2 second(s)
19700101 00:30:57 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:30:57 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:30:57 I UDPv4 link local: [undef]
19700101 00:30:57 I UDPv4 link remote: [AF_INET]213.152.161.73:443
19700101 00:30:57 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:30:57 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_ACK_V1)
19700101 00:30:58 N TLS Error: Unroutable control packet received from [AF_INET]213.152.161.73:443 (si=3 op=P_CONTROL_V1)
19700101 00:30:58 NOTE: --mute triggered...
19700101 00:31:50 24 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:31:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:31:50 D MANAGEMENT: CMD 'state'
19700101 00:31:50 MANAGEMENT: Client disconnected
19700101 00:31:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:31:50 D MANAGEMENT: CMD 'state'
19700101 00:31:51 MANAGEMENT: Client disconnected
19700101 00:31:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:31:51 D MANAGEMENT: CMD 'state'
19700101 00:31:51 MANAGEMENT: Client disconnected
19700101 00:31:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:31:51 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00 

[dj77 6]

Tls cyper aes128?

 

All certs Start with ---Begin--- ?

[wuffles 7]

Yes and yes (now) although instructions don't say that.

 

State
Server: : Local Address: Remote Address: Client: WAIT: Local Address: Remote Address:

Status

Log
Serverlog Clientlog 19700101 00:00:06 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
19700101 00:00:06 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 00:00:06 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:07 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
19700101 00:00:07 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
19700101 00:00:07 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file
19700101 00:00:07 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:07 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:07 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:00:07 I UDPv4 link local: [undef]
19700101 00:00:07 I UDPv4 link remote: [AF_INET]62.102.148.132:443
19700101 00:00:15 TLS: Initial packet from [AF_INET]62.102.148.132:443 sid=504aabe6 1eae679c
19700101 00:00:16 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:00:16 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:00:16 N TLS Error: TLS object -> incoming plaintext read error
19700101 00:00:16 NOTE: --mute triggered...
19700101 00:00:16 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:00:16 I SIGUSR1[soft tls-error] received process restarting
19700101 00:00:16 Restart pause 2 second(s)
19700101 00:00:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:18 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:00:18 I UDPv4 link local: [undef]
19700101 00:00:18 I UDPv4 link remote: [AF_INET]62.102.148.132:443
19700101 00:00:18 N TLS Error: Unroutable control packet received from [AF_INET]62.102.148.132:443 (si=3 op=P_CONTROL_V1)
19700101 00:00:18 TLS: Initial packet from [AF_INET]62.102.148.132:443 sid=a880ecc1 da64a482
19700101 00:00:18 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org
19700101 00:00:18 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
19700101 00:00:18 N TLS Error: TLS object -> incoming plaintext read error
19700101 00:00:18 NOTE: --mute triggered...
19700101 00:00:18 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:00:18 I SIGUSR1[soft tls-error] received process restarting
19700101 00:00:18 Restart pause 2 second(s)
19700101 00:00:20 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:20 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:00:20 I UDPv4 link local: [undef]
19700101 00:00:20 I UDPv4 link remote: [AF_INET]62.102.148.132:443
19700101 00:00:20 N TLS Error: Unroutable control packet received from [AF_INET]62.102.148.132:443 (si=3 op=P_CONTROL_V1)
19700101 00:00:20 N TLS Error: Unroutable control packet received from [AF_INET]62.102.148.132:443 (si=3 op=P_ACK_V1)
19700101 00:00:21 N TLS Error: Unroutable control packet received from [AF_INET]62.102.148.132:443 (si=3 op=P_CONTROL_V1)
19700101 00:00:22 NOTE: --mute triggered...
19700101 00:00:23 3 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:00:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:00:23 D MANAGEMENT: CMD 'state'
19700101 00:00:23 MANAGEMENT: Client disconnected
19700101 00:00:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:00:23 D MANAGEMENT: CMD 'state'
19700101 00:00:23 MANAGEMENT: Client disconnected
19700101 00:00:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:00:23 D MANAGEMENT: CMD 'state'
19700101 00:00:23 MANAGEMENT: Client disconnected
19700101 00:00:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:00:23 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00