DD-WRT & TLS Handshake

[Whisperer 2]

For starters, I did read the other posts about this, but I couldn't quite match my issue with those.

 

I followed the instructions on the site to configure. It's a clean DD-WRT behind my ISP's modem/router. So technically the ISP router's internal address is 192.168.178.161. It leases 192.168.178.12 to my DD-WRT router, which then presents itself as 192.168.1.1 to my clients.

 

I configured the files using a single server (is it even possible to select a continent for OpenVPN?) and configured it in DD-WRT. Attached is a PDF with the config, as well as the client log.

 

I can't do the firewall rules yet, since the interface isn't showing up in ifconfig until a successful connection.

 

Any help to offer?

 

DD-Air.pdf

ClientLog.txt

 

EDIT: Found it. I must have attempted to scroll down using the arrow key while the Hash Algorithm was selected, switching it to MD4. It's connected now, but DNS resolution isn't working. I have an address in the 10.4 range, and entered the DNS in 10.4 as well, but no go.

[zhang888 1066]

Your hash algorithm is wrong - MD4 in almost 2017? Change it to SHA1.

LZO should be disabled.

 

You cannot put 192.168.1.1 in the IP address section since this field is reserved for the tunnel IP, which is dynamic and assigned to

you by the OpenVPN server.

You can later create another DHCP server and NAT your clients behind the VPN tunnel, but you need to fix your first issues before.

[Whisperer 2]

So, I should deviate from the instructions on https://airvpn.org/ddwrt/ by turning off LZO and removing the IP Address & subnet? I'll try those, see what changes in the connection log.

 

As for the DNS resolution, it seems there's a setting that tells DD-WRT to be my DNS server, and it doesn't use AirVPN's DNS. I'm trying to figure out which setting it is. Unfortunately, the above instruction isn't entirely applicable to the more recent DD-WRT's. They changed a few options.

[cm0s 118]

for my ddwrt config went from the ispz cable modem to the ddwrt router, i set the boxes to static meaning all computers phones etc each static and using their own vpn server, i set the dns in the ddwrt, shut off the dhcp server, assigned the ip addresses from the router, used iptables on the boxes and the openvpn app on the phone

 

what i like about this config is basically got zero net unless using openvpn

 

a real kill switch

[Staff 9973]

LZO should be disabled.

 

LZO should be enabled. The reason is that on some DD-WRT firmware interfaces (as well as in some network-manager-openvpn versions for Linux, we suspect), setting LZO to "Disabled" will not originate "comp-lzo no" directive.

 

The comp-lzo directive could be totally omitted. This will cause connection failure when our servers push "comp-lzo no". You need "comp-lzo yes" or "comp-lzo no" (it doesn't matter which, it will be overridden by VPN server) to be fully compatible with our service.

 

Kind regards