Router-Setup Archer C7

[404.org 0]

Hi!

 

After HOURS with BIG frustration i think i'm now only repeating my mistakes in setting up the router with airvpn.

No ideas anymore which errors i've done.

It's an Archer C7 v2, Firmware Version DD-WRT v3.0-r29837 std (06/06/16)
Kernel Version Linux 3.18.33 mips, CPU Model Qualcomm Atheros QCA9558 ver 1 rev 1.0 (0x1130)

 

Below are some shots, reported errors in the status-sheet are reproducible.

 

WTF is wrong?

 

Thank you for reading (+ help!)   

[dj77 6]

Port? Hash algorithm and nat looks wrong

 

https://airvpn.org/ddwrt/

[404.org 0]

Thanks for advices and the link, so i did some changes:

 

set Server IP/Name (Time Settings) to     ca.pool.ntp.org
set Hash Algorithm to                               SHA1
set TLS Cipher to                                      ...GCM-SHA384  +
set TLS Cipher (in 2nd try) to                    None
set NAT to                                                 Enable

 

Port 1194 is the latest try in a bunch of series switching between TCP and UDP
and their recommended ports 443/80 to set the router ready for VPN.
Also port 1194 in OpenVPN Client is the "Default".

 

Obviously port 1194 was considered in AirVPNs Config Generator to get fresh

and functional crt's/key's.

 

Every change in the settings was coupled with a restart of the router. There are
some lightly changes in status, but the guiding thread in ALL reported errors is
"N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity)".

 

Below the latest shot from OpenVPN-Status.

[dj77 6]

Please add on basic setup dns 2 google dns 8.8.8.8 or something else like opendns.... and try with port 443 too

 

 

Did you add all the certs too?

[404.org 0]

So I did some changes:

 

got some fresh generatet certs/keys...

 

os:             router

Server:      planet

Protocol:   UDP/443

ta.key        --> TLS Auth Key

ca.cert       --> CA Cert

user.cert    --> Public Client Cert

Client.key  --> Private Client Key

 

...saved + router restartet

 

Below the latest shot​s

[go558a83nk 352]

Have you tried unchecking nscerttype?  I don't think that's right.  Also, I think you need to select a TLS algorithm.  Also, I encourage you to do some reading on what the firewall is there.  I don't use dd-wrt but it might be proper to use that.  I know when I used asus-wrt automatic firewall was the typical option.

[404.org 0]

Thanks for all the engagement!

 

I did the recommenend changes:

 

...uncheck -->  nscerttype + restart (see thumbnail status-2)

 

...chose     --> TLS algorithm TLS-DHE-RSA-WITH-AES-256-GCM-SHA-384 + restart (see thumbnail status-2a)

 

Well, for me it would be acceptable if i make a mistake. This is optimal, because it can be recognized and resolved

lighgty with some help from the community.

 

But in this case something went terrible wrong and apparently the problem isn't visible, and THAT gradually

is driving me crazy. 

 

You don't use dd-wrt for specific reasons are given. ​My intention to switch to open-wrt, gargoyle or 

something similar exist for quiet some time, but this is a unconditional surrender in face of an unknown problem.

 

Perhaps it's a bug in dd-wrt firmware, deliberately after some early tests and trys i downgraded the firmware

underneath openvpn 2.4... Or maybe it's corrupted hardware, but the C7 came fresh out of the box...

 

At last there is a faint suspicion in the "direction" of my cable-provider in blocking something, i don't know... 

 

 

 

[dj77 6]

Maybe you can update ddwrt and try again?