WRT54G DDWRT OPENVPN AIRVPN key/crt/ovpn file copy

[John33 0]

THREAD OVERVIEW (Details to come shortly in next post)

PROBLEM

DD-WRT WebGUI does not have a selection for AES-256 and this is required for AIRVPN

SOLUTION 1 - Start up/firewall script + WebGUI configuration

Advantage - GUI will store the pasted certs into the temp folder every time (tmp folder is cleared after reboot)

Disadvantage - To change servers this all needs to be updated, rebooted, etc

SOLUTION 2 - Startup/firewall script + copying the 4 AIRVPN cert/ovpn files directly to the router (Requires OPENVPN + JFFS supported firmware IE OPENVPN_SMALL_JFFS version; NOT VPN version, basically a version that supports a permanent writeable location on the router)

Advantage - Using SCP you can copy the actual .cert and .ovpn, etc files directly from Windows to the writeable WRG54G /jffs or /tmp folder (NOTE /TMP is NOT persistent) allowing for easier switching between servers/countries

Disadvantage - The GUI is not used (except for startup/firewall scripts, enabling jffs, enabling ssh), and no status page

NOTES:

1. Since you are copying all the .cer/.key/.ovpn files to the routers /jffs folder the .ovpn (configuration file) needs to be updated for the 3 files (IE instead of "ca.crt" should be "/jffs/ca.crt")

2. If copying multiple countries/servers each set of 4 files should renamed to reflect that server/country (the .ovpn will need to be updated aswell with the new matching names = /jffs/ + renamed .crt, etc)

3. Switching servers is as simple as killing the ONPENVPN process (presumably via ssh) and starting again pointing to a different AIRVPN .ovpn configuration file

BETA Solution 3

Possibly configure the Web GUI (enabling the status page) AND directly copy all the certs AND have multiple OpenVPN instances creating multiple tunnels simultaneously to different countries/server/etc

GENERAL NOTES

The below is the DD-WRT OPENVPN page and exactly indicates some functions are not available via the gui:

http://www.dd-wrt.com/wiki/index.php/OpenVPN

[vcn64ultra 3]

If you use a new enough version of DD-WRT, you do get AES-256.

http://i.imgur.com/RFOry.png

[enigma 0]

If you use a new enough version of DD-WRT, you do get AES-256.

http://i.imgur.com/RFOry.png

With the WRT54G????????????

[vcn64ultra 3]

Yes, like this build is 5 days old:

http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F2012%2F06-08-12-r19342%2Fbroadcom/

Of course this heavily depends on what version of the WRT54G you have. I believe the cutoff point is WRT54G v.4 or older, otherwise it has to be the WRT54GL (which is basically a WRT54G v.4). Provided you have a good version of the WRT54G, you'd want dd-wrt.v24_vpn_generic.bin.

[enigma 0]

What version do you have?i´ve the Build 14896

[vcn64ultra 3]

I don't use my WRT54GL anymore, but in maybe 2 days I can find it and try updating it to the version I linked. My screenshot is from an RT-N16 with version 18730M.

[enigma 0]

I don't use my WRT54GL anymore, but in maybe 2 days I can find it and try updating it to the version I linked. My screenshot is from an RT-N16 with version 18730M.

Wowwwwwww grazie :-)

PS.i´ve an WRT54G V1.1

[vcn64ultra 3]

I updated my WRT54GL (WRT54G) to the r19342 VPN build and do have AES-256 available.

The GUI configuration looks almost the same as my previous screenshot, the most notable difference is for the LZO compression which you can see here:

http://i.imgur.com/sFkCK.png

Must be a change since the 18730 build I have running on the RT-N16.

[enigma 0]

I updated my WRT54GL (WRT54G) to the r19342 VPN build and do have AES-256 available.

The GUI configuration looks almost the same as my previous screenshot, the most notable difference is for the LZO compression which you can see here:

http://i.imgur.com/sFkCK.png

Must be a change since the 18730 build I have running on the RT-N16.

GRAZIE but i've a error,can't connect

Serverlog Clientlog 20120615 19:49:02 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120615 19:49:02 I Re-using SSL/TLS context

20120615 19:49:02 I LZO compression initialized

20120615 19:49:02 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120615 19:49:02 Socket Buffers: R=[32767->65534] S=[32767->65534]

20120615 19:49:02 Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20120615 19:49:02 Fragmentation MTU parms [ L:1562 D:1450 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20120615 19:49:02 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120615 19:49:02 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120615 19:49:02 Local Options hash (VER=V4): 'caff5189'

20120615 19:49:02 Expected Remote Options hash (VER=V4): '43a81564'

20120615 19:49:02 I UDPv4 link local: [undef]

20120615 19:49:02 I UDPv4 link remote: 146.185.25.170:443

20120615 19:49:03 TLS: Initial packet from 146.185.25.170:443 sid=6c0eebc1 d5f2c533

20120615 19:49:03 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120615 19:49:03 VERIFY OK: nsCertType=SERVER

20120615 19:49:03 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120615 19:50:02 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

20120615 19:50:02 N TLS Error: TLS handshake failed

20120615 19:50:02 TCP/UDP: Closing socket

20120615 19:50:02 I SIGUSR1[soft tls-error] received process restarting

20120615 19:50:02 Restart pause 2 second(s)

20120615 19:50:04 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120615 19:50:04 I Re-using SSL/TLS context

20120615 19:50:04 I LZO compression initialized

20120615 19:50:04 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120615 19:50:04 Socket Buffers: R=[32767->65534] S=[32767->65534]

20120615 19:50:04 Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20120615 19:50:04 Fragmentation MTU parms [ L:1562 D:1450 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20120615 19:50:04 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120615 19:50:04 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120615 19:50:04 Local Options hash (VER=V4): 'caff5189'

20120615 19:50:04 Expected Remote Options hash (VER=V4): '43a81564'

20120615 19:50:04 I UDPv4 link local: [undef]

20120615 19:50:04 I UDPv4 link remote: 146.185.25.170:443

20120615 19:50:04 TLS: Initial packet from 146.185.25.170:443 sid=696e062d e83e0061

20120615 19:50:04 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120615 19:50:04 VERIFY OK: nsCertType=SERVER

20120615 19:50:04 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120615 19:50:21 MANAGEMENT: Client connected from 127.0.0.1:5001

20120615 19:50:21 D MANAGEMENT: CMD 'state'

20120615 19:50:21 MANAGEMENT: Client disconnected

20120615 19:50:21 MANAGEMENT: Client connected from 127.0.0.1:5001

20120615 19:50:21 D MANAGEMENT: CMD 'state'

20120615 19:50:21 MANAGEMENT: Client disconnected

20120615 19:50:21 MANAGEMENT: Client connected from 127.0.0.1:5001

20120615 19:50:21 D MANAGEMENT: CMD 'state'

20120615 19:50:21 MANAGEMENT: Client disconnected

20120615 19:50:22 MANAGEMENT: Client connected from 127.0.0.1:5001

20120615 19:50:22 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

[Staff 10331]

@enigma

Hello!

There may be various reasons for TLS negotiation failure.

Please try to:

- connect to a TCP port

- if the above does not solve the problem, lower the MTU size: start with 1200, check whether it solves the fragmentation problem. If it does, then increase the value in small steps, until you replicate the problem

- if the above does not solve the problem, insert in the air.ovpn configuration file the line "mssfix 1200". Check whether it solves the fragmentation problem. If it does, then increase the value in small steps, until you replicate the problem

Please feel free to keep us informed.

Kind regards

[enigma 0]

Grazie,i tried with MTU 1200 >1500 with TCP and UDP port but failure..

Serverlog Clientlog 20120616 15:37:59 Local Options String: 'V4 dev-type tun link-mtu 1310 tun-mtu 1250 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120616 15:37:59 Expected Remote Options String: 'V4 dev-type tun link-mtu 1310 tun-mtu 1250 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120616 15:37:59 Local Options hash (VER=V4): '49c728af'

20120616 15:37:59 Expected Remote Options hash (VER=V4): '43c09eb4'

20120616 15:37:59 I Attempting to establish TCP connection with 146.185.25.170:53 [nonblock]

20120616 15:38:00 I TCP connection established with 146.185.25.170:53

20120616 15:38:00 I TCPv4_CLIENT link local: [undef]

20120616 15:38:00 I TCPv4_CLIENT link remote: 146.185.25.170:53

20120616 15:38:00 TLS: Initial packet from 146.185.25.170:53 sid=2fed8432 0d2ce011

20120616 15:38:01 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120616 15:38:01 VERIFY OK: nsCertType=SERVER

20120616 15:38:01 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120616 15:38:02 N Connection reset restarting [0]

20120616 15:38:03 TCP/UDP: Closing socket

20120616 15:38:03 I SIGUSR1[soft connection-reset] received process restarting

20120616 15:38:03 Restart pause 5 second(s)

20120616 15:38:08 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120616 15:38:08 I Re-using SSL/TLS context

20120616 15:38:08 I LZO compression initialized

20120616 15:38:08 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1250)

20120616 15:38:08 Control Channel MTU parms [ L:1310 D:140 EF:40 EB:0 ET:0 EL:0 ]

20120616 15:38:08 Socket Buffers: R=[43689->65534] S=[16384->65534]

20120616 15:38:08 Data Channel MTU parms [ L:1310 D:1310 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

20120616 15:38:08 Local Options String: 'V4 dev-type tun link-mtu 1310 tun-mtu 1250 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120616 15:38:08 Expected Remote Options String: 'V4 dev-type tun link-mtu 1310 tun-mtu 1250 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120616 15:38:08 Local Options hash (VER=V4): '49c728af'

20120616 15:38:08 Expected Remote Options hash (VER=V4): '43c09eb4'

20120616 15:38:08 I Attempting to establish TCP connection with 146.185.25.170:53 [nonblock]

20120616 15:38:09 I TCP connection established with 146.185.25.170:53

20120616 15:38:09 I TCPv4_CLIENT link local: [undef]

20120616 15:38:09 I TCPv4_CLIENT link remote: 146.185.25.170:53

20120616 15:38:09 TLS: Initial packet from 146.185.25.170:53 sid=750eb720 4ff111a0

20120616 15:38:10 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120616 15:38:10 VERIFY OK: nsCertType=SERVER

20120616 15:38:10 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120616 15:38:11 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 15:38:11 D MANAGEMENT: CMD 'state'

20120616 15:38:11 MANAGEMENT: Client disconnected

20120616 15:38:11 N Connection reset restarting [0]

20120616 15:38:11 TCP/UDP: Closing socket

20120616 15:38:11 I SIGUSR1[soft connection-reset] received process restarting

20120616 15:38:11 Restart pause 5 second(s)

20120616 15:38:11 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 15:38:11 D MANAGEMENT: CMD 'state'

20120616 15:38:11 MANAGEMENT: Client disconnected

20120616 15:38:11 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 15:38:11 D MANAGEMENT: CMD 'state'

20120616 15:38:11 MANAGEMENT: Client disconnected

20120616 15:38:12 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 15:38:12 D MANAGEMENT: CMD 'log 500'

and this is with mssfix 1200 and MTU 1200>1500

Serverlog Clientlog 20120616 16:09:50 Current Parameter Settings:

20120616 16:09:50 config = '/tmp/openvpncl/openvpn.conf'

20120616 16:09:50 mode = 0

20120616 16:09:50 persist_config = DISABLED

20120616 16:09:50 persist_mode = 1

20120616 16:09:50 NOTE: --mute triggered...

20120616 16:09:50 206 variation(s) on previous 5 message(s) suppressed by --mute

20120616 16:09:50 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] [EPOLL] built on Jun 8 2012

20120616 16:09:50 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20120616 16:09:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120616 16:09:50 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20120616 16:09:50 I LZO compression initialized

20120616 16:09:50 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120616 16:09:50 Socket Buffers: R=[32767->65534] S=[32767->65534]

20120616 16:09:50 Data Channel MTU parms [ L:1562 D:1200 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20120616 16:09:50 Fragmentation MTU parms [ L:1562 D:1200 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20120616 16:09:50 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120616 16:09:50 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120616 16:09:50 Local Options hash (VER=V4): 'caff5189'

20120616 16:09:50 Expected Remote Options hash (VER=V4): '43a81564'

20120616 16:09:50 I UDPv4 link local: [undef]

20120616 16:09:50 I UDPv4 link remote: 146.185.25.170:443

20120616 16:09:50 TLS: Initial packet from 146.185.25.170:443 sid=ca26353f c4cec35c

20120616 16:09:51 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120616 16:09:51 VERIFY OK: nsCertType=SERVER

20120616 16:09:51 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120616 16:09:52 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:09:52 D MANAGEMENT: CMD 'state'

20120616 16:09:52 MANAGEMENT: Client disconnected

20120616 16:09:53 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:09:53 D MANAGEMENT: CMD 'state'

20120616 16:09:53 MANAGEMENT: Client disconnected

20120616 16:09:53 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:09:53 D MANAGEMENT: CMD 'state'

20120616 16:09:53 MANAGEMENT: Client disconnected

20120616 16:09:54 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:09:54 D MANAGEMENT: CMD 'log 500'

20120616 16:09:54 MANAGEMENT: Client disconnected

20120616 16:10:09 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:10:09 D MANAGEMENT: CMD 'state'

20120616 16:10:09 MANAGEMENT: Client disconnected

20120616 16:10:09 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:10:09 D MANAGEMENT: CMD 'state'

20120616 16:10:09 MANAGEMENT: Client disconnected

20120616 16:10:10 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:10:10 D MANAGEMENT: CMD 'state'

20120616 16:10:10 MANAGEMENT: Client disconnected

20120616 16:10:10 MANAGEMENT: Client connected from 127.0.0.1:5001

20120616 16:10:10 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

[Staff 10331]

Grazie,i tried with MTU 1200 >1500 with TCP and UDP port but failure..

20120616 15:38:08 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1250)

Hello!

Can you please try to set "--tun-mtu 1500" together with the mssfix directive?

We're looking forward to hearing from you.

Kind regards

[enigma 0]

Grazie,i tried with MTU 1200 >1500 with TCP and UDP port but failure..

20120616 15:38:08 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1250)

Hello!

Can you please try to set "--tun-mtu 1500" together with the mssfix directive?

We're looking forward to hearing from you.

Kind regards

20120617 12:57:36 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20120617 12:57:36 I LZO compression initialized

20120617 12:57:36 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120617 12:57:36 Socket Buffers: R=[32767->65534] S=[32767->65534]

20120617 12:57:36 Data Channel MTU parms [ L:1562 D:1200 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20120617 12:57:36 Fragmentation MTU parms [ L:1562 D:1200 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20120617 12:57:36 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120617 12:57:36 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120617 12:57:36 Local Options hash (VER=V4): 'caff5189'

20120617 12:57:36 Expected Remote Options hash (VER=V4): '43a81564'

20120617 12:57:36 I UDPv4 link local: [undef]

20120617 12:57:36 I UDPv4 link remote: 146.185.25.170:443

20120617 12:57:36 TLS: Initial packet from 146.185.25.170:443 sid=058941cb 5d23a6f7

20120617 12:57:38 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120617 12:57:38 VERIFY OK: nsCertType=SERVER

20120617 12:57:38 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120617 12:58:36 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

20120617 12:58:36 N TLS Error: TLS handshake failed

20120617 12:58:36 TCP/UDP: Closing socket

20120617 12:58:36 I SIGUSR1[soft tls-error] received process restarting

20120617 12:58:36 Restart pause 2 second(s)

20120617 12:58:38 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120617 12:58:38 I Re-using SSL/TLS context

20120617 12:58:38 I LZO compression initialized

20120617 12:58:38 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120617 12:58:38 Socket Buffers: R=[32767->65534] S=[32767->65534]

20120617 12:58:38 Data Channel MTU parms [ L:1562 D:1200 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20120617 12:58:38 Fragmentation MTU parms [ L:1562 D:1200 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20120617 12:58:38 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120617 12:58:38 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120617 12:58:38 Local Options hash (VER=V4): 'caff5189'

20120617 12:58:38 Expected Remote Options hash (VER=V4): '43a81564'

20120617 12:58:38 I UDPv4 link local: [undef]

20120617 12:58:38 I UDPv4 link remote: 146.185.25.170:443

20120617 12:58:38 TLS: Initial packet from 146.185.25.170:443 sid=4c76d597 42abf3f5

20120617 12:58:39 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120617 12:58:39 VERIFY OK: nsCertType=SERVER

20120617 12:58:39 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120617 12:59:20 MANAGEMENT: Client connected from 127.0.0.1:5001

20120617 12:59:20 D MANAGEMENT: CMD 'state'

20120617 12:59:20 MANAGEMENT: Client disconnected

[Staff 10331]

20120617 12:58:36 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Hello!

There's the chance that you have two different, overlapping problems here.

In addition to the steps you have already taken, please check also that: port 443 UDP is not blocked by your firewall (if it is blocked by your ISP, there's nothing you can do on that port).

Furthermore (important), test a connection on port 80 TCP.

Kind regards

[enigma 0]

the log with TCP 80

Serverlog Clientlog 20120617 16:56:55 I Re-using SSL/TLS context

20120617 16:56:55 I LZO compression initialized

20120617 16:56:55 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

20120617 16:56:55 Socket Buffers: R=[43689->65534] S=[16384->65534]

20120617 16:56:55 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

20120617 16:56:55 Local Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120617 16:56:55 Expected Remote Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120617 16:56:55 Local Options hash (VER=V4): '958c5492'

20120617 16:56:55 Expected Remote Options hash (VER=V4): '79ef4284'

20120617 16:56:55 I Attempting to establish TCP connection with 146.185.25.170:80 [nonblock]

20120617 16:56:56 I TCP connection established with 146.185.25.170:80

20120617 16:56:56 I TCPv4_CLIENT link local: [undef]

20120617 16:56:56 I TCPv4_CLIENT link remote: 146.185.25.170:80

20120617 16:56:56 TLS: Initial packet from 146.185.25.170:80 sid=f9ad6f0e 31031be6

20120617 16:56:58 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120617 16:56:58 VERIFY OK: nsCertType=SERVER

20120617 16:56:58 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120617 16:56:59 N Connection reset restarting [0]

20120617 16:56:59 TCP/UDP: Closing socket

20120617 16:56:59 I SIGUSR1[soft connection-reset] received process restarting

20120617 16:56:59 Restart pause 5 second(s)

20120617 16:57:04 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120617 16:57:04 I Re-using SSL/TLS context

20120617 16:57:04 I LZO compression initialized

20120617 16:57:04 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

20120617 16:57:04 Socket Buffers: R=[43689->65534] S=[16384->65534]

20120617 16:57:04 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

20120617 16:57:04 Local Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120617 16:57:05 Expected Remote Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120617 16:57:05 Local Options hash (VER=V4): '958c5492'

20120617 16:57:05 Expected Remote Options hash (VER=V4): '79ef4284'

20120617 16:57:05 I Attempting to establish TCP connection with 146.185.25.170:80 [nonblock]

20120617 16:57:06 I TCP connection established with 146.185.25.170:80

20120617 16:57:06 I TCPv4_CLIENT link local: [undef]

20120617 16:57:06 I TCPv4_CLIENT link remote: 146.185.25.170:80

20120617 16:57:06 TLS: Initial packet from 146.185.25.170:80 sid=03a28c7c 94bbe04b

20120617 16:57:07 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120617 16:57:07 VERIFY OK: nsCertType=SERVER

20120617 16:57:07 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120617 16:57:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20120617 16:57:08 D MANAGEMENT: CMD 'state'

20120617 16:57:08 MANAGEMENT: Client disconnected

20120617 16:57:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20120617 16:57:08 D MANAGEMENT: CMD 'state'

20120617 16:57:08 MANAGEMENT: Client disconnected

20120617 16:57:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20120617 16:57:08 D MANAGEMENT: CMD 'state'

20120617 16:57:08 MANAGEMENT: Client disconnected

20120617 16:57:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20120617 16:57:08 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

[John33 0]

Yes, like this build is 5 days old:

http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F2012%2F06-08-12-r19342%2Fbroadcom/

Of course this heavily depends on what version of the WRT54G you have. I believe the cutoff point is WRT54G v.4 or older, otherwise it has to be the WRT54GL (which is basically a WRT54G v.4). Provided you have a good version of the WRT54G, you'd want dd-wrt.v24_vpn_generic.bin.

Yes, like this build is 5 days old:

http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F2012%2F06-08-12-r19342%2Fbroadcom/

Of course this heavily depends on what version of the WRT54G you have. I believe the cutoff point is WRT54G v.4 or older, otherwise it has to be the WRT54GL (which is basically a WRT54G v.4). Provided you have a good version of the WRT54G, you'd want dd-wrt.v24_vpn_generic.bin.

From what I gather GL is the heavy hitter G version whatever is most common, best to stay to the sites recommendation and tweak

I don't believe the VPN generic supports permanent storage - copy the keys via gui every time you change your password is ridiculous!!!!!

[John33 0]

As promised the confirmed working steps:

SOLUTION 1 DEATILS

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1840&limit=6&limitstart=6&Itemid=142#1866

SOLUTION 2 DETAILS

1. Download all AIRVPN files

2. Edit the air.ovpn so the file contains:

ca "/jffs/ca.crt"

cert "/jffs/user.crt"

key "/jffs/user.key"

3. Use scp to simply copy the 4 files to the /jffs folder

(NOTE: the jffs folder needs to be enabled from the GUI saved, formatted/cleared from the GUI ONLY apply don't save, then disable formatted/cleared and save)

4. Via GUI add this script and save to startup

( sleep 20 ; killall openvpn ; sleep 5 ; /usr/sbin/openvpn --config /jffs/air.ovpn; sleep 15 ; iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE) &

NOTE 1: air.ovpn is what you will want to change based on the Air files you copied/renamed to the jffs folder to change countries at startup

NOTE 2: To switch servers/countries from the GUI change the startup script to point to the alternate configuration file

NOTE 3: removed --daemon for my instance

(NOTE: additional filewall entries to consider)

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE