DD-WRT router works but gives errors...

[lanfear 0]

Everything seems to work and the VPN is up, but the log contains many disconnect errors. Here's the log right after startup.

Serverlog Clientlog 20120811 23:54:31 I OpenVPN 2.1.3 mipsel-unknown-linux-gnu [sSL] [LZO2] [EPOLL] built on Apr 9 2011

20120811 23:54:31 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20120811 23:54:32 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20120811 23:54:32 I LZO compression initialized

20120811 23:54:32 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120811 23:54:32 Socket Buffers: R=[114688->131072] S=[114688->131072]

20120811 23:54:32 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120811 23:54:32 I UDPv4 link local: [undef]

20120811 23:54:32 I UDPv4 link remote: 108.59.8.147:443

20120811 23:54:32 TLS: Initial packet from 108.59.8.147:443 sid=20e35d5d 149c2a83

20120811 23:54:32 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120811 23:54:32 VERIFY OK: nsCertType=SERVER

20120811 23:54:32 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120811 23:54:34 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20120811 23:54:34 NOTE: --mute triggered...

20120811 23:54:34 4 variation(s) on previous 5 message(s) suppressed by --mute

20120811 23:54:34 I [server] Peer Connection Initiated with 108.59.8.147:443

20120811 23:54:36 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20120811 23:54:36 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 120 ifconfig 10.4.13.162 10.4.13.161'

20120811 23:54:36 OPTIONS IMPORT: timers and/or timeouts modified

20120811 23:54:36 OPTIONS IMPORT: LZO parms modified

20120811 23:54:36 OPTIONS IMPORT: --ifconfig/up options modified

20120811 23:54:36 NOTE: --mute triggered...

20120811 23:54:36 2 variation(s) on previous 5 message(s) suppressed by --mute

20120811 23:54:36 I TUN/TAP device tun1 opened

20120811 23:54:36 TUN/TAP TX queue length set to 100

20120811 23:54:36 I /sbin/ifconfig tun1 10.4.13.162 pointopoint 10.4.13.161 mtu 1500

20120811 23:54:36 /sbin/route add -net 108.59.8.147 netmask 255.255.255.255 gw 192.168.1.254

20120811 23:54:36 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.13.161

20120811 23:54:36 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.13.161

20120811 23:54:36 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.13.161

20120811 23:54:36 I Initialization Sequence Completed

20120811 23:54:49 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:49 D MANAGEMENT: CMD 'state'

20120811 23:54:49 MANAGEMENT: Client disconnected

20120811 23:54:49 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:49 D MANAGEMENT: CMD 'state'

20120811 23:54:49 MANAGEMENT: Client disconnected

20120811 23:54:50 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:50 D MANAGEMENT: CMD 'state'

20120811 23:54:50 MANAGEMENT: Client disconnected

20120811 23:54:50 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:50 D MANAGEMENT: CMD 'state'

20120811 23:54:50 MANAGEMENT: Client disconnected

20120811 23:54:50 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:50 D MANAGEMENT: CMD 'state'

20120811 23:54:50 MANAGEMENT: Client disconnected

20120811 23:54:51 MANAGEMENT: Client connected from 127.0.0.1:5001

20120811 23:54:51 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

After this it will give more of these errors, but I can't find the cause of them. Is this important?

[Staff 9773]

Hello!

If the VPN is continuously up and there's no leak, you might ignore that, but it would be safer to investigate. We'll look into this apparent problem as soon as possible, you might also like to report it in the DD-WRT support forum.

Kind regards

[lanfear 0]

If I use dnsleaktest.com I can see the name servers from before the VPN as well. Is that what you mean by leak?

It seems to do this "client disconnect" thing a few times per minute, but the connection is never really lost it seems.

[Staff 9773]

If I use dnsleaktest.com I can see the name servers from before the VPN as well. Is that what you mean by leak?

It seems to do this "client disconnect" thing a few times per minute, but the connection is never really lost it seems.

Hello!

Yes, apparently you have a DNS leak. In order to prevent it, please see here (please read also the EDIT in the bottom):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377

Kind regards

[lanfear 0]

Adding that last line to the iptables definitely does something. I can't access the router of course unless I reboot it, in addition I can access this webpage for example , but I can access very few other ones. No google.com for example. Something is still off about the DNS, am I forgetting something obvious?

[Tamarrano 4]

HI

I have the same problem ....

Serverlog Clientlog 20120813 15:58:28 I OpenVPN 2.2.1 mips-linux [sSL] [LZO2] built on Mar 19 2012

20120813 15:58:28 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20120813 15:58:28 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120813 15:58:28 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20120813 15:58:28 I LZO compression initialized

20120813 15:58:28 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120813 15:58:28 Socket Buffers: R=[163840->131072] S=[163840->131072]

20120813 15:58:28 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120813 15:58:28 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120813 15:58:28 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120813 15:58:28 Local Options hash (VER=V4): '22188c5b'

20120813 15:58:28 Expected Remote Options hash (VER=V4): 'a8f55717'

20120813 15:58:28 I UDPv4 link local: [undef]

20120813 15:58:28 I UDPv4 link remote: 178.248.29.132:443

20120813 15:58:28 TLS: Initial packet from 178.248.29.132:443 sid=47de7ecd 71b5534b

20120813 15:58:28 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120813 15:58:29 VERIFY OK: nsCertType=SERVER

20120813 15:58:29 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120813 15:58:30 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20120813 15:58:30 NOTE: --mute triggered...

20120813 15:58:30 4 variation(s) on previous 5 message(s) suppressed by --mute

20120813 15:58:30 I [server] Peer Connection Initiated with 178.248.29.132:443

20120813 15:58:32 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20120813 15:58:32 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 120 ifconfig 10.4.24.150 10.4.24.149'

20120813 15:58:32 OPTIONS IMPORT: timers and/or timeouts modified

20120813 15:58:32 OPTIONS IMPORT: LZO parms modified

20120813 15:58:32 OPTIONS IMPORT: --ifconfig/up options modified

20120813 15:58:32 NOTE: --mute triggered...

20120813 15:58:32 2 variation(s) on previous 5 message(s) suppressed by --mute

20120813 15:58:32 I TUN/TAP device tun1 opened

20120813 15:58:32 TUN/TAP TX queue length set to 100

20120813 15:58:32 I /sbin/ifconfig tun1 10.4.24.150 pointopoint 10.4.24.149 mtu 1500

20120813 15:58:32 /sbin/route add -net 178.248.29.132 netmask 255.255.255.255 gw 192.168.1.3

20120813 15:58:32 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.24.149

20120813 15:58:32 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.24.149

20120813 15:58:32 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.24.149

20120813 15:58:32 I Initialization Sequence Completed

20120813 15:58:46 Replay-window backtrack occurred [1]

20120813 15:59:03 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 15:59:03 D MANAGEMENT: CMD 'state'

20120813 15:59:03 MANAGEMENT: Client disconnected

20120813 15:59:03 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 15:59:03 D MANAGEMENT: CMD 'state'

20120813 15:59:03 MANAGEMENT: Client disconnected

20120813 15:59:03 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 15:59:03 D MANAGEMENT: CMD 'state'

20120813 15:59:03 MANAGEMENT: Client disconnected

20120813 15:59:03 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 15:59:03 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

but all works fine and I add this dsn 80.67.0.2

if I make a test from http://www.dnsleaktest.com/

I get the correct dsn 80.67.0.2

please post router name and ddwrt version

I have a TP-Link TL-WR1043ND

DD-WRT v24-sp2 (03/19/12) std - build 18777

if all works fine should I worry about it ?

it seems all works fine ,,,,,,

please let me know about it

regards

[Tamarrano 4]

now that I am doing more tests I saw on the log that I get a lots of (eplay-window backtrack occurred [2] )

20120813 15:59:03 D MANAGEMENT: CMD 'state'

20120813 15:59:03 MANAGEMENT: Client disconnected

20120813 15:59:03 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 15:59:03 D MANAGEMENT: CMD 'log 500'

20120813 15:59:03 MANAGEMENT: Client disconnected

20120813 16:01:19 Replay-window backtrack occurred [2]

20120813 16:06:42 Replay-window backtrack occurred [3]

20120813 16:08:05 Replay-window backtrack occurred [8]

20120813 16:08:11 Replay-window backtrack occurred [17]

20120813 16:08:22 Replay-window backtrack occurred [18]

20120813 16:08:24 NOTE: --mute triggered...

20120813 16:09:17 1 variation(s) on previous 5 message(s) suppressed by --mute

20120813 16:09:17 MANAGEMENT: Client connected from 127.0.0.1:5001

20120813 16:09:17 D MANAGEMENT: CMD 'state'

20120813 16:09:17 MANAGEMENT: Client disconnected

20120813 16:09:17 MANAGEMENT: Client connected from 127.0.

what does it means ?

[Tamarrano 4]

again me !!

I have all this kind of logs mistakes but the internet works perfect , I do not see any problems while I download or I surf

but I would like to know from an expert if it is normal and I do not need to worry about it

regards

[Staff 9773]

Hello!

Network congestion and latency may cause the UDP to drop packets. When this happens you can see a 'Replay window backtrack occurred' in the OpenVPN log. Unless you completely lose connectivity, this is only a overhead issue, because the OpenVPN server is able to resend lost packets even with UDP, that's why your connection works just fine.

One solution is to switch to TCP if the errors become so frequent to cause a disconnection from the VPN server(s).

See also:

http://openvpn.net/archive/openvpn-users/2004-09/msg00068.html

Kind regards