Jump to content
Not connected, Your IP: 3.144.42.233
Sign in to follow this  
MessyNick

[SOLVED] Noob can't connect using dd-wrt

Recommended Posts

Hi, I'm trying to setup my dd-wrt router so that all traffic goes through VPN. I've followed the AirVPN instructions, but after doing from scratch 3 times I can't get it to work. Any tips / guidance / help very gratefully received.

Log

Serverlog Clientlog 20121204 17:18:43 I SIGUSR1[soft tls-error] received process restarting

20121204 17:18:43 Restart pause 2 second(s)

20121204 17:18:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20121204 17:18:45 I Re-using SSL/TLS context

20121204 17:18:45 I LZO compression initialized

20121204 17:18:45 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20121204 17:18:45 Socket Buffers: R=[114688->131072] S=[114688->131072]

20121204 17:18:45 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20121204 17:18:45 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20121204 17:18:45 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20121204 17:18:45 Local Options hash (VER=V4): '22188c5b'

20121204 17:18:45 Expected Remote Options hash (VER=V4): 'a8f55717'

20121204 17:18:45 I UDPv4 link local: [undef]

20121204 17:18:45 I UDPv4 link remote: 31.193.12.74:443

20121204 17:18:45 TLS: Initial packet from 31.193.12.74:443 sid=1501dc1e 9cc2659c

20121204 17:18:45 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20121204 17:18:45 VERIFY OK: nsCertType=SERVER

20121204 17:18:45 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20121204 17:19:45 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

20121204 17:19:45 N TLS Error: TLS handshake failed

20121204 17:19:45 TCP/UDP: Closing socket

20121204 17:19:45 I SIGUSR1[soft tls-error] received process restarting

20121204 17:19:45 Restart pause 2 second(s)

20121204 17:19:47 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20121204 17:19:47 I Re-using SSL/TLS context

20121204 17:19:47 I LZO compression initialized

20121204 17:19:47 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20121204 17:19:47 Socket Buffers: R=[114688->131072] S=[114688->131072]

20121204 17:19:47 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20121204 17:19:47 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20121204 17:19:47 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20121204 17:19:47 Local Options hash (VER=V4): '22188c5b'

20121204 17:19:47 Expected Remote Options hash (VER=V4): 'a8f55717'

20121204 17:19:47 I UDPv4 link local: [undef]

20121204 17:19:47 I UDPv4 link remote: 31.193.12.74:443

20121204 17:19:47 TLS: Initial packet from 31.193.12.74:443 sid=6376028a e17a23ad

20121204 17:19:47 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20121204 17:19:47 VERIFY OK: nsCertType=SERVER

20121204 17:19:47 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20121204 17:20:06 MANAGEMENT: Client connected from 127.0.0.1:5001

20121204 17:20:06 D MANAGEMENT: CMD 'state'

20121204 17:20:06 MANAGEMENT: Client disconnected

20121204 17:20:06 MANAGEMENT: Client connected from 127.0.0.1:5001

20121204 17:20:06 D MANAGEMENT: CMD 'state'

20121204 17:20:06 MANAGEMENT: Client disconnected

20121204 17:20:06 MANAGEMENT: Client connected from 127.0.0.1:5001

20121204 17:20:06 D MANAGEMENT: CMD 'state'

20121204 17:20:06 MANAGEMENT: Client disconnected

20121204 17:20:06 MANAGEMENT: Client connected from 127.0.0.1:5001

20121204 17:20:06 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Share this post


Link to post

Hello!

From the logs, it appears that you have one of the bugged DD-WRT OpenVPN firmwares. A re-flash of a different firmware version should solve the problem, what is you router model?

Kind regards

Share this post


Link to post

ahh, this is running on Linksys e3200. I'm happy to try other version, but if you know a non-bugged version I'd be very grateful.

Cheers

Share this post


Link to post

Many thanks for the guidance so far...

However, I'm in a little over my head!

my ip table looks like this

192.168.1.0 * 255.255.255.0 U 0 0 0 br0

81.102.244.0 * 255.255.252.0 U 0 0 0 vlan2

169.254.0.0 * 255.255.0.0 U 0 0 0 br0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default cpc1-brig16-2-0 0.0.0.0 UG 0 0 0 vlan2

Would I be correct in thinking thinking that the vlan is causing a problem? I tried substituting tun0 with vlan2 in the firewall rules, but that killed my connection. I've never come across vlan before and don't have any use for it so am happy to turn if off if this is the problem.

Share this post


Link to post

Many thanks for the guidance so far...

However, I'm in a little over my head!

my ip table looks like this

192.168.1.0 * 255.255.255.0 U 0 0 0 br0

81.102.244.0 * 255.255.252.0 U 0 0 0 vlan2

169.254.0.0 * 255.255.0.0 U 0 0 0 br0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default cpc1-brig16-2-0 0.0.0.0 UG 0 0 0 vlan2

Would I be correct in thinking thinking that the vlan is causing a problem? I tried substituting tun0 with vlan2 in the firewall rules, but that killed my connection. I've never come across vlan before and don't have any use for it so am happy to turn if off if this is the problem.

Hello!

Wait, the admin meant the iptables rules for your DD-WRT router, according to the instructions.

Kind regards

Share this post


Link to post

I posted what I thought was the iptable from the wrt router (telnet in and netstat -r). Below is the routing table from the router GUI

192.168.1.0 255.255.255.0 0.0.0.0 LAN & WLAN

81.102.244.0 255.255.252.0 0.0.0.0 WAN

169.254.0.0 255.255.0.0 0.0.0.0 LAN & WLAN

0.0.0.0 0.0.0.0 81.102.244.1 WAN

can you please let me know if neither of these were what was asked about. Also, in the post that you pointed me towards he mentioned changing LZO compression to adaptive. I've done this and no change. I'm happy to try the firmware build suggested to rule out a bugged version. I'll let you now how this goes later tonight.

Many thanks for your time so far, it's much appreciated.

Share this post


Link to post

I've just got the following from the iptables

root@DD-WRT:~# iptables -t filter -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

DROP udp -- anywhere anywhere udp dpt:route

DROP udp -- anywhere anywhere udp dpt:route

ACCEPT udp -- anywhere anywhere udp dpt:route

DROP icmp -- anywhere anywhere

DROP igmp -- anywhere anywhere

ACCEPT 0 -- anywhere anywhere state NEW

ACCEPT 0 -- anywhere anywhere state NEW

DROP 0 -- anywhere anywhere

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT 0 -- anywhere anywhere

ACCEPT 0 -- anywhere anywhere

ACCEPT gre -- 192.168.1.0/24 anywhere

ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:1723

ACCEPT 0 -- anywhere anywhere

TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

lan2wan 0 -- anywhere anywhere

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0

trigger_out 0 -- anywhere anywhere

ACCEPT 0 -- anywhere anywhere state NEW

DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Chain advgrp_1 (0 references)

target prot opt source destination

Chain advgrp_10 (0 references)

target prot opt source destination

Chain advgrp_2 (0 references)

target prot opt source destination

Chain advgrp_3 (0 references)

target prot opt source destination

Chain advgrp_4 (0 references)

target prot opt source destination

Chain advgrp_5 (0 references)

target prot opt source destination

Chain advgrp_6 (0 references)

target prot opt source destination

Chain advgrp_7 (0 references)

target prot opt source destination

Chain advgrp_8 (0 references)

target prot opt source destination

Chain advgrp_9 (0 references)

target prot opt source destination

Chain grp_1 (0 references)

target prot opt source destination

Chain grp_10 (0 references)

target prot opt source destination

Chain grp_2 (0 references)

target prot opt source destination

Chain grp_3 (0 references)

target prot opt source destination

Chain grp_4 (0 references)

target prot opt source destination

Chain grp_5 (0 references)

target prot opt source destination

Chain grp_6 (0 references)

target prot opt source destination

Chain grp_7 (0 references)

target prot opt source destination

Chain grp_8 (0 references)

target prot opt source destination

Chain grp_9 (0 references)

target prot opt source destination

Chain lan2wan (1 references)

target prot opt source destination

Chain logaccept (0 references)

target prot opt source destination

ACCEPT 0 -- anywhere anywhere

Chain logdrop (0 references)

target prot opt source destination

DROP 0 -- anywhere anywhere

Chain logreject (0 references)

target prot opt source destination

REJECT tcp -- anywhere anywhere reject-with tcp-reset

Chain trigger_out (1 references)

target prot opt source destination

root@DD-WRT:~# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

DNAT icmp -- anywhere cpc1-brig16-2-0-cust59.3-3.cable.virginmedia.com to:192.168.1.1

TRIGGER 0 -- anywhere cpc1-brig16-2-0-cust59.3-3.cable.virginmedia.com TRIGGER type:dnat match:0 relate:0

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

SNAT 0 -- 192.168.1.0/24 anywhere to:81.102.244.60

RETURN 0 -- anywhere anywhere PKTTYPE = broadcast

MASQUERADE 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Share this post


Link to post

Hello!

Please make sure that you have inserted the iptables rules reported in the "DD-WRT firewall rules" section in https://airvpn.org/ddwrt so that they are inserted when the tun+ interface comes up with the OpenVPN client.

After that, if the router still fails connection and the logs are the same then please proceed to re-flash the firmware.

Kind regards

Share this post


Link to post

Very happy to say that updated to the recommended firmware and worked on first boot. Many thanks for your help and patience.

Cheers, have a good one.

Nick

Share this post


Link to post

Very happy to say that updated to the recommended firmware and worked on first boot. Many thanks for your help and patience.

Cheers, have a good one.

Nick

Hello!

That's great, thank you for the information!

Kind regards

Share this post


Link to post

I also have an E3200 with DD-WRT, and can verify that the later DD-WRT firmware versions do not work to connect with OpenVPN. I started with 19432 and worked backwards through the firmware versions, finally found that the latest "big" version of the firmware that works is 17990, that is working good for me.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...