VPN Working on Router - Help Please

[andrewtn 0]

So I'm a new member to air vpn and I've successfully connected using the Air VPN client. Rather than using the client I am trying to secure my connection at my router. I am running the following on my router. Firmware: DD-WRT v24-sp2 (10/10/09) vpn (LATEST STABLE VERSION OF DD-WRT for my router)

I used the following setup guide though I think it may be outdated as it didn't exactly match my options in DD-WRT.

https://airvpn.org/ddwrt/

I also got settings from here:

https://airvpn.org/specs/

I used the Air VPN configuration generator and pulled the keys out of the file that was generated.

I am trying to connect to Pavonis (Chicago, IL USA).

My Network Setup:

http://i.imgur.com/CNKmK79.jpg

My OpenVPN Setup:

http://i.imgur.com/RMTiSRH.jpg

With these settings I have no internet access. I tried restarting the router to no avail. I tried disconnecting my computer from the router and releasing my ip to no avail. I found that if I UNCHECK nsCertType in the OpenVPN settings then my internet works though I'm not connected to the VPN as I see I'm broadcasting my ISP IP. If I CHECK nsCertType then I have no working internet connection.

I'm not a complete noob but my network configuration and routing experience is limited. Some help and clear directions would be greatly appreciated. Also, I should note that my AirVPN desktop client was disconnected during my testing.

[Staff 9972]

Hello!

Please set "LZO Compression" to "Enable". Also, please send us the OpenVPN (attempted) connection logs and your router model.

Kind regards

[jdubau55 0]

http://www.dd-wrt.com/site/support/other-downloads?path=others%2Feko%2FBrainSlayer-V24-preSP2%2F2012%2F03-19-12-r18777%2F

I run this build on both my routers. Works fine. I went through a similar issue. The build made the difference IMHO.

[andrewtn 0]

So my initial problem was caused by a bad version off dd-wrt that gives you no option to set the encryption. Once I found out about this problem I upgraded to a different (newer) version. I think I'm getting closer but I still have problems. I connect, I think? But no internet access.

VPV Settings:

http://i.imgur.com/KbHYYOS.jpg

Network Settings:

http://i.imgur.com/dQBHSkl.jpg

Open VPN Log / Status

Server: : SUCCESS Local Address: 10.4.25.94 Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.4.25.94 Remote Address:

Status

Log

Serverlog Clientlog 20130304 21:09:23 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20130304 21:09:23 Socket Buffers: R=[32767->65534] S=[32767->65534]

20130304 21:09:23 Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20130304 21:09:23 Fragmentation MTU parms [ L:1562 D:1450 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20130304 21:09:23 I UDPv4 link local: [undef]

20130304 21:09:23 I UDPv4 link remote: 149.255.33.154:443

20130304 21:09:23 TLS: Initial packet from 149.255.33.154:443 sid=be81274f d832f843

20130304 21:09:23 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20130304 21:09:23 VERIFY OK: nsCertType=SERVER

20130304 21:09:23 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20130304 21:09:24 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20130304 21:09:24 NOTE: --mute triggered...

20130304 21:09:24 4 variation(s) on previous 5 message(s) suppressed by --mute

20130304 21:09:24 I [server] Peer Connection Initiated with 149.255.33.154:443

20130304 21:09:27 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20130304 21:09:27 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 60 ifconfig 10.4.25.94 10.4.25.93'

20130304 21:09:27 OPTIONS IMPORT: timers and/or timeouts modified

20130304 21:09:27 OPTIONS IMPORT: LZO parms modified

20130304 21:09:27 OPTIONS IMPORT: --ifconfig/up options modified

20130304 21:09:27 NOTE: --mute triggered...

20130304 21:09:27 2 variation(s) on previous 5 message(s) suppressed by --mute

20130304 21:09:27 I TUN/TAP device tun1 opened

20130304 21:09:27 TUN/TAP TX queue length set to 100

20130304 21:09:27 I /sbin/ifconfig tun1 10.4.25.94 pointopoint 10.4.25.93 mtu 1500

20130304 21:09:27 /sbin/route add -net 149.255.33.154 netmask 255.255.255.255 gw xxx.xxx.xxx.xxx

20130304 21:09:27 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.25.93

20130304 21:09:27 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.25.93

20130304 21:09:27 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.25.93

20130304 21:09:27 I Initialization Sequence Completed

20130304 21:09:36 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130304 21:09:47 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130304 21:09:57 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130304 21:10:06 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130304 21:10:07 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:07 D MANAGEMENT: CMD 'state'

20130304 21:10:07 MANAGEMENT: Client disconnected

20130304 21:10:07 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:07 D MANAGEMENT: CMD 'state'

20130304 21:10:07 MANAGEMENT: Client disconnected

20130304 21:10:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:08 D MANAGEMENT: CMD 'state'

20130304 21:10:08 MANAGEMENT: Client disconnected

20130304 21:10:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:08 D MANAGEMENT: CMD 'state'

20130304 21:10:08 MANAGEMENT: Client disconnected

20130304 21:10:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:08 D MANAGEMENT: CMD 'state'

20130304 21:10:08 MANAGEMENT: Client disconnected

20130304 21:10:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20130304 21:10:08 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

System Log (SYSLINK is my router name)

Mar 4 21:09:12 SYSLINK user.info syslog: syslogd : syslog daemon successfully stopped Mar 4 21:09:12 SYSLINK syslog.info syslogd exiting Mar 4 21:09:13 SYSLINK syslog.info syslogd started: BusyBox v1.13.4 Mar 4 21:09:13 SYSLINK user.info syslog: klogd : klog daemon successfully started Mar 4 21:09:13 SYSLINK user.notice kernel: klogd started: BusyBox v1.13.4 (2011-02-17 01:20:01 CET) Mar 4 21:09:13 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 unloaded Mar 4 21:09:13 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 unloaded Mar 4 21:09:13 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 loaded Mar 4 21:09:13 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 loaded Mar 4 21:09:13 SYSLINK user.info kernel: etherip: Ethernet over IPv4 tunneling driver Mar 4 21:09:14 SYSLINK daemon.debug process_monitor[572]: We need to re-update after 3600 seconds Mar 4 21:09:14 SYSLINK user.info syslog: cron : cron daemon successfully started Mar 4 21:09:14 SYSLINK cron.info cron[610]: (CRON) STARTUP (fork ok) Mar 4 21:09:14 SYSLINK cron.info cron[610]: (crontabs) ORPHAN (no passwd entry) Mar 4 21:09:15 SYSLINK user.debug syslog: ttraff: data collection started Mar 4 21:09:17 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 unloaded Mar 4 21:09:17 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 unloaded Mar 4 21:09:17 SYSLINK user.info syslog: vpn modules : vpn modules successfully unloaded Mar 4 21:09:17 SYSLINK user.info syslog: vpn modules : ip_conntrack_proto_gre successfully loaded Mar 4 21:09:17 SYSLINK user.info syslog: vpn modules : ip_nat_proto_gre successfully loaded Mar 4 21:09:17 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 loaded Mar 4 21:09:17 SYSLINK user.info syslog: vpn modules : ip_conntrack_pptp successfully loaded Mar 4 21:09:18 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 loaded Mar 4 21:09:18 SYSLINK user.info syslog: vpn modules : ip_nat_pptp successfully loaded Mar 4 21:09:19 SYSLINK user.info syslog: upnp : upnp daemon successfully started Mar 4 21:09:19 SYSLINK user.info syslog: wland : WLAN daemon successfully stopped Mar 4 21:09:20 SYSLINK user.debug kernel: vlan1: add 01:00:5e:7f:ff:fa mcast address to master interface Mar 4 21:09:21 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 unloaded Mar 4 21:09:21 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 unloaded Mar 4 21:09:21 SYSLINK user.info syslog: vpn modules : vpn modules successfully unloaded Mar 4 21:09:21 SYSLINK user.info syslog: vpn modules : ip_conntrack_proto_gre successfully loaded Mar 4 21:09:21 SYSLINK user.info syslog: vpn modules : ip_nat_proto_gre successfully loaded Mar 4 21:09:21 SYSLINK user.emerg kernel: ip_conntrack_pptp version 1.9 loaded Mar 4 21:09:21 SYSLINK user.info syslog: vpn modules : ip_conntrack_pptp successfully loaded Mar 4 21:09:21 SYSLINK user.emerg kernel: ip_nat_pptp version 1.5 loaded Mar 4 21:09:21 SYSLINK user.info syslog: vpn modules : ip_nat_pptp successfully loaded Mar 4 21:09:22 SYSLINK user.info syslog: wland : WLAN daemon successfully started Mar 4 21:09:22 SYSLINK user.info syslog: WAN is up. IP: xxx.xxx.xxx.xxx Mar 4 21:09:22 SYSLINK user.info syslog: openvpn : OpenVPN daemon (Client) successfully stopped

[clown 1]

I'm having the same problem. The options on the DD-WRT VPN page displayed on the tutorial on this web site are not the same as on my DD-WRT VPN tab, is that a show stopper? I have enabled LZO compression. My router is a Buffalo whr54Gs, has anyone successfully gotten AirVPN to work with this router?

[andrewtn 0]

I have switched to build 18687 (2012) which others have said they have working with airvpn. I think I'm connecting but I get no internet.

VPV Settings:

http://i.imgur.com/abLEDdv.jpg

Network Settings:

i.imgur.com/dQBHSkl.jpg

State

Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.4.25.94 Remote Address:

Status

Log

Serverlog Clientlog 20130305 20:32:23 TCP/UDP: Closing socket

20130305 20:32:23 I SIGUSR1[soft ping-restart] received process restarting

20130305 20:32:23 Restart pause 2 second(s)

20130305 20:32:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20130305 20:32:25 I Re-using SSL/TLS context

20130305 20:32:25 I LZO compression initialized

20130305 20:32:25 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]

20130305 20:32:25 Socket Buffers: R=[32767->65534] S=[32767->65534]

20130305 20:32:25 Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]

20130305 20:32:25 Fragmentation MTU parms [ L:1562 D:1450 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]

20130305 20:32:25 Local Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20130305 20:32:25 Expected Remote Options String: 'V4 dev-type tun link-mtu 1562 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20130305 20:32:25 Local Options hash (VER=V4): 'caff5189'

20130305 20:32:25 Expected Remote Options hash (VER=V4): '43a81564'

20130305 20:32:25 I UDPv4 link local: [undef]

20130305 20:32:25 I UDPv4 link remote: 149.255.33.154:443

20130305 20:32:25 TLS: Initial packet from 149.255.33.154:443 sid=abecdabf ae2fb52b

20130305 20:32:26 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20130305 20:32:26 VERIFY OK: nsCertType=SERVER

20130305 20:32:26 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20130305 20:32:27 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1562' remote='link-mtu 1558'

20130305 20:32:27 W WARNING: 'mtu-dynamic' is present in local config but missing in remote config local='mtu-dynamic'

20130305 20:32:27 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20130305 20:32:27 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

20130305 20:32:27 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20130305 20:32:27 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

20130305 20:32:27 Control Channel: TLSv1 cipher TLSv1/SSLv3 AES256-SHA 2048 bit RSA

20130305 20:32:27 I [server]

20130305 20:32:29 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20130305 20:32:29 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 60 ifconfig 10.4.25.94 10.4.25.93'

20130305 20:32:29 OPTIONS IMPORT: timers and/or timeouts modified

20130305 20:32:29 OPTIONS IMPORT: LZO parms modified

20130305 20:32:29 OPTIONS IMPORT: --ifconfig/up options modified

20130305 20:32:29 NOTE: --mute triggered...

20130305 20:32:29 2 variation(s) on previous 5 message(s) suppressed by --mute

20130305 20:32:29 I Preserving previous TUN/TAP instance: tun1

20130305 20:32:29 I Initialization Sequence Completed

20130305 20:32:39 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130305 20:32:48 N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented

20130305 20:32:51 MANAGEMENT: Client connected from 127.0.0.1:5001

20130305 20:32:51 D MANAGEMENT: CMD 'state'

20130305 20:32:51 MANAGEMENT: Client disconnected

20130305 20:32:51 MANAGEMENT: Client connected from 127.0.0.1:5001

20130305 20:32:51 D MANAGEMENT: CMD 'state'

20130305 20:32:51 MANAGEMENT: Client disconnected

20130305 20:32:51 MANAGEMENT: Client connected from 127.0.0.1:5001

20130305 20:32:51 D MANAGEMENT: CMD 'state'

20130305 20:32:51 MANAGEMENT: Client disconnected

20130305 20:32:52 MANAGEMENT: Client connected from 127.0.0.1:5001

20130305 20:32:52 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

[andrewtn 0]

MSS-Fix/Fragment across the tunnel was set to 1450. I never touched this value some it must have been some default. Due to the "N FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented" errors I was getting I started investigating and realized that in the AirVPN directions (https://airvpn.org/ddwrt/) screenshot this value isn't set. When I switch this to an empty value the FRAG errors went away but I still don't connect. Below is the latest from my VPN log with some new messages. My configurations are all still the same as my previous post with the only modification being setting the MSS-Fix/Fragment to an empty (nothing entered) value. TUN MTU Setting remains unchanged at 1500.

I should also mention the firewall configuration has been entered per the OpenVPN directions.

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Serverlog Clientlog 20130306 10:33:17 OPTIONS IMPORT: timers and/or timeouts modified

20130306 10:33:17 OPTIONS IMPORT: LZO parms modified

20130306 10:33:17 OPTIONS IMPORT: --ifconfig/up options modified

20130306 10:33:17 NOTE: --mute triggered...

20130306 10:33:17 2 variation(s) on previous 5 message(s) suppressed by --mute

20130306 10:33:17 I TUN/TAP device tun1 opened

20130306 10:33:17 TUN/TAP TX queue length set to 100

20130306 10:33:17 I /sbin/ifconfig tun1 10.4.25.94 pointopoint 10.4.25.93 mtu 1500

20130306 10:33:17 /sbin/route add -net 149.255.33.154 netmask 255.255.255.255 gw 24.240.184.1

20130306 10:33:17 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.25.93

20130306 10:33:17 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.25.93

20130306 10:33:17 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.25.93

20130306 10:33:18 I Initialization Sequence Completed

20130306 10:33:23 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:23 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:24 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:25 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:25 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:33:25 D MANAGEMENT: CMD 'state'

20130306 10:33:25 MANAGEMENT: Client disconnected

20130306 10:33:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:33:25 D MANAGEMENT: CMD 'state'

20130306 10:33:25 MANAGEMENT: Client disconnected

20130306 10:33:25 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:33:25 D MANAGEMENT: CMD 'state'

20130306 10:33:25 MANAGEMENT: Client disconnected

20130306 10:33:25 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:26 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:33:26 D MANAGEMENT: CMD 'log 500'

20130306 10:33:26 MANAGEMENT: Client disconnected

20130306 10:33:27 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:28 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:29 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:30 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:30 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20130306 10:33:31 NOTE: --mute triggered...

20130306 10:37:30 31 variation(s) on previous 5 message(s) suppressed by --mute

20130306 10:37:30 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:37:30 D MANAGEMENT: CMD 'state'

20130306 10:37:30 MANAGEMENT: Client disconnected

20130306 10:37:30 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:37:30 D MANAGEMENT: CMD 'state'

20130306 10:37:30 MANAGEMENT: Client disconnected

20130306 10:37:30 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:37:30 D MANAGEMENT: CMD 'state'

20130306 10:37:30 MANAGEMENT: Client disconnected

20130306 10:37:30 MANAGEMENT: Client connected from 127.0.0.1:5001

20130306 10:37:30 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

[Staff 9972]

Hello!

Does the same problem occur if your router connects to a TCP port?

Kind regards

[andrewtn 0]

SOLVED! .. Or at least working now. Switching to TCP has me working. I was only using UDP because the AirVPN directions recommended it. I don't really even know the difference between the two but TCP settings seem to have me working now. Thank you some much! I've put so many hours into this over the past few days I glad to have it finally working!!!