Jump to content
Not connected, Your IP: 3.91.8.23
Sign in to follow this  
privado

Config guide for setting up VPN with DD-WRT router

Recommended Posts

privado wrote:

Hi,

Stil getting errors Im afraid. Is it possible you could paste the revised startup command line.

Hello!

Which command line you refer to?

If you refer to the startup script, try this basic startup script (when the DSL modem/router is not in the network) and please post again the logs:

cd /tmp 
ln -s /usr/sbin/openvpn /tmp/openvpn

echo "
[[PASTE air.ovpn HERE]]
keepalive 15 60
daemon
log /tmp/openvpn.log
" > airvpn.conf

echo "
-----BEGIN CERTIFICATE-----
[[PASTE ca.crt CONTENT HERE]]
-----END CERTIFICATE-----
" > ca.crt

echo "
-----BEGIN CERTIFICATE-----
[[PASTE user.crt CONTENT HERE]]
-----END CERTIFICATE-----
" > user.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
[[PASTE user.key CONTENT HERE]]
-----END RSA PRIVATE KEY-----
" > user.key

# Start openvpn
sleep 5
/tmp/openvpn --config airvpn.conf --fragment <insert here the best value you found> --mssfix

Kind regards

Share this post


Link to post

Hi,

Ok down to the very basics. Ran script as indicated above, all firewalls disabled. got error log from WinSCP :

Thu Jan 1 00:00:12 1970 OpenVPN 2.2.0 mipsel-linux [sSL] [LZO2] built on Jun 14 2011

Thu Jan 1 00:00:12 1970 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Thu Jan 1 00:00:12 1970 WARNING: file 'user.key' is group or others accessible

Thu Jan 1 00:00:12 1970 LZO compression initialized

Thu Jan 1 00:00:12 1970 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Thu Jan 1 00:00:12 1970 Socket Buffers: R=[114688->131072] S=[114688->131072]

Thu Jan 1 00:00:12 1970 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Thu Jan 1 00:00:12 1970 Local Options hash (VER=V4): '22188c5b'

Thu Jan 1 00:00:12 1970 Expected Remote Options hash (VER=V4): 'a8f55717'

Thu Jan 1 00:00:12 1970 UDPv4 link local: [undef]

Thu Jan 1 00:00:12 1970 UDPv4 link remote: 89.149.226.185:80

Mon Dec 19 18:30:22 2011 [uNDEF] Inactivity timeout (--ping-restart), restarting

Mon Dec 19 18:30:22 2011 TCP/UDP: Closing socket

Mon Dec 19 18:30:22 2011 SIGUSR1[soft,ping-restart] received, process restarting

Mon Dec 19 18:30:22 2011 Restart pause, 2 second(s)

Mon Dec 19 18:30:24 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Mon Dec 19 18:30:24 2011 Re-using SSL/TLS context

Mon Dec 19 18:30:24 2011 LZO compression initialized

Mon Dec 19 18:30:24 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Mon Dec 19 18:30:24 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]

Mon Dec 19 18:30:24 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Mon Dec 19 18:30:24 2011 Local Options hash (VER=V4): '22188c5b'

Mon Dec 19 18:30:24 2011 Expected Remote Options hash (VER=V4): 'a8f55717'

Mon Dec 19 18:30:24 2011 UDPv4 link local: [undef]

Mon Dec 19 18:30:24 2011 UDPv4 link remote: 89.149.226.185:80

Mon Dec 19 18:30:24 2011 TLS: Initial packet from 89.149.226.185:80, sid=e856f8dd d647fd85

Mon Dec 19 18:30:25 2011 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Mon Dec 19 18:30:25 2011 VERIFY OK: nsCertType=SERVER

Mon Dec 19 18:30:25 2011 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Mon Dec 19 18:30:32 2011 event_wait : Interrupted system call (code=4)

Mon Dec 19 18:30:32 2011 SIGTERM received, sending exit notification to peer

Mon Dec 19 18:30:32 2011 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Mon Dec 19 18:30:32 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Dec 19 18:30:32 2011 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Mon Dec 19 18:30:32 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Mon Dec 19 18:30:32 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Mon Dec 19 18:30:32 2011 [server] Peer Connection Initiated with 89.149.226.185:80

thanks

Share this post


Link to post

Hi,

I decided to try another company who also offer VPN router configuration. I managed to connect immediately to their service. Are there any other people here who have the service working through the router ? Its now day 6 of trying.....

Thanks.

Share this post


Link to post

privado wrote:

Hi,

I decided to try another company who also offer VPN router configuration. I managed to connect immediately to their service. Are there any other people here who have the service working through the router ? Its now day 6 of trying.....

Thanks.

Hello!

Several E2000 users claim that the E2000 with DD-WRT is unable to connect to UDP ports via OpenVPN, see thread:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=498189

Might it be that with the other provider you're testing you have connections only on TCP ports? We offer both UDP and TCP connections.

It can be worth a try to revert back to your previous semi-working configuration, and try a connection on any of our servers available TCP ports (53, 80 or 443). To do that, change "proto udp" directive in the configuration file, and therefore on the startup script, to "proto tcp"

Also, are you able to connect to a VPN server with your PC and E2000, that is not using OpenVPN on DD-WRT, but directly from one of your computers?

Kind regards

Share this post


Link to post

Hi,

Quote:

<em>Also, are you able to connect to a VPN server with your PC and E2000, that is not using OpenVPN on DD-WRT, but directly from one of your computers?</em>

Yes I tried that and works.

I will let you know how using TCP goes.

Thanks.

Share this post


Link to post

Hi,

error log using TCP

Serverlog Clientlog 20111220 14:22:53 Socket Buffers: R=[87380->131072] S=[16384->131072]

20111220 14:22:53 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

20111220 14:22:53 Local Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20111220 14:22:53 Expected Remote Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20111220 14:22:53 Local Options hash (VER=V4): '958c5492'

20111220 14:22:53 Expected Remote Options hash (VER=V4): '79ef4284'

20111220 14:22:53 I Attempting to establish TCP connection with 89.149.226.185:443 [nonblock]

20111220 14:22:54 I TCP connection established with 89.149.226.185:443

20111220 14:22:54 I TCPv4_CLIENT link local: [undef]

20111220 14:22:54 I TCPv4_CLIENT link remote: 89.149.226.185:443

20111220 14:22:54 TLS: Initial packet from 89.149.226.185:443 sid=d35ee5d0 90504549

20111220 14:22:55 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20111220 14:22:55 VERIFY OK: nsCertType=SERVER

20111220 14:22:55 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20111220 14:22:59 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20111220 14:22:59 NOTE: --mute triggered...

20111220 14:22:59 4 variation(s) on previous 5 message(s) suppressed by --mute

20111220 14:22:59 I [server] Peer Connection Initiated with 89.149.226.185:443

20111220 14:23:02 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20111220 14:23:02 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.5.0.1 comp-lzo no route 10.5.0.1 topology net30 ping 10 ping-restart 120 ifconfig 10.5.1.214 10.5.1.213'

20111220 14:23:02 OPTIONS IMPORT: timers and/or timeouts modified

20111220 14:23:02 OPTIONS IMPORT: LZO parms modified

20111220 14:23:02 OPTIONS IMPORT: --ifconfig/up options modified

20111220 14:23:02 NOTE: --mute triggered...

20111220 14:23:02 2 variation(s) on previous 5 message(s) suppressed by --mute

20111220 14:23:02 I TUN/TAP device tun1 opened

20111220 14:23:02 TUN/TAP TX queue length set to 100

20111220 14:23:02 I /sbin/ifconfig tun1 10.5.1.214 pointopoint 10.5.1.213 mtu 1500

20111220 14:23:02 /sbin/route add -net 89.149.226.185 netmask 255.255.255.255 gw 192.168.0.1

20111220 14:23:02 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.1.213

20111220 14:23:02 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.1.213

20111220 14:23:02 /sbin/route add -net 10.5.0.1 netmask 255.255.255.255 gw 10.5.1.213

20111220 14:23:02 I Initialization Sequence Completed

20111220 14:27:45 MANAGEMENT: Client connected from 127.0.0.1:5001

20111220 14:27:45 D MANAGEMENT: CMD 'state'

20111220 14:27:45 MANAGEMENT: Client disconnected

20111220 14:27:45 MANAGEMENT: Client connected from 127.0.0.1:5001

20111220 14:27:45 D MANAGEMENT: CMD 'state'

20111220 14:27:45 MANAGEMENT: Client disconnected

Share this post


Link to post

@privado

Hello!

Now there are no visible errors on the log. During the 4 minutes the E2000 was connected to a VPN server, could you manage to do anything (like pinging some servers...)?

Kind regards

Share this post


Link to post

Hi,

Well its now day 7 and still no success. To recap:

Tried everything you have asked

Paid out to another VPN company to test their configuration, which worked straight away.

Used 2 different ISP's

Used 2 different routers

Spent around about 20 hours reading various sites about VPN, tunneling etc.

This post has over 650 views in the last week, and all it really shows the people that are reading this is some guy wanting to give you money for a service, who didn't want to learn the ins and outs of VPN's, but did so anyway, and in return gets 1, one sentence answer a day.

Please, I appreciate you guys are busy, but finding answers or maybe doing some more hands on work with your clients can only benefit you in the future. Im open to any constructive help, maybe teamviewer into me and see what I may be doing wrong etc etc.

Thanks

Share this post


Link to post

privado wrote:

Hi,

Well its now day 7 and still no success. To recap:

Tried everything you have asked

Paid out to another VPN company to test their configuration, which worked straight away.

Hello! It's difficult to say why, without further details about configuration differences in the private networks.

Thank you for your patience. We are going to refund you your monthly subscription (your access will be granted anyway until the expiration date). You might want to review your problem even in the DD-WRT support forum and wiki, given that we don't have access to an E2000 router and to the unknown DSL modem/router.

Please, I appreciate you guys are busy, but finding answers or maybe doing some more hands on work with your clients can only benefit you in the future. Im open to any constructive help, maybe teamviewer into me and see what I may be doing wrong etc etc.

We will keep on our commitment to improve our customer service.

Kind regards

Share this post


Link to post

Hi,

Appreciate the refund, although I would much rather have a working router and use your service. I will continue to try to get this working and will happily post a Howto guide with config for other clients..

Perhaps in these instances you could maybe provide your service with 2 or more logins from the same IP ??? Possible ?

Thanks.

Share this post


Link to post

privado wrote:

Hi,

Appreciate the refund, although I would much rather have a working router and use your service. I will continue to try to get this working and will happily post a Howto guide with config for other clients..

Perhaps in these instances you could maybe provide your service with 2 or more logins from the same IP ??? Possible ?

Thanks.

Hello!

Sure, please contact us in private (menu "Support"->"Contact us") for those inquiries.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...