Search the Community
Showing results for tags 'dd-wrt'.
Found 60 results
-
ANSWERED Please help! OpenVPN on DD-WRT not working
PHenry posted a topic in Troubleshooting and Problems
I carefully followed the official guide to setup AirVPN on my DD-WRT router (Netgear R7000), but it just won't work. Had it working with my previous VPN provider. I've consulted multiple troubleshooting guides, tried different ports, redownloaded my keys and certs multiple times, tried different Additional Configuration lines... nothing seems to fix the issue. See screenshots for current configuration and for the DD-WRT VPN Status screen's log output. What am I doing wrong? -
It's been complained about in the forum the instructions on setting up a DD-WRT router with airvpn located at https://airvpn.org/ddwrt/?hl=ddwrt is out of date. For the DD-WRT release I use, the guide is indeed a little outdated, but comprehensible. Still, without warranty and strictly on your own responsibility you could try my guide below. I am unable to provide any support, but this guide hopefully can help someone. For this guide I presume you know what a kill switch is, you know how to set up all other parts of your DD-WRT router such as setting up DHCP for example, and you know how to log into your dd-wrt web interface. In the client area of the airvpn web site, create config files, here. Select any server location and port, it doesn't need to be the one you will use, you only need the certificates & keys. Make sure to tick "Advanced Mode", and tick "Separate certs/keys from .ovpn file", then generate and download the configuration files. Log into your DD-WRT router and ... Step 1. Navigate to the "Services" tab then select the "VPN" tab. Step 2. Select "Enable" under OpenVPN Client. Step 3. Configure the first part of the screen as per screenshot below, noting comments below the screenshot. In the "Server IP/Name" field, indicated by a red arrow, you can either enter a specific server IP ( how to find a specific server IP )substitute the "XX" with the ISO code of the country you wish to connect to (for example DE for Germany, NL for the Netherlands, BE for Belgium, etc.)substitute the "XX" with the continent name (america, asia, earth, europe respectively)leave the field completely empty IF you wish to use random servers from a selection you specify. In this case, make sure to follow step 5.In the "IP Address" field, indicated by a green arrow, you should put the default IP of your router ("gateway"). How to find your router address is beyond this tutorial. Step 4. To configure the second part of the screen we'll need copy-paste from the config files you generated earlier. As per screenshot below, noting comments below the screenshot. Using your favorite text editor Open up "ta.key" and copy all of the contents into the "TLS Auth Key" field. (green arrow)Open up the file "ca.crt" and copy all of the contents into the "CA Cert" field. (blue arrow)Open up the file "user.crt" and copy only and including "----- BEGIN CERTIFICATE----- to the end of ----- END CERTIFICATE----- " into the "Public Client Cert" field. (brown arrow)Open up "user.key" and copy all of the contents into the "Private Client Key" field. (red arrow)Step 5. And the yellow arrow "Additional Config" field ? If in Step 3 you left the "Server IP/Name" field empty because you would like to connect to airvpn servers in a relatively random fashion based on a select preset of countries and/or continents and/or specific servers, this step 5 is for you. Copy-paste and amend: remote-random remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) ... remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) ... resolv-retry infinite As an example, it should look something like: remote-random remote AT.vpn.airdns.org 443 remote BE.vpn.airdns.org 443 remote BG.vpn.airdns.org 443 remote CA.vpn.airdns.org 443 remote asia.vpn.airdns.org 443 remote 185.156.174.114 443 remote 185.189.112.10 443 remote 91.214.169.68 443 resolv-retry infinite Step 6. Click "Save" at the bottom of the page then "Apply Settings". It should work, but a reboot never hurts. NOTE ON KILL SWITCH The Kill Switch in the original instructions may work for you. They did not work for me regardless of correct TUN. I used the below kill switch which I found to be working for me, so I share it here. Go to the "Administration" tab then select the "Commands" tab.Copy the following firewall rules into the command windowWAN_IF="$(ip route | awk '/^default/{print $NF}')" iptables -I FORWARD -i br0 -o $WAN_IF -m state --state NEW -j REJECT --reject-with icmp-host-prohibited iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -m state --state NEW -j REJECT --reject-with tcp-reset Click on "Save Firewall" NOTE ON DNS It's been said in the forums (not finding reference to link, search refuses "DNS") it is better to use the airvpn server IP as DNS server. On a DD-WRT router, this is hard to achieve if you do not connect to a specific pre-defined server (most users). 10.4.0.1, one of airvpn DNS, is the next best IP to use as DNS server. However ... I found through trial and error - so this is only my pitiful experience - that if you do not put 10.4.0.1 as primary DNS, DD-WRT will keep using your primary DNS regardless whether connected to airvpn or not. 10.4.0.1 is not accessible outside the VPN, so you need a secondary VPN from another provider, such as opennic, find them here . You will find this leads to occasional DNS fallback, leaks if you will, to the secondary/other DNS when 10.4.0.1 is slow or disfunctional. But, such a DNS leak is still through the airvpn server IP, your location should still be hidden. So I would recommend in the DD-WRT control panel section "Setup" - "Basic Setup" - "Network Address Server Settings (DHCP)" to set the primary DNS as 10.4.0.1 and the secondary and further DNS as other free DNS servers, such as those from OpenNIC.
-
General info: - DD-WRT v3.0-r37845M kongac (11/25/18) on a Netgear R7000 - I have configured my R7000 as a Wireless Access Point (see https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point) Step 1, generate OpenVPN configuration files - www.airvpn.org => Client Area => Config Generator - Activate "Advanced Mode" - Choose your Operating System: Router - Choose your OpenVPN version: >= 2.4 - Need IPv6?: IPv4 only - Advanced (right part of the screen): Activate "Separate keys/certs from .ovpn file" - Protocols: Protocol: TCP; Port: 443; Entry IP: 3; Specs: tls-crypt, tls 1.2 - Choose server - Generate protocol - Select ZIP Now you have generated a ZIP file containing the following 5 files: ca.crt; user.crt; user.key; tls-crypt.key; and a .ovpn file, for example: AirVPN_NL-Alblasserdam_Muscida_TCP-443-Entry3.ovpn. Step 2, DD-WRT => Services => VPN => OpenVPN Client Hash Algorithm: SHA512 ca.crt goes in "CA Cert"; user.crt goes in "Public Client Cert"; user.key goes in "Private Client Key". The tls-crypt.key goes in "Additional Config" between <tls-crypt> and </tls-crypt>. Furthermore I´ve put the following two settings in "Additional Config": remote-cert-tls server and auth-nocache. The contents of "Additional Config" could, for example, look like this: remote-cert-tls server auth-nocache <tls-crypt> content of tls-crypt.key </tls-crypt> The only dissappointing thing: https://2ip.io/privacy/ still knows I am using a VPN service:
-
So I have a DD-WRT router running in Openvpn client mode via my Airvpn account. I have setup forwarded ports in my airvpn account which work on my devices running their own airvpn client. However, I can't get any open ports to forward through the router to my Windows machine running apps that need the open ports. I've seen the notice on the help page for port forwarding: " you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server." My interpretation of this statement is that my DD-WRT router running in vpn client mode, can't forward ports nor can my windows machine connected to my router access those ports. I'm struggling to really understand this restriction and why it is so. I have turned off all router and windows firewalls. The only way I can use forwarded ports is to run a windows client on my windows machine, which defeats having a dedicated vpn router. I have experimented over a month with commands for iptables using the router UI and other posts in the community to no avail. I hate to give up, but I'm out of solutions. Any simple answers and replies would be appreciated. I'm tech savy but not a guru.
-
Hi I have installed dd-wrt on Netgear R6400, i followed the official guide for configuring AirVPN on it, and the problem is that im getting maximum speeds of 10-17mbps instead of around 70mbps. Are my settings fine ? what could i try ? Thanks
-
Hello, I was curious what would happen if I used AirVPN with ASUS Merlin router and have Eddie installed on a windows 10 workstation at the same time. Obv trying to avoid IP leaking. Would using AirVPN on an ASUS router with Merlin be just as reliable as the Eddie software? Eddie has been rocksolid and as far as I know has never had a leak, the network lock works great.. But I would really love to switch things up and get a new router with AirVPN installed on it. I have concerns that the killswitch or lock on the router is not as realiable as Eddies custom client. On the ASUS router, if I use the .ovpn file from AirVPN and also configure the killswitch policy rules to only let out VPN connections would that be just as reliable as the Eddie client? Is it possible to install the client on the PC along with AIR on the router? That way most of my devices will use the router vpn and a couple workstations can use the Eddie client and connect to the VPN router, kinda like a double killswitch. Im just looking for ideas or any feedback. Which would you guys trust more... the killswitch on router or network lock on eddie? Thank you!
-
I am a new user of Airvpn and impressed with how it works. However whereas I am able to connect to BBC iPlayer and the ITV hub in UK, Channel 4 does not work - complains I am not in the right area. I am connect to Netherlands.
-
Hi,, I have been using AirVPN for two days now and I'm not really pleased with the Speed so far. I'm using DD-WRT firmware in my home router and configured the OpenVPN client in the router, so all devices at my home network are using the VPN connection. My internet speed at home is: Downlink: 250 Mbit/s Uplink: 100 Mbit/s Ping to a server in Stockholm 1-2 ms. When using AirVPN connected to the Swedish servers, I'm having a slowly 10-15 Mbit/s connection. Changing from TCP settings to UDP settings doesn't really make a difference. Ping about 7 ms. Connecting to the German AirVPN servers, the speed goes up to 30-35 Mbit/s in both directions. Just a comparison with other VPN vendors which I have been testing an configured as OpenVPN client on my DD-WRT router. ExpressVPN (connected to Swedish servers) ca. 70 Mbit/s in both directions. NordVPN (connected to Swedish servers get up to 150 Mbit/s down and 100 Mbit/s uplink. Huge difference here compared to the VPN servers used by AirVPN. Checking the details a bit, I see that AirVPN is using servers located in the north of Stockholm (Uppsala / Åkersberga), connected to the ISP Kustbandet AB which is connected to IP-Only. NordVPN is using for example Obenetwork AB for their VPN servers. Or is there anything wrong the your instructions for the configuration of DD-WRT when using AirVPN? Any comments on this?
-
This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account. Does not help for out-of-country Netflix access. I was surprised to not see this in the forum, as it's very simple and works. It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN. allow-pull-fqdn route www.netflix.com 255.255.255.255 net_gateway So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses. I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).
-
airvpn ssl tunnel not working on ddwrt router
yrahman posted a topic in Troubleshooting and Problems
Dear Team, I have installed stunnel on my linksys1900acs ddwrt router. now i am using the airvpn configurations to connect with i am getting following error daemon.err openvpn[28841]: Connection reset, restarting [0] Logs: Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: stunnel 5.20 on arm-openwrt-linux-gnueabi platform Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: Compiled/running with OpenSSL 1.0.2d 9 Jul 2015 Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: Threading:FORK Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: Reading configuration from file /opt/etc/stunnel/stunnel.conf Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: UTF-8 byte order mark detected Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: FIPS mode disabled Jun 11 00:47:08 DD-WRT daemon.info stunnel: LOG6[ui]: Initializing service [openvpn] Jun 11 00:47:08 DD-WRT daemon.notice stunnel: LOG5[ui]: Configuration successful Jun 10 20:48:18 DD-WRT daemon.warn openvpn[28841]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Re-using SSL/TLS context Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ] Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ] Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client' Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server' Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413 Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Socket Buffers: R=[87380->87380] S=[16384->16384] Jun 10 20:48:18 DD-WRT daemon.notice openvpn[28841]: Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock] Jun 11 00:48:18 DD-WRT daemon.notice stunnel: LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:48232 Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: failover: round-robin Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: s_connect: connecting 62.102.148.190:443 Jun 11 00:48:18 DD-WRT daemon.notice stunnel: LOG5[0]: s_connect: connected 62.102.148.190:443 Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: SNI: sending servername: 62.102.148.190 Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: CERT: Locally installed certificate matched Jun 11 00:48:18 DD-WRT daemon.notice stunnel: LOG5[0]: Certificate accepted at depth=0: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: SSL connected: new session negotiated Jun 11 00:48:18 DD-WRT daemon.info stunnel: LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption) Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: TCP connection established with [AF_INET]127.0.0.1:1413 Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: TCPv4_CLIENT link local: (not bound) Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1413 Jun 11 00:48:19 DD-WRT daemon.info stunnel: LOG6[0]: SSL closed (SSL_read) Jun 10 20:48:19 DD-WRT daemon.err openvpn[28841]: Connection reset, restarting [0] Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: TCP/UDP: Closing socket Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: SIGUSR1[soft,connection-reset] received, process restarting Jun 10 20:48:19 DD-WRT daemon.notice openvpn[28841]: Restart pause, 160 second(s) Jun 11 00:48:19 DD-WRT daemon.info stunnel: LOG6[0]: Read socket closed (readsocket) Jun 11 00:48:19 DD-WRT daemon.info stunnel: LOG6[0]: SSL_shutdown successfully sent close_notify alert Jun 11 00:48:19 DD-WRT daemon.notice stunnel: LOG5[0]: Connection closed: 16 byte(s) sent to SSL, 0 byte(s) sent to socket My OpenVpn config ca /tmp/openvpncl/ca.crtcert /tmp/openvpncl/client.crtkey /tmp/openvpncl/client.keymanagement 127.0.0.1 16management-log-cache 100verb 3mute 3syslogwritepid /var/run/openvpncl.pidclientresolv-retry infinitenobindpersist-keypersist-tunscript-security 2dev tun1proto tcp4-clientcipher aes-256-cbcauth sha256remote 127.0.0.1 1413comp-lzo notun-mtu 1500mtu-disc yesresolv-retry infinitenobindpersist-keypersist-tunauth-nocacheverb 5route 62.102.148.190 255.255.255.255 net_gatewayremote-cert-tls servercipher AES-256-CBCkey-direction 1 My Stunnel Configclient = yesdebug = 6 [openvpn];ciphers = DHE-RSA-AES128-SHA256accept = 127.0.0.1:1413connect = 62.102.148.190:443TIMEOUTclose = 0verify = 3CAfile = /opt/etc/stunnel/stunnel.crt -
Hi, I was using the dd-wrt with AirVPN for more than a year. Unfortunately it has stopped working since last couple of days. I have tried and updated the certificates but of new use. I am posting the log below and the router settings are attached. Can someone please help? Serverlog Clientlog 20180425 19:13:15 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 25 2013 20180425 19:13:15 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 20180425 19:13:15 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20180425 19:13:15 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 20180425 19:13:15 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 20180425 19:13:15 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file 20180425 19:13:15 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20180425 19:13:15 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20180425 19:13:15 Socket Buffers: R=[114688->131072] S=[114688->131072] 20180425 19:13:15 I UDPv4 link local: [undef] 20180425 19:13:15 I UDPv4 link remote: [AF_INET]213.152.161.100:53 20180425 19:13:15 TLS: Initial packet from [AF_INET]213.152.161.100:53 sid=bee09a1d eb5855ac 20180425 19:14:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180425 19:14:05 D MANAGEMENT: CMD 'state' 20180425 19:14:05 MANAGEMENT: Client disconnected 20180425 19:14:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180425 19:14:05 D MANAGEMENT: CMD 'state' 20180425 19:14:05 MANAGEMENT: Client disconnected 20180425 19:14:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180425 19:14:05 D MANAGEMENT: CMD 'state' 20180425 19:14:05 MANAGEMENT: Client disconnected 20180425 19:14:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180425 19:14:05 D MANAGEMENT: CMD 'log 500'
-
Hi all, im getting network unreachable on my dd-wrt I don;t know what im doing wrong, but i did follow everything from here :https://airvpn.org/ddwrt/ I added the screenshots and the error code. lets hope some1 can help me regards 20180310 22:05:00 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.180:1194 20180310 22:05:00 Socket Buffers: R=[172032->172032] S=[172032->172032] 20180310 22:05:00 I UDPv4 link local: (not bound) 20180310 22:05:00 I UDPv4 link remote: [AF_INET]213.152.161.180:1194 20180310 22:05:00 N write UDPv4: Network unreachable (code=128) 20180310 22:05:00 I Network unreachable restarting 20180310 22:05:00 I SIGUSR1[soft network-unreachable] received process restarting 20180310 22:05:00 Restart pause 300 second(s) 20180310 22:10:00 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 20180310 22:10:00 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20180310 22:10:00 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.180:1194 20180310 22:10:00 Socket Buffers: R=[172032->172032] S=[172032->172032] 20180310 22:10:00 I UDPv4 link local: (not bound) 20180310 22:10:00 I UDPv4 link remote: [AF_INET]213.152.161.180:1194 20180310 22:10:00 N write UDPv4: Network unreachable (code=128) 20180310 22:10:00 I Network unreachable restarting 20180310 22:10:00 I SIGUSR1[soft network-unreachable] received process restarting 20180310 22:10:00 Restart pause 300 second(s) 20180310 22:12:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180310 22:12:00 D MANAGEMENT: CMD 'state' 20180310 22:12:00 MANAGEMENT: Client disconnected 20180310 22:12:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180310 22:12:00 D MANAGEMENT: CMD 'state' 20180310 22:12:00 MANAGEMENT: Client disconnected 20180310 22:12:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180310 22:12:00 D MANAGEMENT: CMD 'state' 20180310 22:12:00 MANAGEMENT: Client disconnected 20180310 22:12:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180310 22:12:00 D MANAGEMENT: CMD 'status 2' 20180310 22:12:00 MANAGEMENT: Client disconnected 20180310 22:12:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180310 22:12:00 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00
-
Solved: "Recursive routing detected" loop issue using OpenVPN on DD-WRT
Guest posted a topic in Troubleshooting and Problems
Hello forum! I've used OpenVPN on Asus RT-N18U running DD-WRT over a year now. I made files up.sh to start and dn.sh to stop OpenVPN to get rid of GUI and later on to run them via ssh from lan. OpenVPN version got updated to 2.4 and I made the necessary changes to conf file and scripts. It ran without issues couple of months. However, last Thursday my VPN connection went down while I was just browsing the interwebs. OpenVPN log was filled with messages: Recursive routing detected, drop tun packet to [AF_INET]62.102.148.132:443. There's no difference if I set up OpenVPN via GUI or use only my scripts. I've tried both UDP and TCP protocols but the issue persists. Outcome is always the same. Since then I've contacted AirVPN support as I cannot fix this by myself. I don't have the skills for that and I've tried my everything. As you may notice I feel desperate. EDIT: Here was a zip-file including kernel and ip routing tables, scripts, openvpn.conf file and OpenVPN log. I've censored my IP-address and tun1 IP from the files. All I found out is that the router for some reason removes line 62.102.148.132 via 84.xx.xx.xx dev vlan2 from routing table. You can see the difference between before-error_ip-route.txt. and after-error_ip-route.txt. DD-WRT seems to think that the fastest route outside is only via tun1 as VPN endpoint IP is in the same location as tun1 IP-address. Just a guess, might be totally wrong. Then it removes the previously mentioned routing rule and creates a loop. If I use allow-recursive-routing option in OpenVPN configuration, after a while log begins to spam "UDP messages too big" or something like that. I hadn't done any changes to DD-WRT settings, configuration files or script files. Recursive routing just popped up from no where. Router is being used as a gateway and WiFi AP only. All I've done is I moved to a new apartment which has different IP-address provided by the same ISP. That might not affect anything, just FYI. I really hope someone could help me with this. Thanks. Update: Turns out my ISP assings new IP-address every 20 minutes and almost every service on DD-WRT restarts which makes everything kind of frustrating to config... -
Hey all, I just set up my TP-link Archer C7 with DD-WRT, and my download speeds went from (no VPN) 25 Mbs to just over 2Mbs. I know I take some performance hit when going through VPN, but this is too much, unfortunately. One thing I didnt understand in the setup process that might be affecting it is "server entry-IP address". Am I "locked into" whatver server I chose when I set up the router? It seems like I am, because the server I chose at the time of config was "best" according to the "Status" page, but no longer is, yet *my* status still says I am still connected to the one I chose the IP of. I can provide more info if needed, but am not at this point b\c I feel like I kinda alreday know the answer, and will be going back to Eddie and stock firmware on my router....hoping against hope that the router can be set up to be faster than using Eddie. Thanks in advance.
-
Hi, I'm determined to buy a router to run openvpn with airvpn account. Specifically I will have only one device, or at the maximum one other, which should pass in the tunnel.The speed must not deviate much from the real 30mb. I wondered what characteristics must have the cpu, basically I will use the vpn for media streams
-
Greetings: So I'm a new customer/member attempting to setup AirVPN using OpenVPN protocols on a DD-WRT configured router. Before entering AirVPN settings, I could access the internet without issue. Now, I get the "no internet access" error. I'm hoping that someone can analyze the log below and point me in the right direction. Thanks. StateClient: WAITLocal Address: Remote Address: StatusVPN Client StatsTUN/TAP read bytes 0TUN/TAP write bytes 0TCP/UDP read bytes 0TCP/UDP write bytes 84Auth read bytes 0pre-compress bytes 0post-compress bytes 0pre-decompress bytes 0post-decompress bytes 0 LogClientlog: 19691231 20:13:50 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 19691231 20:13:50 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 19691231 20:13:50 I OpenVPN 2.4.2 arm-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 11 2017 19691231 20:13:50 I library versions: OpenSSL 1.0.2k 26 Jan 2017 LZO 2.09 19691231 20:13:50 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19691231 20:13:50 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 19691231 20:13:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19691231 20:13:50 W WARNING: Your certificate is not yet valid! 19691231 20:13:50 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19691231 20:13:50 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19691231 20:13:50 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.113:443 19691231 20:13:50 Socket Buffers: R=[180224->180224] S=[180224->180224] 19691231 20:13:50 I UDPv4 link local: (not bound) 19691231 20:13:50 I UDPv4 link remote: [AF_INET]213.152.162.113:443 19691231 20:14:50 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 19691231 20:14:50 N TLS Error: TLS handshake failed 19691231 20:14:50 I SIGUSR1[soft tls-error] received process restarting 19691231 20:14:50 Restart pause 5 second(s) 19691231 20:14:55 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 19691231 20:14:55 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19691231 20:14:55 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.113:443 19691231 20:14:55 Socket Buffers: R=[180224->180224] S=[180224->180224] 19691231 20:14:55 I UDPv4 link local: (not bound) 19691231 20:14:55 I UDPv4 link remote: [AF_INET]213.152.162.113:443 19691231 20:15:55 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 19691231 20:15:55 N TLS Error: TLS handshake failed 19691231 20:15:55 I SIGUSR1[soft tls-error] received process restarting 19691231 20:15:55 Restart pause 5 second(s) 19691231 20:16:00 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 19691231 20:16:00 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19691231 20:16:00 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.113:443 19691231 20:16:00 Socket Buffers: R=[180224->180224] S=[180224->180224] 19691231 20:16:00 I UDPv4 link local: (not bound) 19691231 20:16:00 I UDPv4 link remote: [AF_INET]213.152.162.113:443 19691231 20:17:00 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 19691231 20:17:00 N TLS Error: TLS handshake failed 19691231 20:17:00 I SIGUSR1[soft tls-error] received process restarting 19691231 20:17:00 Restart pause 5 second(s) 19691231 20:17:05 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 19691231 20:17:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19691231 20:17:05 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.113:443 19691231 20:17:05 Socket Buffers: R=[180224->180224] S=[180224->180224] 19691231 20:17:05 I UDPv4 link local: (not bound) 19691231 20:17:05 I UDPv4 link remote: [AF_INET]213.152.162.113:443 19691231 20:18:05 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 19691231 20:18:05 N TLS Error: TLS handshake failed 19691231 20:18:05 I SIGUSR1[soft tls-error] received process restarting 19691231 20:18:05 Restart pause 5 second(s) 19691231 20:18:10 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 19691231 20:18:10 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19691231 20:18:10 I TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.113:443 19691231 20:18:10 Socket Buffers: R=[180224->180224] S=[180224->180224] 19691231 20:18:10 I UDPv4 link local: (not bound) 19691231 20:18:10 I UDPv4 link remote: [AF_INET]213.152.162.113:443 19691231 20:18:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 19691231 20:18:14 D MANAGEMENT: CMD 'state' 19691231 20:18:14 MANAGEMENT: Client disconnected 19691231 20:18:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 19691231 20:18:14 D MANAGEMENT: CMD 'state' 19691231 20:18:14 MANAGEMENT: Client disconnected 19691231 20:18:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 19691231 20:18:14 D MANAGEMENT: CMD 'state' 19691231 20:18:14 MANAGEMENT: Client disconnected 19691231 20:18:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 19691231 20:18:14 D MANAGEMENT: CMD 'status 2' 19691231 20:18:14 MANAGEMENT: Client disconnected 19691231 20:18:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 19691231 20:18:14 D MANAGEMENT: CMD 'log 500' 19691231 19:00:00
-
My ISP requires using their residential gateway (rg - modem/router combo) which does not allow you to change the DNS settings. I have a Netgear R8000 X6 Nighthawk running DD-WRT cascaded from the RG. Can I run AirVPN in this configuration without issue? If I change the DNS on the X6 to AirVPN DNS settings will I lose internet connectivity as this router gets internet through the rg? If this works, will I leak DNS? Thanks in advance.
-
I'm running OpenVPN on DD-WRT. Everything seems to work fine, but in the OpenVPN logs I see I guess this means the configuration will stop working at some point? Is there some other configuration I should use instead?
-
Hi AirVPN users! The latest OpenVPN for DD-WRT can be found here ftp://ftp.dd-wrt.com/betas/2020 but please choice builds higher then 06-01-2017-r32170 as lower builds dont have the vulnerabilities patch https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results
-
Hi there, I'm hoping someone may be able to assist me with a configuration for my router. My setup is that I'm running a DD-WRT based router with three wireless networks and four devices using a wired connection to the router. Half of my local network is allocated to my DHCP pool for most of these devices. I have my VPN up and running fine, however I would like to do something more advanced with my setup. I would like to split up my network somewhat so that two of the wireless networks as well as the wired computers that all get their IPs from the DHCP pool utilize the VPN for their internet traffic while the devices outside of the DHCP pool and on the third wireless network do not use the VPN. I have the Policy Based Routing setup with the subnet of the DHCP pool and I've been playing around with my IPTables configuration, but I'm hitting a wall trying to keep the traffic split. Any help for this would be greatly appreciated. Thanks in advance, Miko
-
Hello, I have one problem. I am using airvpn on dd-wrt router and that works like a charm. I also setup some policies as you suggested in previous posts, and some machines are on VPN and some are not. Now I have problem to setup access point. I do not want to use wireless repeater, because it is slow if many devices are connected... I want to wire access point (not wiereless) and use the same SSID as main router has... My configuration: DSL model (10.10.2.1) <-LAN-------WAN-> DD-WRT router (10.10.3.1) <-LAN-------LAN-> access point [non-dd-wrt] (?.?.?.?) DD-WRT 'sees' DSL modem (via routing), but DSL modem doesn't know for 10.10.3.1/24 network. What I did: 1. Disabled DHCP on access point 2. Connected router's LAN with access point's LAN (not WAN) 3. Set access point's IP address to 10.10.3.2... 4. Set router's channel to 6 5. Set access point's channel to 11 6. Set access point's SSID to the same SSID as router has and at the end I cannot establish IP anymore if I use access point's wireless network. I tried to leave on DHCP on access point..., but in that case I do not have access to the internet but I can connect to the access point's wireless... I suppose AirVPN's firewall commands are problem: iptables -I FORWARD -i br0 -o tun1 -j ACCEPT iptables -I FORWARD -i tun1 -o br0 -j ACCEPT iptables -I INPUT -i tun1 -j REJECT iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE iptables -I FORWARD -s 10.10.2.0/24 -j ACCEPT Can someone help me with this? Thanks in advance.
-
Hi guys, I would like to divide the cost of Airvpn with a person I know. He is not a close friend of mine and I cannot trust him 100%, so I don't know if he will send me money during the subscription period (we have agreed a very little monthly recurring cost). I was searching a way I could stop a configuration from working, once it is generated. I was using the dd-wrt airvpn guide, which connects without the need of username/password. Which is not a good thing for my scope. I tried changing my Airvpn password, but the configuration continues to work. Any suggestion ?
-
Hi, I have searched a lot to achieve this. I am looking for a comprehensive step by step (being a novice in this area) to setup a separate Virtual Access point in a DD-WRT router which uses OpenVPN and TOR (This feature is available in latest version of DD-WRT) at the same time. Also I want to ensure that any traffic goes through this VAP only if OpenVPN is up and running. I want to have OpenVPN on port 443 (TCP) due to aggressive DPI by local ISPs for VoIP. Looking to hear from experts I have gone through some guides (no.1 and no.2) but these aren't completely covered or not most relevant.
-
Hi all, I am trying to set up an airvpn using DD-WRT. I was able to connect to the server and successfully using OpenVPN function, however, I was not able to use port forwarding function. When I disabled airvpn on my DD-WRT and used app, I was able to check that the port was open. When I set up VPN on DD-WRT for some reason port forwarding does not work. In order to verify that vpn was indeed connected, I used overview on client area. I also check the port was open using forwarded ports. Does anyone have a suggestion how I might be able to open the port? P.S When I first installed DD-WRT, I was not able to open a port using forwarded port(both router and app). I quickly realized that I also had to port forward on the router too.