Jump to content


Photo
- - - - -

Issues With New DD-WRT OpenVPN Config Since Update

update config certs keys heartbleed TLSAuth

  • Please log in to reply
15 replies to this topic

#1 Stan464

Stan464

    Advanced Member

  • Members
  • PipPipPip
  • 35 posts

Posted 14 April 2014 - 01:46 PM

Hi All,

 

Since the Update, Im unable to connect via my DD-Wrt Setup Router, Using the OpenVPN Client..

 

I've Re-Downloaded the Keys/Certs & Re-Copied them, Iv'e checked 3 Times to see if they are in the correct Boxes.

 

 

 

Iv'e tried Adding the "TLS-DHE-RSA ETC" 256 Bit.

 

But it sticks & dosn't even Log anything. Does Nothing..

 

When i Choose "None" It goes into a Loop.

 

 

******Date & TIme Is Correct" As that error does point to a date error, but the date is fine.. as ive said, everything has been working Prior to the update...*****

 

 

 

 

 

 



#2 Xiocus

Xiocus

    Member

  • Members
  • PipPip
  • 16 posts

Posted 14 April 2014 - 02:22 PM

https://airvpn.org/topic/6652-airvpn-tomato-configuration-step-by-step-guide/page-3#entry16703



#3 Stan464

Stan464

    Advanced Member

  • Members
  • PipPipPip
  • 35 posts

Posted 14 April 2014 - 02:46 PM

https://airvpn.org/topic/6652-airvpn-tomato-configuration-step-by-step-guide/page-3#entry16703

 

Checked that Guide, Sadly "Tomato" isnt "Dd-Wrt" Nor Is the Setup Sequence very close. 

As the options & Settings are displayed differentley.

 

But The 2nd Image does have Similarities, But i have Entered the "Static Key"

 

 

But thanks though :).

 

It Did "Jack All" lol.

 

Also Changed the "TLS" To "TLS-DHE-256-SHA" ETC.

But it does "Jack" Aswell...



#4 M0rph2020

M0rph2020

    Member

  • Members
  • PipPip
  • 18 posts

Posted 14 April 2014 - 04:36 PM

I have a Asus n66u using merlinware which the modems openvpn page says my openvpn client is running but none of my traffic is runnig through it. Once I upload the .ovpn file all the configuration files are filled in automatically including the 2048 static key. In the custom configuration I insert

 

resolv-retry infinite
ns-cert-type server
comp-lzo no
explicit-exit-notify 5

 

I'm not sure what I am doing wrong. The Hmac is set to Outgoing (1). All the configuration files are filled in.



#5 Stan464

Stan464

    Advanced Member

  • Members
  • PipPipPip
  • 35 posts

Posted 14 April 2014 - 06:11 PM

Sadly Since the update, it has made my paid VPN Service utter useless,

I Did everything from scratch 3 Times with the same result..



#6 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7508 posts

Posted 14 April 2014 - 06:47 PM

Hello!

 

You need to post a screenshot of your DD-WRT OpenVPN configuration page to get proper support.

 

Kind regards



#7 tw0fer

tw0fer

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 14 April 2014 - 09:26 PM

Hello all,

 

Having similar issues here on DD-WRT. I have upgraded all certificates and added the new Static Key as well. As far as the "EXTRA HMAC AUTHORIZATION (TLS-AUTH)" goes.... I don't see this option in dd-wrt.

 

I've attempted to add a screenshot but the 27.32k upload limit will not let me attached my images...

 

 

 

 



#8 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7508 posts

Posted 14 April 2014 - 09:37 PM

Hello all,

 

Having similar issues here on DD-WRT. I have upgraded all certificates and added the new Static Key as well. As far as the "EXTRA HMAC AUTHORIZATION (TLS-AUTH)" goes.... I don't see this option in dd-wrt.

 

I've attempted to add a screenshot but the 27.32k upload limit will not let me attached my images...

 

Hello!

 

You should see a "TLS Cipher" combo box in your DD-WRT OpenVPN client configuration page. Different builds need different settings according to a confusing pattern that we can't identify. Some work with "None" and some work with "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" (both wrong, but they work...).

 

The upload limit is around 1 MB per picture, can you please try again?

 

Kind regards



#9 tw0fer

tw0fer

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 14 April 2014 - 09:42 PM

Didn't realize there was a 500k total upload limit. Lets see if this works now that i've deleted some of my older attachments.. Screen Shot 2014-04-14 at 5.17.27 PM.jpg



#10 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7508 posts

Posted 14 April 2014 - 10:11 PM

Hello!

 

Ok. The "TLS Cipher" is wrong. Try with "None". If it does not work, try with "TLS-DHE-RSA-WITH-AES-128-CBC-SHA".

 

Check keys and certificates carefully. TLS Auth is empty, you need to paste there ta.key. Delete everything from "Static key".

 

Kind regards



#11 tw0fer

tw0fer

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 14 April 2014 - 10:46 PM

Okay!! Success! Got it working now. It ends up I was putting the TLS auth in the wrong spot. The words "static key" were throwing me for a loop.

 

Attached are my new settings. Hopefully this will help others out.

 

Thanks AirVPN for the great support as always.

 

Screen Shot 2014-04-14 at 6.42.21 PM.jpg



#12 MrConducter

MrConducter

    Advanced Member

  • Members
  • PipPipPip
  • 96 posts

Posted 14 April 2014 - 11:08 PM

Haha man I was just coming here to post that this worked for me and you beat me to it! Took me 24 hours to figure this out! Thank you!



#13 donzaucker

donzaucker

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 15 April 2014 - 12:21 AM

Eureka! You saved my life!

Isame use for me, wrong field fir Tls auth key.

Thanks



#14 6501166996442015

6501166996442015

    Advanced Member

  • Members
  • PipPipPip
  • 58 posts

Posted 15 April 2014 - 02:08 AM

Sometimes you might run into issues with explicit-exit-notify 5 as well, so you may have success with removing that line (I think the latest version of OpenVPN just ignores it, but the older versions would hang on it)



#15 wdp

wdp

    Member

  • Members
  • PipPip
  • 11 posts

Posted 19 April 2014 - 03:44 PM

does the 128 mean it is less secure?



#16 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7508 posts

Posted 19 April 2014 - 07:30 PM

does the 128 mean it is less secure?

 

Hello!

 

No, the Data Channel remains encrypted with AES-256-CBC cipher, regardless of what DD-WRT pretends. Our servers are not configured to provide an AES-128 OpenVPN Data Channel cipher. It's just one of the many DD-WRT OpenVPN configuration page bugs.

 

Kind regards







Similar Topics Collapse


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Servers online. Online Sessions: 14445 - BW: 56527 Mbit/sYour IP: 54.162.159.33Guest Access.