Jump to content
Not connected, Your IP: 3.90.35.86
Sign in to follow this  
Whisperer

DD-WRT & TLS Handshake

Recommended Posts

For starters, I did read the other posts about this, but I couldn't quite match my issue with those.

 

I followed the instructions on the site to configure. It's a clean DD-WRT behind my ISP's modem/router. So technically the ISP router's internal address is 192.168.178.161. It leases 192.168.178.12 to my DD-WRT router, which then presents itself as 192.168.1.1 to my clients.

 

I configured the files using a single server (is it even possible to select a continent for OpenVPN?) and configured it in DD-WRT. Attached is a PDF with the config, as well as the client log.

 

I can't do the firewall rules yet, since the interface isn't showing up in ifconfig until a successful connection.

 

Any help to offer?

 

DD-Air.pdf

ClientLog.txt

 

EDIT: Found it. I must have attempted to scroll down using the arrow key while the Hash Algorithm was selected, switching it to MD4. It's connected now, but DNS resolution isn't working. I have an address in the 10.4 range, and entered the DNS in 10.4 as well, but no go.

Share this post


Link to post

Your hash algorithm is wrong - MD4 in almost 2017? Change it to SHA1.

LZO should be disabled.

 

You cannot put 192.168.1.1 in the IP address section since this field is reserved for the tunnel IP, which is dynamic and assigned to

you by the OpenVPN server.

You can later create another DHCP server and NAT your clients behind the VPN tunnel, but you need to fix your first issues before.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

So, I should deviate from the instructions on https://airvpn.org/ddwrt/ by turning off LZO and removing the IP Address & subnet? I'll try those, see what changes in the connection log.

 

As for the DNS resolution, it seems there's a setting that tells DD-WRT to be my DNS server, and it doesn't use AirVPN's DNS. I'm trying to figure out which setting it is. Unfortunately, the above instruction isn't entirely applicable to the more recent DD-WRT's. They changed a few options.

Share this post


Link to post

for my ddwrt config went from the ispz cable modem to the ddwrt router, i set the boxes to static meaning all computers phones etc each static and using their own vpn server, i set the dns in the ddwrt, shut off the dhcp server, assigned the ip addresses from the router, used iptables on the boxes and the openvpn app on the phone

 

what i like about this config is basically got zero net unless using openvpn

 

a real kill switch

Share this post


Link to post

LZO should be disabled.

 

LZO should be enabled. The reason is that on some DD-WRT firmware interfaces (as well as in some network-manager-openvpn versions for Linux, we suspect), setting LZO to "Disabled" will not originate "comp-lzo no" directive.

 

The comp-lzo directive could be totally omitted. This will cause connection failure when our servers push "comp-lzo no". You need "comp-lzo yes" or "comp-lzo no" (it doesn't matter which, it will be overridden by VPN server) to be fully compatible with our service.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...