Netgear AC1900 PIA VPN Setup

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Trd64
DD-WRT Novice


Joined: 03 May 2016
Posts: 3
PostPosted: Tue May 03, 2016 1:11    Post subject: Netgear AC1900 PIA VPN Setup Reply with quote
I am currently a PIA VPN client and I have it configured on the router because I want it to reach all the devices on my network. Also, I am not a fan of the GUI, it takes forever to load.

Currently I have it set to the following in DD-WRT underneath the services VPN tab.

Can someone please explain if my setup is correct and how this is security strength wise? If I wanted to use the RSA 4096, Diffie–Hellman key exchange. The certificate and additional setitngs I am using is below..

port 1197

Encryption Cipher AES 256 CBC

Hash Algorithm SHA 256

Additional Config tls-client
remote-cert-tls server
reneg-sec 0
auth-nocache
auth sha256


-----BEGIN CERTIFICATE-----
MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
-----END CERTIFICATE-----



Below is my client log

Clientlog:
20160502 09:56:38 I OpenVPN 2.3.10 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 25 2016
20160502 09:56:38 I library versions: OpenSSL 1.0.2g 1 Mar 2016 LZO 2.09
20160502 09:56:38 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20160502 09:56:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20160502 09:56:38 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160502 09:56:38 Socket Buffers: R=[180224->180224] S=[180224->180224]
20160502 09:56:38 I UDPv4 link local: [undef]
20160502 09:56:38 I UDPv4 link remote: [AF_INET]104.207.136.115:1197
20160502 09:56:38 TLS: Initial packet from [AF_INET]104.207.136.115:1197 sid=f3c5a27f 835e6b4c
20160502 09:56:38 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access emailAddress=secure@privateinternetaccess.com
20160502 09:56:38 Validating certificate key usage
20160502 09:56:38 NOTE: --mute triggered...
20160502 09:56:40 11 variation(s) on previous 3 message(s) suppressed by --mute
20160502 09:56:40 I [Private Internet Access] Peer Connection Initiated with [AF_INET]104.207.136.115:1197
20160502 09:56:42 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
20160502 09:56:42 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.100.5.1 topology net30 ifconfig 10.100.5.6 10.100.5.5'
20160502 09:56:42 OPTIONS IMPORT: timers and/or timeouts modified
20160502 09:56:42 NOTE: --mute triggered...
20160502 09:56:42 4 variation(s) on previous 3 message(s) suppressed by --mute
20160502 09:56:42 I TUN/TAP device tun1 opened
20160502 09:56:42 TUN/TAP TX queue length set to 100
20160502 09:56:42 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20160502 09:56:42 I /sbin/ifconfig tun1 10.100.5.6 pointopoint 10.100.5.5 mtu 1500
20160502 09:56:42 /sbin/route add -net 104.207.136.115 netmask 255.255.255.255 gw 10.107.99.1
20160502 09:56:42 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.100.5.5
20160502 09:56:42 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.100.5.5
20160502 09:56:42 /sbin/route add -net 10.100.5.1 netmask 255.255.255.255 gw 10.100.5.5
20160502 09:56:42 I Initialization Sequence Completed
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'status 2'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00

ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha256 auth-user-pass /tmp/openvpncl/credentials remote us-midwest.privateinternetaccess.com 1197 comp-lzo yes tun-mtu 1500 mtu-disc yes fast-io tun-ipv6 tls-client remote-cert-tls server reneg-sec 0 auth-nocache auth sha256
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum