Trd64 DD-WRT Novice
Joined: 03 May 2016 Posts: 3
|
Posted: Tue May 03, 2016 1:11 Post subject: Netgear AC1900 PIA VPN Setup |
|
I am currently a PIA VPN client and I have it configured on the router because I want it to reach all the devices on my network. Also, I am not a fan of the GUI, it takes forever to load.
Currently I have it set to the following in DD-WRT underneath the services VPN tab.
Can someone please explain if my setup is correct and how this is security strength wise? If I wanted to use the RSA 4096, Diffie–Hellman key exchange. The certificate and additional setitngs I am using is below..
port 1197
Encryption Cipher AES 256 CBC
Hash Algorithm SHA 256
Additional Config tls-client
remote-cert-tls server
reneg-sec 0
auth-nocache
auth sha256
-----BEGIN CERTIFICATE-----
MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
-----END CERTIFICATE-----
Below is my client log
Clientlog:
20160502 09:56:38 I OpenVPN 2.3.10 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 25 2016
20160502 09:56:38 I library versions: OpenSSL 1.0.2g 1 Mar 2016 LZO 2.09
20160502 09:56:38 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20160502 09:56:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20160502 09:56:38 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160502 09:56:38 Socket Buffers: R=[180224->180224] S=[180224->180224]
20160502 09:56:38 I UDPv4 link local: [undef]
20160502 09:56:38 I UDPv4 link remote: [AF_INET]104.207.136.115:1197
20160502 09:56:38 TLS: Initial packet from [AF_INET]104.207.136.115:1197 sid=f3c5a27f 835e6b4c
20160502 09:56:38 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access emailAddress=secure@privateinternetaccess.com
20160502 09:56:38 Validating certificate key usage
20160502 09:56:38 NOTE: --mute triggered...
20160502 09:56:40 11 variation(s) on previous 3 message(s) suppressed by --mute
20160502 09:56:40 I [Private Internet Access] Peer Connection Initiated with [AF_INET]104.207.136.115:1197
20160502 09:56:42 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
20160502 09:56:42 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.100.5.1 topology net30 ifconfig 10.100.5.6 10.100.5.5'
20160502 09:56:42 OPTIONS IMPORT: timers and/or timeouts modified
20160502 09:56:42 NOTE: --mute triggered...
20160502 09:56:42 4 variation(s) on previous 3 message(s) suppressed by --mute
20160502 09:56:42 I TUN/TAP device tun1 opened
20160502 09:56:42 TUN/TAP TX queue length set to 100
20160502 09:56:42 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20160502 09:56:42 I /sbin/ifconfig tun1 10.100.5.6 pointopoint 10.100.5.5 mtu 1500
20160502 09:56:42 /sbin/route add -net 104.207.136.115 netmask 255.255.255.255 gw 10.107.99.1
20160502 09:56:42 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.100.5.5
20160502 09:56:42 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.100.5.5
20160502 09:56:42 /sbin/route add -net 10.100.5.1 netmask 255.255.255.255 gw 10.100.5.5
20160502 09:56:42 I Initialization Sequence Completed
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'state'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'status 2'
20160502 20:08:23 MANAGEMENT: Client disconnected
20160502 20:08:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160502 20:08:23 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00
ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha256 auth-user-pass /tmp/openvpncl/credentials remote us-midwest.privateinternetaccess.com 1197 comp-lzo yes tun-mtu 1500 mtu-disc yes fast-io tun-ipv6 tls-client remote-cert-tls server reneg-sec 0 auth-nocache auth sha256 |
|