Posted: Tue Aug 23, 2016 11:13 Post subject: Can't get OpenVPN to work (r27506)
Hi again:
I posted in another thread (specific to r27506) about my first effort to get OpenVPN up and running. After extensive support emails with the VPN provider ... they suggested an update to firmware. But this forum suggests that DD-WRT v3.0-r27506 is stable and works with my TP-Link WR1043NDv3.
Q1: IS THERE A NEWER STABLE RELEASE I SHOULD USE ?
In my own opinion, the error I am getting does not indicate bad FW -- and I might be wrong. And I'd rather debug this than flash additional FW. But I need some help from the forum, so here goes.
The 1043NDv3 (call it Router2) is behind ISP-supplied Router1 in DMZ mode. The two routers are on different sub-nets. I can get to the internet no problem with laptop via wifi on Router2.
Here is what I did on Router2 today:
1. 30/30/30 hard-reset.
2. WIRELESS: Change SSID, password, Wifi Security.
3. BASIC SETUP: add Router1 into gateway & DNS fields under Network-Setup. Change Router2 name ("MyRouter").
4. SERVICES: enable Syslogd and SSHd.
5. REBOOT Router2.
6. SSH and perform various outputs captured in "R1.txt" (attached). <MAC Addresses redacted with xx:xx:xx:xx:xx:xx>
(You may review R1.txt for details. It includes today's 'route' output. Yesterday's 'route' (below) simply had the addition of the 172.x.x.x VPN Server.)
Notice the output from 'route' (at end of this post).
Q2: IS THE OUTPUT OF 'route' AS EXPECTED ? Notice that there does not appear to be a DEFAULT GATEWAY assigned.
And now, here's the tail end of the log and it's error I got when I activated OpenVPN:
Quote:
... ...
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.26.1,topol
gy subnet,ping 20,p
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: NOTE: --mute triggered...
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: 2 variation(s) on previous 3 message(s) suppressed by --mute
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: Socket Buffers: R=[131072->344064] S=[131072->131072]
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: OPTIONS IMPORT: route options modified
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: OPTIONS IMPORT: route-related options modified
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: NOTE: --mute triggered...
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: 1 variation(s) on previous 3 message(s) suppressed by --mute
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: TUN/TAP device tun1 opened
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: TUN/TAP TX queue length set to 100
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: /sbin/ifconfig tun1 172.21.26.78 netmask 255.255.254.0 mtu 1500 broadcast 172.21.27.255
Aug 22 18:10:23 DD-WRT daemon.warn openvpn[1741]: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Aug 22 18:10:23 DD-WRT daemon.notice openvpn[1741]: Initialization Sequence Completed
Since no one answered ... I will at least update to anyone interested with maybe the same issue.
After much research it appears that the error "NOTE: unable to redirect default gateway -- Cannot read current default gateway from system" is a frequent stumbling block for OpenVPN clients, not necessarily just DD-WRT routers. And the cause is the missing Default Gateway, as the message indicates. Whenever the "route" command does not properly create a default GW, you can expect to see this error.
After intensive email support with IPVanish customer support ... I installed r29519. Using their SCRIPT method, it still did not work. One additional change, however, and OpenVPN is now running.
Quote:
In Setup/Basic-Setup, under Network-Setup set the two Static DNS entries to
198.18.0.1
8.8.8.8
(Most likely other DNS servers will work also, but something needs to be entered in Status DNS to get it to work.)
Note: I have *not* yet used the OpenVPN client service (will try that later); IPVanish's SCRIPT method does not use it; instead it is started manually (in the startup script they provide). _________________ HW: TP-Link WR1043NDv3
FW: r27506
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Wed Aug 31, 2016 20:32 Post subject:
as far as 27506 yes it s very very old, try 30016, and even 30432,
both working good and stable on 1043nd v2 so v3 will not be different.
Also they are quite recent and have all updated modules as well decent kernel...
30/30/30 reset its not that accurate better try Telnet (or SSH) into 192.168.1.1
Issue commands:
erase nvram
reboot
30/30/30 does dodge tricks sometimes _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Wed Aug 31, 2016 20:33 Post subject:
as far as 27506 yes it s very very old, try 30016, and even 30432,
both working good and stable on 1043nd v2 so v3 will not be different.
Also they are quite recent and have all updated modules as well decent kernel...
30/30/30 reset its not that accurate better try Telnet (or SSH) into 192.168.1.1
Issue commands:
erase nvram
reboot
30/30/30 does dodge tricks sometimes _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
as far as 27506 yes it s very very old, try 30016, and even 30432,
both working good and stable on 1043nd v2 so v3 will not be different.
Also they are quite recent and have all updated modules as well decent kernel...
30/30/30 reset its not that accurate better try Telnet (or SSH) into 192.168.1.1
Issue commands:
erase nvram
reboot
30/30/30 does dodge tricks sometimes
Thanks for those hints. In the new versions, if you SSH, and do a "route" command, do you get a default GW displayed ? (See my OP output; it shows only "*" in the GW column.)