DD-WRT :: View topic - Setting up dd-wrt with openVPN (privateinternetaccess.com)

Setting up dd-wrt with openVPN (privateinternetaccess.com)

DD-WRT Forum Index -> Advanced Networking

Goto page Previous 1, 2

View previous topic :: View next topic

Author

Message

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6447
Location: UK, London, just across the river..

Posted: Sat Jan 27, 2024 9:13 Post subject:

D.F.Cruizer wrote:

Lastly, PIA OpenVPN only works on Firmware of r54545 std (12/18/23) on my R9000.

It works fine on 55009 / R9000
you have to add to your VPN config..

disable-dco

as PIA is not connecting otherwise..tried to speak with them on the DCO subject and to debug, but all went for a walk in circles as usual (with PIA support)...and didn't have the stamina to try again on the next day...(their support staff knowledge may vary Razz

a lot)..I can share you my config if so...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

Sponsor

D.F.Cruizer
DD-WRT User

Joined: 14 May 2023
Posts: 95

Posted: Sat Jan 27, 2024 21:49 Post subject:

Alozaros wrote:

D.F.Cruizer wrote:

Lastly, PIA OpenVPN only works on Firmware of r54545 std (12/18/23) on my R9000.

a lot)..I can share you my config if so...

.

Thanks Alozaros

PIA OpenVPN Client connects successfully on DDWRT version r55009 after disable-dco was added to additional configuration box. But my OpenVPN Server cannot be connected from a remote device. Despite running new Exported Clients Configuration script on same version. So back down to 54545 for me.

I paid PIA annual sub. late last year. Maybe it's time to consider Mullvad VPN next.

TQA
DD-WRT Novice

Joined: 24 Jan 2024
Posts: 6

Posted: Fri Feb 02, 2024 10:55 Post subject:

Hey guys, thank you for the overwhelming response!

After updating the firmware and attempting to connect we are getting an error stack and we simply lack the knowledge to debug the issue.

System:
Router Name DD-WRT
Router Model Asus RT-AC68U C1
Firmware Version DD-WRT v3.0-r44715 std (11/03/20)
Kernel Version Linux 4.4.241 #1322 SMP Mon Nov 2 06:39:27 GMT 2020 armv7l
MAC Address FC:34:97:6F:43:21
Hostname -
WAN Domain Name -
LAN Domain Name -
Current Time Fri, 02 Feb 2024 11:52:30
Uptime 17 min

Code:

Config:
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
pull-filter ignore "auth-token"

Code:

Clientlog:
20240202 11:57:29 W DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (none). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
20240202 11:57:29 W WARNING: cipher 'none' specified for --data-ciphers. This allows negotiation of NO encryption and tunnelled data WILL then be transmitted in clear text over the network! PLEASE DO RECONSIDER THIS SETTING!
20240202 11:57:29 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20240202 11:57:29 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20240202 11:57:29 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20240202 11:57:29 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20240202 11:57:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20240202 11:57:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240202 11:57:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:57:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:57:29 I TCP/UDP: Preserving recently used remote address: [AF_INET]<ip1>:1198
20240202 11:57:29 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240202 11:57:29 I UDPv4 link local: (not bound)
20240202 11:57:29 I UDPv4 link remote: [AF_INET]<ip1>:1198
20240202 11:57:30 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:30 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:32 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:32 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:37 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:37 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:45 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:45 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:58:01 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:58:01 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:58:29 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240202 11:58:29 N TLS Error: TLS handshake failed
20240202 11:58:29 I SIGUSR1[soft tls-error] received process restarting
20240202 11:58:29 Restart pause 5 second(s)
20240202 11:58:34 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240202 11:58:34 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:58:34 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:58:34 I TCP/UDP: Preserving recently used remote address: [AF_INET]<ip>:1198
20240202 11:58:34 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240202 11:58:34 I UDPv4 link local: (not bound)
20240202 11:58:34 I UDPv4 link remote: [AF_INET]<ip>:1198
20240202 11:58:34 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:34 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:36 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:36 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:40 TLS: Initial packet from [AF_INET]<ip>.4:1198 sid=940fe5ea 339b071f
20240202 11:58:40 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:48 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:48 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:59:04 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:59:04 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'status 2'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00

ho1Aetoo
DD-WRT Guru

Joined: 19 Feb 2019
Posts: 3006
Location: Germany

Posted: Fri Feb 02, 2024 11:07 Post subject:
You still have an outdated firmware installed although you have already been given the correct links _________________ Quickstart guides: use Pi-Hole as simple DNS-Server with DD-WRT VLAN configuration via GUI - 1 CPU port VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc) Routers Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway Qualcomm IPQ8065 - R7800 - DD-WRT - WAP

TQA
DD-WRT Novice

Joined: 24 Jan 2024
Posts: 6

Posted: Fri Feb 02, 2024 11:23 Post subject:

ho1Aetoo wrote:

You still have an outdated firmware installed although you have already been given the correct links

That firmware version is the latest for the router we have.

Will we potentially require a router that allows the most recent firmware version?

TQA
DD-WRT Novice

Joined: 24 Jan 2024
Posts: 6

Posted: Fri Feb 02, 2024 11:24 Post subject:

ho1Aetoo wrote:

You still have an outdated firmware installed although you have already been given the correct links

That firmware version is the latest for the router we have.

Will we potentially require a router that allows the most recent firmware version?

TQA
DD-WRT Novice

Joined: 24 Jan 2024
Posts: 6

Posted: Fri Feb 02, 2024 11:25 Post subject:

ho1Aetoo wrote:

You still have an outdated firmware installed although you have already been given the correct links

That firmware version is the latest for the router we have.

Will we potentially require a router that allows the most recent firmware version?

Also, NordVPN works fine on the router, just not private internet access. I didn't quite understand why that is.

Sry for multiple post. Router was acting up[/i]

Last edited by TQA on Fri Feb 02, 2024 11:33; edited 1 time in total

ho1Aetoo
DD-WRT Guru

Joined: 19 Feb 2019
Posts: 3006
Location: Germany

Posted: Fri Feb 02, 2024 11:32 Post subject:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1296583#1296583 _________________ Quickstart guides: use Pi-Hole as simple DNS-Server with DD-WRT VLAN configuration via GUI - 1 CPU port VLAN configuration via GUI - 2 CPU ports (R7800, EA8500 etc) Routers Marvell OCTEON TX2 - QHora-322 - OpenWrt 23.05.3 - Gateway Qualcomm IPQ8065 - R7800 - DD-WRT - WAP

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands

Posted: Fri Feb 02, 2024 11:39 Post subject:

When we say you are using an outdated version what precisely do you not understand?

Latest build is 55033.

I have an AC68 running the latest firmware 55033 without a problem using OpenVPN and WireGuard.

Please read the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

After upgrading reset to defaults and put settings in manually, do not restore from a backup!
Normally that is not necessary but as you are coming form a really old build it is highly recommended to do it.

The OpenVPN Client setup guide (a sticky in this forum) has the necessary information to setup a VPN client but just start with importing the vpn config file (yes importing is possible in recent builds).

There is even a paragraph about PIA for some additional information.

All the information is at your finger tips but if you refuse to use it we cannot help
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

TQA
DD-WRT Novice

Joined: 24 Jan 2024
Posts: 6

Posted: Fri Feb 02, 2024 13:59 Post subject:
I did what was recommended on the guide. However, now, instead of seeing an error stack I see nothing at all. Neither pia nor NordVPN are connecting

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands

Posted: Fri Feb 02, 2024 14:26 Post subject:

Have a look at the Troubleshooting section then you know what to do Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Goto page Previous 1, 2

Display posts from previous:

Page 2 of 2

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

Setting up dd-wrt with openVPN (privateinternetaccess.com)

Quick Links

Log in