Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Jan 27, 2024 9:13 Post subject:
D.F.Cruizer wrote:
Lastly, PIA OpenVPN only works on Firmware of r54545 std (12/18/23) on my R9000.
It works fine on 55009 / R9000
you have to add to your VPN config..
disable-dco
as PIA is not connecting otherwise..tried to speak with them on the DCO subject and to debug, but all went for a walk in circles as usual (with PIA support)...and didn't have the stamina to try again on the next day...(their support staff knowledge may vary a lot)..I can share you my config if so... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Lastly, PIA OpenVPN only works on Firmware of r54545 std (12/18/23) on my R9000.
It works fine on 55009 / R9000
you have to add to your VPN config..
disable-dco
as PIA is not connecting otherwise..tried to speak with them on the DCO subject and to debug, but all went for a walk in circles as usual (with PIA support)...and didn't have the stamina to try again on the next day...(their support staff knowledge may vary a lot)..I can share you my config if so...
.
Thanks Alozaros
PIA OpenVPN Client connects successfully on DDWRT version r55009 after disable-dco was added to additional configuration box. But my OpenVPN Server cannot be connected from a remote device. Despite running new Exported Clients Configuration script on same version. So back down to 54545 for me.
I paid PIA annual sub. late last year. Maybe it's time to consider Mullvad VPN next.
Hey guys, thank you for the overwhelming response!
After updating the firmware and attempting to connect we are getting an error stack and we simply lack the knowledge to debug the issue.
System:
Router Name DD-WRT
Router Model Asus RT-AC68U C1
Firmware Version DD-WRT v3.0-r44715 std (11/03/20)
Kernel Version Linux 4.4.241 #1322 SMP Mon Nov 2 06:39:27 GMT 2020 armv7l
MAC Address FC:34:97:6F:43:21
Hostname -
WAN Domain Name -
LAN Domain Name -
Current Time Fri, 02 Feb 2024 11:52:30
Uptime 17 min
Clientlog:
20240202 11:57:29 W DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (none). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
20240202 11:57:29 W WARNING: cipher 'none' specified for --data-ciphers. This allows negotiation of NO encryption and tunnelled data WILL then be transmitted in clear text over the network! PLEASE DO RECONSIDER THIS SETTING!
20240202 11:57:29 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20240202 11:57:29 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20240202 11:57:29 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20240202 11:57:29 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20240202 11:57:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20240202 11:57:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240202 11:57:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:57:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:57:29 I TCP/UDP: Preserving recently used remote address: [AF_INET]<ip1>:1198
20240202 11:57:29 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240202 11:57:29 I UDPv4 link local: (not bound)
20240202 11:57:29 I UDPv4 link remote: [AF_INET]<ip1>:1198
20240202 11:57:30 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:30 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:32 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:32 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:37 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:37 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:57:45 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:57:45 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:58:01 TLS: Initial packet from [AF_INET]<ip1>:1198 sid=801467a8 893a9e99
20240202 11:58:01 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip1>:1198
20240202 11:58:29 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240202 11:58:29 N TLS Error: TLS handshake failed
20240202 11:58:29 I SIGUSR1[soft tls-error] received process restarting
20240202 11:58:29 Restart pause 5 second(s)
20240202 11:58:34 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240202 11:58:34 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:58:34 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240202 11:58:34 I TCP/UDP: Preserving recently used remote address: [AF_INET]<ip>:1198
20240202 11:58:34 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240202 11:58:34 I UDPv4 link local: (not bound)
20240202 11:58:34 I UDPv4 link remote: [AF_INET]<ip>:1198
20240202 11:58:34 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:34 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:36 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:36 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:40 TLS: Initial packet from [AF_INET]<ip>.4:1198 sid=940fe5ea 339b071f
20240202 11:58:40 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:58:48 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:58:48 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:59:04 TLS: Initial packet from [AF_INET]<ip>:1198 sid=940fe5ea 339b071f
20240202 11:59:04 N TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:1198
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'state'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'status 2'
20240202 11:59:06 MANAGEMENT: Client disconnected
20240202 11:59:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240202 11:59:06 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Fri Feb 02, 2024 11:39 Post subject:
When we say you are using an outdated version what precisely do you not understand?
Latest build is 55033.
I have an AC68 running the latest firmware 55033 without a problem using OpenVPN and WireGuard.
Please read the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
After upgrading reset to defaults and put settings in manually, do not restore from a backup!
Normally that is not necessary but as you are coming form a really old build it is highly recommended to do it.
The OpenVPN Client setup guide (a sticky in this forum) has the necessary information to setup a VPN client but just start with importing the vpn config file (yes importing is possible in recent builds).
There is even a paragraph about PIA for some additional information.