WNDR3700 build issue? OpenVPN disconnecting

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4, 5  Next
Author Message
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Thu Jan 06, 2011 17:19    Post subject: WNDR3700 build issue? OpenVPN disconnecting Reply with quote
Hello team,

I have been working with dd-wrt for over two years, with different routers, always linksys. wrt320n mainly, some wrt160s, etc. I normally use BIG or MEGA, or custom builds for openvpn when ram is 4 meg. Never had any issues. Have my own openvpn servers running on different locations (Colocated Servers).

WNDR3700 is a new animal for me. I decided to make the shift when I found that it had the new Atheros 680mhz processor. Speed is an issue for a client of mine, so due to the cpu usage in encryption, 680mhz gives me a much higher throughput (ca. 11mbps), versus the 320n with 354mhz, ca. 7mbps.

Anyway, the point:

For some strange reason, wndr3700 severs the connection (it completely stops routing traffic), when an upload occurs. I noticed this during the upload tests on various pages such as speedtest.net / speakeasy.net/speedtest / and some text and java versions as well.

otherwise, the tunnel is stable. Whenever an upload occurs, everything stops routing. As soon as I kill the openvpn process through terminal, everything resumes promptly.

I have NEVER had this happen to me on any of the other routers, and the config for openvpn is the same. I have another E2000, E3000, and wrt320n, and they don't have this issue. it's only WNDR3700.

Syslog does not show anything (/var/log/messages). I tried to check if it was an iptables issue, i flushed the nat, and routed traffic again normally, as well as through tun0. Nothing.

I can still access 192.168.1.1 however, when this happens.

I have no idea why this is. I've upgraded to new firmware (the new 01/03/2011 .6.98 stock), then gone to dd-wrt, webflashed, a whole number of things, and no joy.

Is this a quirk? I have been googling for the better
part of three days and haven't found anything similar.

It ONLY happens with Openvpn active. Without OpenVPN, everything works peachy keen. upload through speedtest, and everything.

I tried to reproduce the error with any other things that would hang the router up, and the only thing that did so was my trying to access the internal ip's through the tun0 IP from another location.

Example:

tun0 established with IP 10.8.5.10 . I go to another location, and access http://10.8.5.10 (and on all my other routers it works just fine, by forwarding port 80 and/or disabling firewall), and with this one, it hangs.

The weird part is that the connection REMAINS ACTIVE to the openvpn server. just no traffic whatsoever.

Please help.
Sponsor
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Thu Jan 06, 2011 17:40    Post subject: Configs Reply with quote
I'll include a few configs that I use, they work perfectly with all other builds i've ever used on dd-wrt, wrt320n's, wrt160n's, wrt54g, even some x86 custom boxes.

This one is the only quirky one I've ever come across, and it ONLY happens when doing an upload through speedtest. I've tried modifying QoS. Bit stumped, really :(

This is my basic SH script so I can avoid the pesky "easy way" and all that that turns out not to be easy at all. It works perfectly for all dd-wrt builds I have ever built.

Code:


#/bin/sh
for i in `nvram show|grep openvpn|cut -d '=' -f1`; do nvram unset $i; done
nvram set rc_startup='mkdir /tmp/ovpn
cd /tmp/ovpn
nvram get ovpn_up>up
nvram get ovpn_dn>dn
chmod +x up dn
nvram get ovpn_cfg>ovpn.conf
mkdir -p /tmp/etc/config
echo -e "#!/bin/sh\nkillall openvpn\nping -c10 localhost\nkillall openvpn\nopenvpn --daemon --config /tmp/ovpn/ovpn.conf">/tmp/etc/config/ovpn.wanup
chmod +x /tmp/etc/config/ovpn.wanup'
nvram set ovpn_cfg='remote IP_ADDRESS PORT
proto udp
tls-auth ta.key 1
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 2
mute 20
cipher BF-CBC
keepalive 10 120
route-up "/tmp/ovpn/up"
down "/tmp/ovpn/dn"
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
*cut for security purposes*
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
*cut*
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*CUT*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
*cut*
-----END RSA PRIVATE KEY-----
</key>
<dh>
-----BEGIN DH PARAMETERS-----
*cut*
-----END DH PARAMETERS-----
</dh>
'
nvram set ovpn_up='iptables -t nat -A POSTROUTING -o $dev -j MASQUERADE
for R in /tmp/resolv.conf /tmp/resolv.dnsmasq; do
mv $R $R~
for O in "$foreign_option_1" "$foreign_option_2"; do
P="$O"
p1=$(echo "$P" | cut -d " " -f1)
if [ "$p1" == "dhcp-option" ]; then
p2=$(echo "$P" | cut -d " " -f2)
p3=$(echo "$P" | cut -d " " -f3)
if [ "$p2" == "DNS" ] ; then
echo "nameserver $p3">>$R
fi
fi
done
done
'
nvram set ovpn_dn='iptables -t nat -D POSTROUTING -o $dev -j MASQUERADE
for R in /tmp/resolv.conf /tmp/resolv.dnsmasq; do
mv $R~ $R
done
killall -HUP dnsmasq'
nvram commit
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Thu Jan 06, 2011 17:44    Post subject: /var/log/messages and Build Reply with quote
Hey, so just a few more data:

Code:

Warning: Permanently added '10.8.0.86' (RSA) to the list of known hosts.
DD-WRT v24-sp2 std (c) 2010 NewMedia-NET GmbH

BUILD 15962 (12/24/2010)



Code:


Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan  6 09:53:55 TRONIXWRTIX daemon.notice openvpn[1884]: [server] Peer Connection Initiated with ******
Jan  6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: TUN/TAP device tun0 opened
Jan  6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: /sbin/ifconfig tun0 10.8.0.86 pointopoint 10.8.0.85 mtu 1500
Jan  6 09:53:57 TRONIXWRTIX daemon.notice openvpn[1884]: Initialization Sequence Completed


Code:


root@TRONIXWRTIX:~# ps |grep openvpn
 1884 root      2772 S    openvpn --daemon --config /tmp/ovpn/ovpn.conf


Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17442
Location: Hesse/Germany

PostPosted: Thu Jan 06, 2011 19:28    Post subject: Reply with quote
Quote:
For some strange reason, wndr3700 severs the connection (it completely stops routing traffic), when an upload occurs.


mtu/mss fix problem

_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Thu Jan 06, 2011 20:07    Post subject: MTU Reply with quote
Thanks, I actually tried going
mssfix 1200, 1300, 1100 (various settings), all the way down to 1000, to no avail.

mtu is set at default 1500, (haven't specified an option), and i don't use fragment.

No other routers have issues, so I don't know why this one would, through the same ISP, same line, same everything.

Is that possible that this one would?

I wouldn't like to touch mtu and fragment on the server cause i have to fix all the others connected to it remotely, and they are working fine...

Many thanks for your input. Thoughts?

My thoughts on this would be: is it possible that because this one has a 680mhz processor and thus routes traffic faster, it is more saturated than the 354mhz broadcom on the wrt320n? That one routes 7 mbps no problem...

But this one that gets all the way up to 12, does have issues. would that even have anything to do with it?

Because also by the way, software connected (openvpn-network-manager) package in Ubuntu routes my full speed with no issue, same config. (core i3, so obviously it wouldn't be). but if it were mtu wouldn't the disconnect also happen on software?)
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Fri Jan 07, 2011 6:54    Post subject: Reply with quote
Been fooling around with tun-mtu, mssfix and fragment for the better part of the. afternoon and evening. lowered tun mtu to 1450, to 1400, fragment and mssfix always lower of course, sometimes only tun mtu, etcetera etcetera. No luck.

Same issue. router goes kaput with upload *it doesnt even start to upload*.

weird thing is though, I can still ping the openvpn server. that's the only route still active once it goes kaput.
ndewan
DD-WRT Guru


Joined: 14 Jan 2010
Posts: 528

PostPosted: Fri Jan 07, 2011 7:06    Post subject: Reply with quote
is there another WNDR that you can test with ...? Answer is probably 'no', but I wanted to ask.
_________________
===============================
1 * E3000 - 15962 mega-e2k-e3k Main Router (wl0 - NG clients, wl1 - N Backbone)
OptWare - 4GB USB (128 MB swap, 1.4GB /opt and 2 GB on /mnt)
2 * E3000 - 15962 mega Repeater Bridge (wl0 - NG clients, wl1 - N Backbone)
1 * E4200 - 22200 mega - kong VPN/PPTP
===============================
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Fri Jan 07, 2011 15:56    Post subject: Reply with quote
That's a good idea, unfortunately NO, however
For any wndr3700 user i would be willing to lease a vpn account to test the settings.

In other words, see if we can reproduce the error on their line, and they get a 10 mbps full duplex VPN in return for a month.
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Sat Jan 08, 2011 1:22    Post subject: Reply with quote
SOLVED!! oh how I do enjoy solving these. Three sleepless nights and a few headaches later, it turned out that after I tried all tun-mtu, mssfix and fragment settings KNOWN TO MAN to no avail,
i decided to enable LZO compression, even though on my other routers I never have.

as soon as I added

comp-lzo

it worked like a CHARM, no disconnects. no Nothing.

Leaving this so that anyone who comes across this in the future can benefit.

Cheers.
ndewan
DD-WRT Guru


Joined: 14 Jan 2010
Posts: 528

PostPosted: Sat Jan 08, 2011 1:36    Post subject: Reply with quote
good to hear..
_________________
===============================
1 * E3000 - 15962 mega-e2k-e3k Main Router (wl0 - NG clients, wl1 - N Backbone)
OptWare - 4GB USB (128 MB swap, 1.4GB /opt and 2 GB on /mnt)
2 * E3000 - 15962 mega Repeater Bridge (wl0 - NG clients, wl1 - N Backbone)
1 * E4200 - 22200 mega - kong VPN/PPTP
===============================
amakryss
DD-WRT Novice


Joined: 06 Jan 2011
Posts: 23

PostPosted: Tue Jan 11, 2011 16:39    Post subject: Reply with quote
Sadly, i thought it had been fixed (it doesn't disconnect automatically at upload with comp-lzo on), and now, it selectively stops routing traffic, 4 or 5 minutes pass and it starts up again through the vpn. Very frustrated with this.

I have absolutely no issue with 11 deployed linksys wrt320n's, all connecting to the same openvpn server..

This pos is the only one I can't seem to get to work properly.

Could this be a build issue? i've tried reflashing to almost all the revisions, going back to stock first. no joy.
ndewan
DD-WRT Guru


Joined: 14 Jan 2010
Posts: 528

PostPosted: Tue Jan 11, 2011 18:08    Post subject: Reply with quote
could be a hardware problem too .. make sure you have sufficient ventilation and airflow.

See if you can get your hands on another WNDR, or better, since you have a gooed experience with linksys, stick with it, get another one.

_________________
===============================
1 * E3000 - 15962 mega-e2k-e3k Main Router (wl0 - NG clients, wl1 - N Backbone)
OptWare - 4GB USB (128 MB swap, 1.4GB /opt and 2 GB on /mnt)
2 * E3000 - 15962 mega Repeater Bridge (wl0 - NG clients, wl1 - N Backbone)
1 * E4200 - 22200 mega - kong VPN/PPTP
===============================
europa48138
DD-WRT Novice


Joined: 26 Jan 2009
Posts: 2

PostPosted: Tue Mar 08, 2011 19:00    Post subject: Reply with quote
I'm seeing the same problems, anyone have a solution?
invalid_id
DD-WRT Novice


Joined: 01 Mar 2011
Posts: 5

PostPosted: Fri Mar 11, 2011 3:13    Post subject: Reply with quote
I have three WNDR3700 routers. Two are v2, one is v1. If I understand correctly, you'd like to setup a WNDR3700 as an OpenVPN server? Either way, server or client, PM me and maybe I can squeeze in some time over the weekend to help you. I haven't bothered with OpenVPN (currently using PPTP), because I ended up temp bricking my WNR3500L when the certs overflowed the nvram config space. I'm willing to give it a try again, though. GMT-8
europa48138
DD-WRT Novice


Joined: 26 Jan 2009
Posts: 2

PostPosted: Sun Mar 13, 2011 4:53    Post subject: Reply with quote
Good luck running OpenVPN on the WNDR3700. It connects briefly, but then locks up, and does this consistently.
Goto page 1, 2, 3, 4, 5  Next Display posts from previous:    Page 1 of 5
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum