Author
Message
imaginal DD-WRT Novice Joined: 09 Jul 2014 Posts: 6
Posted: Thu Jul 10, 2014 21:10 Post subject: QoS and openVPN not working together
Hi All,
I have the openVPN client running to a vpn service with no issues. I've enabled QoS but it completely halts all connections. If I disable my VPN, the QoS settings work without issue. I can have 1, but not both. How do I fix this? What is conflicting?
Back to top
Sponsor
imaginal DD-WRT Novice Joined: 09 Jul 2014 Posts: 6
Posted: Fri Jul 11, 2014 2:24 Post subject:
This is the openVPN log
Code: Serverlog Clientlog 20140710 18:59:52 I OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
20140710 18:59:52 I library versions: OpenSSL 1.0.1h 5 Jun 2014 LZO 2.06
20140710 18:59:52 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20140710 18:59:52 W WARNING: file '/tmp/password.txt' is group or others accessible
20140710 18:59:52 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140710 18:59:52 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140710 18:59:52 I UDPv4 link local: [undef]
20140710 18:59:52 I UDPv4 link remote: [AF_INET]198.23.71.110:1194
20140710 18:59:52 TLS: Initial packet from [AF_INET]198.23.71.110:1194 sid=aa73a889 6bd845a4
20140710 18:59:52 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20140710 18:59:53 VERIFY OK: depth=1 C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
20140710 18:59:53 Validating certificate key usage
20140710 18:59:53 ++ Certificate has key usage 00a0 expects 00a0
20140710 18:59:53 NOTE: --mute triggered...
20140710 18:59:53 10 variation(s) on previous 3 message(s) suppressed by --mute
20140710 18:59:53 I [Private Internet Access] Peer Connection Initiated with [AF_INET]198.23.71.110:1194
20140710 18:59:55 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
20140710 18:59:55 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 route 10.150.1.1 topology net30 ifconfig 10.150.1.6 10.150.1.5'
20140710 18:59:55 OPTIONS IMPORT: timers and/or timeouts modified
20140710 18:59:55 NOTE: --mute triggered...
20140710 18:59:55 3 variation(s) on previous 3 message(s) suppressed by --mute
20140710 18:59:55 ROUTE_GATEWAY xxx.xxx.xxx.xxx/255.255.248.0 IFACE=vlan2 HWADDR=xx:XX:XX:XX:XX:XX
20140710 18:59:55 I TUN/TAP device tun1 opened
20140710 18:59:55 TUN/TAP TX queue length set to 100
20140710 18:59:55 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20140710 18:59:55 I /sbin/ifconfig tun1 10.150.1.6 pointopoint 10.150.1.5 mtu 1500
20140710 18:59:55 /sbin/route add -net 198.23.71.110 netmask 255.255.255.255 gw 67.168.152.1
20140710 18:59:55 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.150.1.5
20140710 18:59:55 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.150.1.5
20140710 18:59:55 /sbin/route add -net 10.150.1.1 netmask 255.255.255.255 gw 10.150.1.5
20140710 18:59:58 I Initialization Sequence Completed
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 NOTE: --mute triggered...
20140710 19:03:55 9 variation(s) on previous 3 message(s) suppressed by --mute
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'log 500'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:04:42 N write UDPv4: Message too long (code=90)
20140710 19:04:42 N write UDPv4: Message too long (code=90)
20140710 19:04:43 N write UDPv4: Message too long (code=90)
20140710 19:04:44 NOTE: --mute triggered...
20140710 19:06:21 6 variation(s) on previous 3 message(s) suppressed by --mute
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'log 500'
19691231 16:00:00
And this is the syslog
Code: Jan 1 00:00:03 DD-WRT syslog.info syslogd started: BusyBox v1.22.1
Jan 1 00:00:03 DD-WRT kern.info kernel: device vlan2 entered promiscuous mode
Jan 1 00:00:03 DD-WRT kern.info kernel: device vlan2 left promiscuous mode
Jan 1 00:00:03 DD-WRT user.info syslog: ttraff : traffic counter daemon successfully started
Jan 1 00:00:03 DD-WRT user.info syslog: NAS : NAS lan (wl0 interface) successfully started
Jan 1 00:00:03 DD-WRT user.info syslog: NAS : NAS lan (wl1 interface) successfully started
Jan 1 00:00:04 DD-WRT authpriv.warn dropbear[1005]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 1 00:00:04 DD-WRT authpriv.warn dropbear[1005]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 1 00:00:04 DD-WRT authpriv.info dropbear[1013]: Running in background
Jan 1 00:00:04 DD-WRT user.info syslog: dropbear : ssh daemon successfully started
Jan 1 00:00:04 DD-WRT user.info syslog: cron : cron daemon successfully started
Jan 1 00:00:04 DD-WRT cron.info cron[1025]: (CRON) STARTUP (fork ok)
Jan 1 00:00:04 DD-WRT user.info syslog: dnsmasq : dnsmasq daemon successfully started
Jan 1 00:00:04 DD-WRT cron.info cron[1025]: (crontabs) ORPHAN (no passwd entry)
Jan 1 00:00:04 DD-WRT user.info syslog: klogd : kernel log daemon successfully stopped
Jan 1 00:00:04 DD-WRT kern.notice kernel: klogd: exiting
Jan 1 00:00:05 DD-WRT user.info syslog: resetbutton : resetbutton daemon successfully stopped
Jan 1 00:00:05 DD-WRT user.info syslog: minidlna : DLNA Media Server successfully started
Jan 1 00:00:05 DD-WRT user.info syslog: syslogd : syslog daemon successfully stopped
Jan 1 00:00:05 DD-WRT syslog.info syslogd exiting
Jan 1 00:00:05 DD-WRT syslog.info syslogd started: BusyBox v1.22.1
Jan 1 00:00:05 DD-WRT kern.notice kernel: klogd started: BusyBox v1.22.1 (2014-06-13 21:58:32 CEST)
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
Jan 1 00:00:05 DD-WRT user.info syslog: Samba3 : samba started
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jan 1 00:00:05 DD-WRT daemon.warn openvpn[1032]: WARNING: file '/tmp/password.txt' is group or others accessible
Jan 1 00:00:05 DD-WRT daemon.warn openvpn[1032]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1384]: UDPv4 link local: [undef]
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1384]: UDPv4 link remote: [AF_INET]50.23.65.53:1194
Jan 1 00:00:05 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:05 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: process_monitor successfully started
Dec 31 16:00:06 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Dec 31 16:00:06 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:11 DD-WRT user.info syslog: cron : cron daemon successfully stopped
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: SIGUSR1[soft,ping-restart] received, process restarting
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: Restart pause, 2 second(s)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_destroy (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_flush (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_add (err 0)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_exp_gre (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_inbound (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_outbound (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_expectfn (err 0)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:12 DD-WRT kern.info kernel: xt_ndpi 0.1 (nDPI wrapper module).
Jul 10 19:15:12 DD-WRT kern.warn kernel: [NDPI] ndpi_init_protocol_defaults(missing protoId=145) INTERNAL ERROR: not all protocols have been initialized
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:12 DD-WRT daemon.debug process_monitor[1697]: Restarting cron (time sync change)
Jul 10 19:15:12 DD-WRT daemon.debug process_monitor[1697]: We need to re-update after 3600 seconds
Jul 10 19:15:12 DD-WRT daemon.info process_monitor[1697]: set timer: 3600 seconds, callback: ntp_main()
Jul 10 19:15:12 DD-WRT user.info syslog: wland : WLAN daemon successfully stopped
Jul 10 19:15:12 DD-WRT user.info syslog: cron : cron daemon successfully started
Jul 10 19:15:12 DD-WRT cron.info cron[2247]: (CRON) STARTUP (fork ok)
Jul 10 19:15:12 DD-WRT cron.info cron[2247]: (crontabs) ORPHAN (no passwd entry)
Jul 10 19:15:12 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:12 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:12 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:12 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:13 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:13 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:13 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:13 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:13 DD-WRT daemon.warn openvpn[1384]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: UDPv4 link local: [undef]
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: UDPv4 link remote: [AF_INET]50.23.115.94:1194
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: TLS: Initial packet from [AF_INET]50.23.115.94:1194, sid=aa5ed887 818782c7
Jul 10 19:15:13 DD-WRT daemon.warn openvpn[1384]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: Validating certificate key usage
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: ++ Certificate has key usage 00a0, expects 00a0
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: NOTE: --mute triggered...
Jul 10 19:15:14 DD-WRT user.info syslog: wland : WLAN daemon successfully started
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: 10 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: [Private Internet Access] Peer Connection Initiated with [AF_INET]50.23.115.94:1194
Jul 10 19:15:14 DD-WRT user.info syslog: WAN is up. IP: 67.168.152.101
Jul 10 19:15:14 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Client) successfully stopped
Jul 10 19:15:14 DD-WRT daemon.err openvpn[1384]: event_wait : Interrupted system call (code=4)
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: SIGTERM[hard,] received, process exiting
Jul 10 19:15:14 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:14 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:15 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:16 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:16 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:16 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:16 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Client) starting/restarting...
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3614]: WARNING: file '/tmp/password.txt' is group or others accessible
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3614]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: UDPv4 link local: [undef]
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: UDPv4 link remote: [AF_INET]50.23.65.53:1194
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: TLS: Initial packet from [AF_INET]50.23.65.53:1194, sid=0d8b5ec7 3a69aec1
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3615]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: Validating certificate key usage
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: ++ Certificate has key usage 00a0, expects 00a0
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: 10 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: [Private Internet Access] Peer Connection Initiated with [AF_INET]50.23.65.53:1194
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:17 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:18 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:18 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:18 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.153.85.1,topology net30,ifconfig 10.153.85.6 10.153.85.5'
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: 3 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: ROUTE_GATEWAY 67.168.152.1/255.255.248.0 IFACE=vlan2 HWADDR=e4:f4:c6:03:99:ef
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: TUN/TAP device tun1 opened
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: TUN/TAP TX queue length set to 100
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/ifconfig tun1 10.153.85.6 pointopoint 10.153.85.5 mtu 1500
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 50.23.65.53 netmask 255.255.255.255 gw 67.168.152.1
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.153.85.5
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.153.85.5
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 10.153.85.1 netmask 255.255.255.255 gw 10.153.85.5
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:20 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:21 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:21 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:21 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:21 DD-WRT daemon.notice openvpn[3615]: Initialization Sequence Completed
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:22 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 3(eth2) entered forwarding state
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 2(eth1) entered forwarding state
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 1(vlan1) entered forwarding state
Jul 10 19:15:24 DD-WRT user.debug syslog: ttraff: data collection started
Jul 10 19:16:00 DD-WRT cron.info cron[2247]: (crontabs) ORPHAN (no passwd entry)
Back to top
imaginal DD-WRT Novice Joined: 09 Jul 2014 Posts: 6
Posted: Fri Jul 11, 2014 4:13 Post subject:
I've been playing with the MTU values, fragments, and the mss-fix with no luck. I just flashed DD-WRT v24-sp2 (07/07/14) kongac which had a MTU adjustment, but still no luck. Each test shows the same results.
If I just have openVPN running, I can make a handful of changes and service is uninterrupted. If I turn off openVPN and enable QoS, really any scheduler, uplink and downlink settings, and service priority changes all work and QoS works as expected/told.
If I enable both using any settings tried, WAN completely blocked. LAN access is, as expected, unaffected.
Back to top
imaginal DD-WRT Novice Joined: 09 Jul 2014 Posts: 6
Posted: Sat Jul 12, 2014 23:19 Post subject:
I have yet to get this working properly, but I think I have a little more to go on. QoS runs properly when open vpn is started with the following script:
Code: #!/bin/sh
USERNAME="xxxxxx"
PASSWORD="xxxxxxxxxxx"
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
# US - WEST
remote xxxxxxxxxxx.xxx.xxx 1194
##EE##
"
#### DO NOT CHANGE below this line unless you know exactly what you're doing ####
CA_CRT='-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----'
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi
sleep 10
mkdir /tmp/pia; cd /tmp/pia
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/pia/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append piavpn.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > pia.conf
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log
ln -s /tmp/pia/status /tmp/status
(killall openvpn; openvpn --config /tmp/pia/pia.conf --route-up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) &
exit 0
The thing is, I'd rather not run openvpn this way for a few reasons. What setting in this script is allowing QoS to work?
Back to top
qiller DD-WRT Novice Joined: 14 May 2013 Posts: 10
Posted: Sat Jul 26, 2014 6:20 Post subject:
After testing around with net-to-net configuration between IPFire (Server) and dd-wrt (client) and getting problems with dns-resolving ( http://www.dd-wrt.com/phpBB2/viewtopic.php?t=264364 ), i flashed to a current firmware (which didnt help with my dns-resolving problem) and went over to roadwarrior-setup.
Everything works as it should, DNS (including dns-forwarding through dnsmasq), RDP, SMB, ping etc. in both directions. But when i switch on QoS, i end up like threadstarter.
I flashed to Build 24160. Are there any known problems with QoS+OpenVPN? Is there a workaround for this problem?
Back to top
Sash DD-WRT Guru Joined: 20 Sep 2006 Posts: 17619 Location: Hesse/Germany
Back to top
qiller DD-WRT Novice Joined: 14 May 2013 Posts: 10
Posted: Sun Jul 27, 2014 12:31 Post subject:
I didn't need qos for openvpn, i need qos with openvpn and i got it working now, together with my other problem ( http://www.dd-wrt.com/phpBB2/viewtopic.php?t=264364 )establishing a net-to-net connection. It was a long weekend .
Now here's my startup-script for a net-to-net configuration between IPFire (OpenVPN server) and dd-wrt (OpenVPN client):
Code: # Move to writable directory and create scripts
mkdir /tmp/oli; cd /tmp/oli
ln -s /usr/sbin/openvpn /tmp/oli/olivpn
# route up script
echo "#!/bin/sh
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
# for allowing traffic from VPN-transportsubnet (used by services running on dd-wrt directly
# i.e. dnsmasq or if you want ping/nslookup from dd-wrt to other subnet on IPFire)
# traffic from VPN-transportsubnet is blocked in IPFire, so we change source address
# if u dont use IPFire as other endpoint, probably u didn't need this rule
# 10.0.111.2 - dd-wrt transport-vpn endpoint
# 192.168.111.1 - dd-wrt LAN IP
iptables -t nat -A POSTROUTING -s 10.0.111.2 -j SNAT --to-source 192.168.111.1
" > route-up.sh
# route down script
echo "#!/bin/sh
iptables -D FORWARD -i tun0 -j ACCEPT
iptables -D FORWARD -o tun0 -j ACCEPT
iptables -D INPUT -i tun0 -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.0.111.2 -j SNAT --to-source 192.168.111.1
" > route-down.sh
# Config for net-to-net setup
echo "
management 127.0.0.1 16
management-log-cache 100
verb 3
log-append olivpn.log
writepid olivpn.pid
syslog
daemon
persist-key
persist-tun
script-security 2
dev tun0 # use routing
proto udp #match with server-side
cipher aes-256-cbc #match with server-side
auth sha512 #match with server-side
remote <your servers external IP or fqdn>
port 1195 #match with server-side
verify-x509-name "<cn-name of servercert" name
float
comp-lzo #match with server-side
tls-client
ns-cert-type server
keepalive 10 60
status-version 3
status status
mute 5
ifconfig 10.0.111.2 10.0.111.1 #IPs switched from server-side
ca /tmp/oli/cacert.pem
cert /tmp/oli/n2nolicert.pem
key /tmp/oli/n2nolikey.pem
tls-auth /tmp/oli/ta.key 1 #comment out for no HMAC TLS AUTH, match with server-side
# routes of server-side
route 192.168.0.0 255.255.255.0
route 192.168.10.0 255.255.255.0
#match with server-side
tun-mtu 1500
mssfix
fragment 1300
" > olin2n.conf
# Config for certs
echo "
-----BEGIN CERTIFICATE-----
XXXXXX-paste ca-cert here-xxxxxx
-----END CERTIFICATE-----
" > cacert.pem
echo "
-----BEGIN CERTIFICATE-----
xxxxxx-paste clientcert here-xxxxxx
-----END CERTIFICATE-----
" > n2nolicert.pem
echo "
-----BEGIN PRIVATE KEY-----
xxxxxx-paste client private key here-xxxxxx
-----END PRIVATE KEY-----
" > n2nolikey.pem
echo "
-----BEGIN OpenVPN Static key V1-----
xxxxxx-paste TLS-AUTH key here-xxxxxx
-----END OpenVPN Static key V1-----
" > ta.key #comment out for no HMAC TLS AUTH, match with server-side
# modify security access
chmod 600 n2nolikey.pem ta.key; chmod 700 route-up.sh route-down.sh
ln -s /tmp/oli/olivpn.log /tmp/olivpn.log
ln -s /tmp/oli/status /tmp/status
# disable build-in openvp-client
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi
# Initiate the tunnel
sleep 15 #(long enough for correcting date/time at start to avoid TLS errors and QoS-problems)
(killall olivpn; /tmp/oli/olivpn --config olin2n.conf --route-up route-up.sh --down route-down.sh) & exit 0
Script is inspired from how-to and this thread.
Firewall script:
Code: iptables -I INPUT 2 -p udp --dport 1195 -j ACCEPT
I pointed out, that without sleep command, openvpn didn't come up fully with QoS enabled. If u use QoS, wshaper-service should have been started before openvpn comes up. I think it's the imq-interface causing problems, but i dont know exactly.
Last dd-wrt build tries to stop and start wshaper-service at route-creating while openvpn starts (route-up.sh). I think that's the fault.
Note: Always i change settings in QoS and apply it, i need to restart openvpn (last command).
QoS itself is working (test it with WoW or Diablo 3 and Port 1119 rule as "maximum"-preset while uploading something per http, i need QoS only for service prioritising on WAN, not for LAN- or VPN-traffic), but my TP-Link 1043nd is not powerful enough for 128Mbit/6Mbit connection (although cpu-load doesn't go high, only irq-load goes up). Depending on ruleset it goes down to 80Mbit til 50Mbit. Irritating, at the beginning after a restart i get 80-95Mbit, but after a while it goes down to 55-70Mbit.
Sometimes my WAN-connection only uses 100Mbit, but i guess it's the cable-modem causing problems, after replugging WAN-cable everything works at full speed.
Back to top