DD-WRT :: View topic - QoS and openVPN not working together

QoS and openVPN not working together

DD-WRT Forum Index -> Advanced Networking

Author

Message

imaginal
DD-WRT Novice

Joined: 09 Jul 2014
Posts: 6

Posted: Thu Jul 10, 2014 21:10 Post subject: QoS and openVPN not working together
Hi All, I have the openVPN client running to a vpn service with no issues. I've enabled QoS but it completely halts all connections. If I disable my VPN, the QoS settings work without issue. I can have 1, but not both. How do I fix this? What is conflicting?

Sponsor

imaginal
DD-WRT Novice

Joined: 09 Jul 2014
Posts: 6

Posted: Fri Jul 11, 2014 2:24 Post subject:

This is the openVPN log

Code:

Serverlog Clientlog 20140710 18:59:52 I OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
20140710 18:59:52 I library versions: OpenSSL 1.0.1h 5 Jun 2014 LZO 2.06
20140710 18:59:52 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20140710 18:59:52 W WARNING: file '/tmp/password.txt' is group or others accessible
20140710 18:59:52 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140710 18:59:52 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140710 18:59:52 I UDPv4 link local: [undef]
20140710 18:59:52 I UDPv4 link remote: [AF_INET]198.23.71.110:1194
20140710 18:59:52 TLS: Initial packet from [AF_INET]198.23.71.110:1194 sid=aa73a889 6bd845a4
20140710 18:59:52 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20140710 18:59:53 VERIFY OK: depth=1 C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
20140710 18:59:53 Validating certificate key usage
20140710 18:59:53 ++ Certificate has key usage 00a0 expects 00a0
20140710 18:59:53 NOTE: --mute triggered...
20140710 18:59:53 10 variation(s) on previous 3 message(s) suppressed by --mute
20140710 18:59:53 I [Private Internet Access] Peer Connection Initiated with [AF_INET]198.23.71.110:1194
20140710 18:59:55 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
20140710 18:59:55 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 route 10.150.1.1 topology net30 ifconfig 10.150.1.6 10.150.1.5'
20140710 18:59:55 OPTIONS IMPORT: timers and/or timeouts modified
20140710 18:59:55 NOTE: --mute triggered...
20140710 18:59:55 3 variation(s) on previous 3 message(s) suppressed by --mute
20140710 18:59:55 ROUTE_GATEWAY xxx.xxx.xxx.xxx/255.255.248.0 IFACE=vlan2 HWADDR=xx:XX:XX:XX:XX:XX
20140710 18:59:55 I TUN/TAP device tun1 opened
20140710 18:59:55 TUN/TAP TX queue length set to 100
20140710 18:59:55 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20140710 18:59:55 I /sbin/ifconfig tun1 10.150.1.6 pointopoint 10.150.1.5 mtu 1500
20140710 18:59:55 /sbin/route add -net 198.23.71.110 netmask 255.255.255.255 gw 67.168.152.1
20140710 18:59:55 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.150.1.5
20140710 18:59:55 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.150.1.5
20140710 18:59:55 /sbin/route add -net 10.150.1.1 netmask 255.255.255.255 gw 10.150.1.5
20140710 18:59:58 I Initialization Sequence Completed
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 N write UDPv4: Message too long (code=90)
20140710 19:00:17 NOTE: --mute triggered...
20140710 19:03:55 9 variation(s) on previous 3 message(s) suppressed by --mute
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'state'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:03:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:03:55 D MANAGEMENT: CMD 'log 500'
20140710 19:03:55 MANAGEMENT: Client disconnected
20140710 19:04:42 N write UDPv4: Message too long (code=90)
20140710 19:04:42 N write UDPv4: Message too long (code=90)
20140710 19:04:43 N write UDPv4: Message too long (code=90)
20140710 19:04:44 NOTE: --mute triggered...
20140710 19:06:21 6 variation(s) on previous 3 message(s) suppressed by --mute
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'state'
20140710 19:06:21 MANAGEMENT: Client disconnected
20140710 19:06:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140710 19:06:21 D MANAGEMENT: CMD 'log 500'
19691231 16:00:00

And this is the syslog

Code:

Jan 1 00:00:03 DD-WRT syslog.info syslogd started: BusyBox v1.22.1
Jan 1 00:00:03 DD-WRT kern.info kernel: device vlan2 entered promiscuous mode
Jan 1 00:00:03 DD-WRT kern.info kernel: device vlan2 left promiscuous mode
Jan 1 00:00:03 DD-WRT user.info syslog: ttraff : traffic counter daemon successfully started
Jan 1 00:00:03 DD-WRT user.info syslog: NAS : NAS lan (wl0 interface) successfully started
Jan 1 00:00:03 DD-WRT user.info syslog: NAS : NAS lan (wl1 interface) successfully started
Jan 1 00:00:04 DD-WRT authpriv.warn dropbear[1005]: Failed loading /etc/dropbear/dropbear_rsa_host_key
Jan 1 00:00:04 DD-WRT authpriv.warn dropbear[1005]: Failed loading /etc/dropbear/dropbear_dss_host_key
Jan 1 00:00:04 DD-WRT authpriv.info dropbear[1013]: Running in background
Jan 1 00:00:04 DD-WRT user.info syslog: dropbear : ssh daemon successfully started
Jan 1 00:00:04 DD-WRT user.info syslog: cron : cron daemon successfully started
Jan 1 00:00:04 DD-WRT cron.info cron[1025]: (CRON) STARTUP (fork ok)
Jan 1 00:00:04 DD-WRT user.info syslog: dnsmasq : dnsmasq daemon successfully started
Jan 1 00:00:04 DD-WRT cron.info cron[1025]: (crontabs) ORPHAN (no passwd entry)
Jan 1 00:00:04 DD-WRT user.info syslog: klogd : kernel log daemon successfully stopped
Jan 1 00:00:04 DD-WRT kern.notice kernel: klogd: exiting
Jan 1 00:00:05 DD-WRT user.info syslog: resetbutton : resetbutton daemon successfully stopped
Jan 1 00:00:05 DD-WRT user.info syslog: minidlna : DLNA Media Server successfully started
Jan 1 00:00:05 DD-WRT user.info syslog: syslogd : syslog daemon successfully stopped
Jan 1 00:00:05 DD-WRT syslog.info syslogd exiting
Jan 1 00:00:05 DD-WRT syslog.info syslogd started: BusyBox v1.22.1
Jan 1 00:00:05 DD-WRT kern.notice kernel: klogd started: BusyBox v1.22.1 (2014-06-13 21:58:32 CEST)
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
Jan 1 00:00:05 DD-WRT user.info syslog: Samba3 : samba started
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jan 1 00:00:05 DD-WRT daemon.warn openvpn[1032]: WARNING: file '/tmp/password.txt' is group or others accessible
Jan 1 00:00:05 DD-WRT daemon.warn openvpn[1032]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1032]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1384]: UDPv4 link local: [undef]
Jan 1 00:00:05 DD-WRT daemon.notice openvpn[1384]: UDPv4 link remote: [AF_INET]50.23.65.53:1194
Jan 1 00:00:05 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:05 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:06 DD-WRT user.info syslog: process_monitor successfully started
Dec 31 16:00:06 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Dec 31 16:00:06 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:11 DD-WRT user.info syslog: cron : cron daemon successfully stopped
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: SIGUSR1[soft,ping-restart] received, process restarting
Jul 10 19:15:11 DD-WRT daemon.notice openvpn[1384]: Restart pause, 2 second(s)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_destroy (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_flush (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_conntrack_pptp: Unknown symbol nf_ct_gre_keymap_add (err 0)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_exp_gre (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_inbound (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_outbound (err 0)
Jul 10 19:15:12 DD-WRT kern.warn kernel: nf_nat_pptp: Unknown symbol nf_nat_pptp_hook_expectfn (err 0)
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:12 DD-WRT kern.info kernel: xt_ndpi 0.1 (nDPI wrapper module).
Jul 10 19:15:12 DD-WRT kern.warn kernel: [NDPI] ndpi_init_protocol_defaults(missing protoId=145) INTERNAL ERROR: not all protocols have been initialized
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:12 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:12 DD-WRT daemon.debug process_monitor[1697]: Restarting cron (time sync change)
Jul 10 19:15:12 DD-WRT daemon.debug process_monitor[1697]: We need to re-update after 3600 seconds
Jul 10 19:15:12 DD-WRT daemon.info process_monitor[1697]: set timer: 3600 seconds, callback: ntp_main()
Jul 10 19:15:12 DD-WRT user.info syslog: wland : WLAN daemon successfully stopped
Jul 10 19:15:12 DD-WRT user.info syslog: cron : cron daemon successfully started
Jul 10 19:15:12 DD-WRT cron.info cron[2247]: (CRON) STARTUP (fork ok)
Jul 10 19:15:12 DD-WRT cron.info cron[2247]: (crontabs) ORPHAN (no passwd entry)
Jul 10 19:15:12 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:12 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:12 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:12 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:13 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:13 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:13 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:13 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:13 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:13 DD-WRT daemon.warn openvpn[1384]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: UDPv4 link local: [undef]
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: UDPv4 link remote: [AF_INET]50.23.115.94:1194
Jul 10 19:15:13 DD-WRT daemon.notice openvpn[1384]: TLS: Initial packet from [AF_INET]50.23.115.94:1194, sid=aa5ed887 818782c7
Jul 10 19:15:13 DD-WRT daemon.warn openvpn[1384]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: Validating certificate key usage
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: ++ Certificate has key usage 00a0, expects 00a0
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: NOTE: --mute triggered...
Jul 10 19:15:14 DD-WRT user.info syslog: wland : WLAN daemon successfully started
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: 10 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: [Private Internet Access] Peer Connection Initiated with [AF_INET]50.23.115.94:1194
Jul 10 19:15:14 DD-WRT user.info syslog: WAN is up. IP: 67.168.152.101
Jul 10 19:15:14 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Client) successfully stopped
Jul 10 19:15:14 DD-WRT daemon.err openvpn[1384]: event_wait : Interrupted system call (code=4)
Jul 10 19:15:14 DD-WRT daemon.notice openvpn[1384]: SIGTERM[hard,] received, process exiting
Jul 10 19:15:14 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:14 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:15 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:15 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:16 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:16 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:16 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:16 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Client) starting/restarting...
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 13 2014
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3614]: WARNING: file '/tmp/password.txt' is group or others accessible
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3614]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3614]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: UDPv4 link local: [undef]
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: UDPv4 link remote: [AF_INET]50.23.65.53:1194
Jul 10 19:15:16 DD-WRT daemon.notice openvpn[3615]: TLS: Initial packet from [AF_INET]50.23.65.53:1194, sid=0d8b5ec7 3a69aec1
Jul 10 19:15:16 DD-WRT daemon.warn openvpn[3615]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: Validating certificate key usage
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: ++ Certificate has key usage 00a0, expects 00a0
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: 10 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:17 DD-WRT daemon.notice openvpn[3615]: [Private Internet Access] Peer Connection Initiated with [AF_INET]50.23.65.53:1194
Jul 10 19:15:17 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:17 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:18 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:18 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:18 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:18 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.153.85.1,topology net30,ifconfig 10.153.85.6 10.153.85.5'
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: 3 variation(s) on previous 3 message(s) suppressed by --mute
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: ROUTE_GATEWAY 67.168.152.1/255.255.248.0 IFACE=vlan2 HWADDR=e4:f4:c6:03:99:ef
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: TUN/TAP device tun1 opened
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: TUN/TAP TX queue length set to 100
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/ifconfig tun1 10.153.85.6 pointopoint 10.153.85.5 mtu 1500
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 50.23.65.53 netmask 255.255.255.255 gw 67.168.152.1
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.153.85.5
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.153.85.5
Jul 10 19:15:19 DD-WRT daemon.notice openvpn[3615]: /sbin/route add -net 10.153.85.1 netmask 255.255.255.255 gw 10.153.85.5
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:20 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:20 DD-WRT kern.info kernel: IMQ driver unloaded successfully.
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jul 10 19:15:21 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jul 10 19:15:21 DD-WRT kern.info kernel: IMQ driver loaded successfully. (numdevs = 2, numqueues = 1)
Jul 10 19:15:21 DD-WRT kern.info kernel: Hooking IMQ before NAT on PREROUTING.
Jul 10 19:15:21 DD-WRT kern.info kernel: Hooking IMQ after NAT on POSTROUTING.
Jul 10 19:15:21 DD-WRT daemon.notice openvpn[3615]: Initialization Sequence Completed
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:21 DD-WRT daemon.err openvpn[3615]: write UDPv4: Message too long (code=90)
Jul 10 19:15:22 DD-WRT daemon.notice openvpn[3615]: NOTE: --mute triggered...
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 3(eth2) entered forwarding state
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 2(eth1) entered forwarding state
Jul 10 19:15:23 DD-WRT kern.info kernel: br0: port 1(vlan1) entered forwarding state
Jul 10 19:15:24 DD-WRT user.debug syslog: ttraff: data collection started
Jul 10 19:16:00 DD-WRT cron.info cron[2247]: (crontabs) ORPHAN (no passwd entry)

imaginal
DD-WRT Novice

Joined: 09 Jul 2014
Posts: 6

Posted: Fri Jul 11, 2014 4:13 Post subject:

I've been playing with the MTU values, fragments, and the mss-fix with no luck. I just flashed DD-WRT v24-sp2 (07/07/14) kongac which had a MTU adjustment, but still no luck. Each test shows the same results.

If I just have openVPN running, I can make a handful of changes and service is uninterrupted. If I turn off openVPN and enable QoS, really any scheduler, uplink and downlink settings, and service priority changes all work and QoS works as expected/told.

If I enable both using any settings tried, WAN completely blocked. LAN access is, as expected, unaffected.

imaginal
DD-WRT Novice

Joined: 09 Jul 2014
Posts: 6

Posted: Sat Jul 12, 2014 23:19 Post subject:

I have yet to get this working properly, but I think I have a little more to go on. QoS runs properly when open vpn is started with the following script:

Code:

#!/bin/sh

USERNAME="xxxxxx"
PASSWORD="xxxxxxxxxxx"
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
# US - WEST
remote xxxxxxxxxxx.xxx.xxx 1194
##EE##
"

#### DO NOT CHANGE below this line unless you know exactly what you're doing ####

CA_CRT='-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----'

OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`

if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi

sleep 10
mkdir /tmp/pia; cd /tmp/pia
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/pia/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append piavpn.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > pia.conf
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log
ln -s /tmp/pia/status /tmp/status
(killall openvpn; openvpn --config /tmp/pia/pia.conf --route-up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) &
exit 0

The thing is, I'd rather not run openvpn this way for a few reasons. What setting in this script is allowing QoS to work?

qiller
DD-WRT Novice

Joined: 14 May 2013
Posts: 10

Posted: Sat Jul 26, 2014 6:20 Post subject:

After testing around with net-to-net configuration between IPFire (Server) and dd-wrt (client) and getting problems with dns-resolving ( http://www.dd-wrt.com/phpBB2/viewtopic.php?t=264364 ), i flashed to a current firmware (which didnt help with my dns-resolving problem) and went over to roadwarrior-setup.

Everything works as it should, DNS (including dns-forwarding through dnsmasq), RDP, SMB, ping etc. in both directions. But when i switch on QoS, i end up like threadstarter.

I flashed to Build 24160. Are there any known problems with QoS+OpenVPN? Is there a workaround for this problem?

Sash
DD-WRT Guru

Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

Posted: Sun Jul 27, 2014 8:49 Post subject:

we have disabled qos for openvpn. it caused problems. so try the upcomming beta
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation

_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!

qiller
DD-WRT Novice

Joined: 14 May 2013
Posts: 10

Posted: Sun Jul 27, 2014 12:31 Post subject:

I didn't need qos for openvpn, i need qos with openvpn and i got it working now, together with my other problem ( http://www.dd-wrt.com/phpBB2/viewtopic.php?t=264364 )establishing a net-to-net connection. It was a long weekend Mad

.

Now here's my startup-script for a net-to-net configuration between IPFire (OpenVPN server) and dd-wrt (OpenVPN client):

Code:

# Move to writable directory and create scripts
mkdir /tmp/oli; cd /tmp/oli
ln -s /usr/sbin/openvpn /tmp/oli/olivpn

# route up script
echo "#!/bin/sh
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
# for allowing traffic from VPN-transportsubnet (used by services running on dd-wrt directly
# i.e. dnsmasq or if you want ping/nslookup from dd-wrt to other subnet on IPFire)
# traffic from VPN-transportsubnet is blocked in IPFire, so we change source address
# if u dont use IPFire as other endpoint, probably u didn't need this rule
# 10.0.111.2 - dd-wrt transport-vpn endpoint
# 192.168.111.1 - dd-wrt LAN IP
iptables -t nat -A POSTROUTING -s 10.0.111.2 -j SNAT --to-source 192.168.111.1
" > route-up.sh

# route down script
echo "#!/bin/sh
iptables -D FORWARD -i tun0 -j ACCEPT
iptables -D FORWARD -o tun0 -j ACCEPT
iptables -D INPUT -i tun0 -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.0.111.2 -j SNAT --to-source 192.168.111.1
" > route-down.sh

# Config for net-to-net setup
echo "
management 127.0.0.1 16
management-log-cache 100
verb 3
log-append olivpn.log
writepid olivpn.pid
syslog
daemon
persist-key
persist-tun
script-security 2
dev tun0 # use routing
proto udp #match with server-side
cipher aes-256-cbc #match with server-side
auth sha512 #match with server-side
remote <your servers external IP or fqdn>
port 1195 #match with server-side
verify-x509-name "<cn-name of servercert" name
float
comp-lzo #match with server-side
tls-client
ns-cert-type server
keepalive 10 60
status-version 3
status status
mute 5
ifconfig 10.0.111.2 10.0.111.1 #IPs switched from server-side
ca /tmp/oli/cacert.pem
cert /tmp/oli/n2nolicert.pem
key /tmp/oli/n2nolikey.pem
tls-auth /tmp/oli/ta.key 1 #comment out for no HMAC TLS AUTH, match with server-side

# routes of server-side
route 192.168.0.0 255.255.255.0
route 192.168.10.0 255.255.255.0

#match with server-side
tun-mtu 1500
mssfix
fragment 1300
" > olin2n.conf

# Config for certs
echo "
-----BEGIN CERTIFICATE-----
XXXXXX-paste ca-cert here-xxxxxx
-----END CERTIFICATE-----
" > cacert.pem

echo "
-----BEGIN CERTIFICATE-----
xxxxxx-paste clientcert here-xxxxxx
-----END CERTIFICATE-----
" > n2nolicert.pem

echo "
-----BEGIN PRIVATE KEY-----
xxxxxx-paste client private key here-xxxxxx
-----END PRIVATE KEY-----
" > n2nolikey.pem

echo "
-----BEGIN OpenVPN Static key V1-----
xxxxxx-paste TLS-AUTH key here-xxxxxx
-----END OpenVPN Static key V1-----
" > ta.key #comment out for no HMAC TLS AUTH, match with server-side

# modify security access
chmod 600 n2nolikey.pem ta.key; chmod 700 route-up.sh route-down.sh

ln -s /tmp/oli/olivpn.log /tmp/olivpn.log
ln -s /tmp/oli/status /tmp/status

# disable build-in openvp-client
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi

# Initiate the tunnel
sleep 15 #(long enough for correcting date/time at start to avoid TLS errors and QoS-problems)
(killall olivpn; /tmp/oli/olivpn --config olin2n.conf --route-up route-up.sh --down route-down.sh) & exit 0

Script is inspired from how-to and this thread.

Firewall script:

Code:

iptables -I INPUT 2 -p udp --dport 1195 -j ACCEPT

I pointed out, that without sleep command, openvpn didn't come up fully with QoS enabled. If u use QoS, wshaper-service should have been started before openvpn comes up. I think it's the imq-interface causing problems, but i dont know exactly.

Last dd-wrt build tries to stop and start wshaper-service at route-creating while openvpn starts (route-up.sh). I think that's the fault.

Note: Always i change settings in QoS and apply it, i need to restart openvpn (last command).

QoS itself is working (test it with WoW or Diablo 3 and Port 1119 rule as "maximum"-preset while uploading something per http, i need QoS only for service prioritising on WAN, not for LAN- or VPN-traffic), but my TP-Link 1043nd is not powerful enough for 128Mbit/6Mbit connection (although cpu-load doesn't go high, only irq-load goes up). Depending on ruleset it goes down to 80Mbit til 50Mbit. Irritating, at the beginning after a restart i get 80-95Mbit, but after a while it goes down to 55-70Mbit.

Sometimes my WAN-connection only uses 100Mbit, but i guess it's the cable-modem causing problems, after replugging WAN-cable everything works at full speed.

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

QoS and openVPN not working together

Quick Links

Log in