DIR-825 : NTP Only updates through WAN, no network access

Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware
Author Message
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Sat Feb 28, 2015 16:26    Post subject: DIR-825 : NTP Only updates through WAN, no network access Reply with quote
Hi guys,

I am attempting to get my Router (DIR-825) to become a OpenVPN client, I feel I am very close - however a few issues are preventing it from working!

First things first, my network setup:


I have a router provided by the ISP, I don't know the details for it.

My router, the DIR-825, is LAN Connected to the ISP Router via ethernet cable. This router is running the latest version of DD-WRT.


The problem that's breaking everything

- When I connect the ISP Router to the DD-WRT Router, LAN port to LAN Port, NTP does not work and the time stays at 01am. Only when I connect the ISP Router to the WAN port of the DDWRT Router does the NTP Time update, in turn making the VPN able to connect.

Problem is: Nobody else is able to connect through this router, whether it be wired or wireless.

I originally thought it would be the VPN, so I disabled it, tried again - no luck.

Can someone possibly help out with this issue? it really is an annoying issue and I would like to get it fixed so I can enable the VPN on the router.

OpenVPN or NTP simply can't work when I connect the ISP Router to a LAN port, and in that case, I can use the router to access the net.
Sponsor
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Sun Mar 01, 2015 11:18    Post subject: Reply with quote
I actually fixed this by moving my second router onto the same IP Range as the primary.

OpenVPN still doesn't work. boo
js1662
DD-WRT Guru


Joined: 23 Jul 2014
Posts: 1237
Location: BC, CA

PostPosted: Sun Mar 01, 2015 12:14    Post subject: Reply with quote
I may be wrong but I think it will be difficult to use openvpn client effectively on the 2nd router if it is in bridge mode since all the clients on the 2nd router will go directly to the primary router without having to go through the openvpn client. What is the problem connecting the primary to secondary router in LAN-WAN configuration? When the 2nd router is in normal router mode, the WAN of the 2nd router is connected to the openvpn server and all the clients on the 2nd router will have to pass through WAN to the Internet hence they have to go through the openvpn client. Hope it make sense! Again, others who knows better than me can correct me if I am wrong.
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Sun Mar 01, 2015 13:44    Post subject: Reply with quote
js1662 wrote:
I may be wrong but I think it will be difficult to use openvpn client effectively on the 2nd router if it is in bridge mode since all the clients on the 2nd router will go directly to the primary router without having to go through the openvpn client. What is the problem connecting the primary to secondary router in LAN-WAN configuration? When the 2nd router is in normal router mode, the WAN of the 2nd router is connected to the openvpn server and all the clients on the 2nd router will have to pass through WAN to the Internet hence they have to go through the openvpn client. Hope it make sense! Again, others who knows better than me can correct me if I am wrong.


Hi,

I don't believe it is in bridge mode? It is connected via Ethernet from Router 1 - Router 2, I am not using the WAN Port.

In the router config, I have set it up as a Wired and Wireless Access point.

I now have NTP Time working, and the VPN client actually connects to PIA and works - however, I am unable to get any traffic to go through the tunnel.

My primary router IP is 192.168.0.1
My secondary is 192.168.0.99

WAN is disabled on the second router, are you suggested I enable it? (When it is enabled, absolutely no access is possible through the second router whatsoever)

Thanks
js1662
DD-WRT Guru


Joined: 23 Jul 2014
Posts: 1237
Location: BC, CA

PostPosted: Mon Mar 02, 2015 9:09    Post subject: Reply with quote
My next recommendation is to start everything from factory default, i.e. reset secondary router to factory default and connect primary router LAN to secondary router WAN. Signin secondary router using 192.168.1.1 and setup wifi and see if everything is OK. If you still have problem accessing the internet, check primary router and make sure DHCP is enabled. After you have confirmed that secondary router basic function is working, you then go setup openvpn client and see if it works.
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Mon Mar 09, 2015 19:32    Post subject: Reply with quote
js1662 wrote:
My next recommendation is to start everything from factory default, i.e. reset secondary router to factory default and connect primary router LAN to secondary router WAN. Signin secondary router using 192.168.1.1 and setup wifi and see if everything is OK. If you still have problem accessing the internet, check primary router and make sure DHCP is enabled. After you have confirmed that secondary router basic function is working, you then go setup openvpn client and see if it works.


Hi there,

Everything set up once again, however, still not working! It might be worth noting that I only want the VPN to be active on one port of my router, if that's even possible.

Anyway, here is the log:

Quote:
Clientlog:
20150309 20:29:29 I OpenVPN 2.3.4 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 7 2014
20150309 20:29:29 I library versions: OpenSSL 1.0.1j 15 Oct 2014 LZO 2.08
20150309 20:29:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20150309 20:29:29 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20150309 20:29:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20150309 20:29:29 Socket Buffers: R=[163840->131072] S=[163840->131072]
20150309 20:29:30 I UDPv4 link local: [undef]
20150309 20:29:30 I UDPv4 link remote: [AF_INET]88.150.252.232:1194
20150309 20:29:30 TLS: Initial packet from [AF_INET]88.150.252.232:1194 sid=18ab9d5c 7ed2e022
20150309 20:29:30 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20150309 20:29:30 VERIFY OK: depth=1 C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
20150309 20:29:30 Validating certificate key usage
20150309 20:29:30 ++ Certificate has key usage 00a0 expects 00a0
20150309 20:29:30 NOTE: --mute triggered...
20150309 20:29:31 10 variation(s) on previous 3 message(s) suppressed by --mute
20150309 20:29:31 I [Private Internet Access] Peer Connection Initiated with [AF_INET]88.150.252.232:1194
20150309 20:29:33 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
20150309 20:29:33 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.159.1.1 topology net30 ifconfig 10.159.1.6 10.159.1.5'
20150309 20:29:33 OPTIONS IMPORT: timers and/or timeouts modified
20150309 20:29:33 NOTE: --mute triggered...
20150309 20:29:33 4 variation(s) on previous 3 message(s) suppressed by --mute
20150309 20:29:33 I TUN/TAP device tun1 opened
20150309 20:29:33 TUN/TAP TX queue length set to 100
20150309 20:29:33 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20150309 20:29:33 I /sbin/ifconfig tun1 10.159.1.6 pointopoint 10.159.1.5 mtu 1500
20150309 20:29:33 I Initialization Sequence Completed
20150309 20:30:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20150309 20:30:48 D MANAGEMENT: CMD 'state'
20150309 20:30:48 MANAGEMENT: Client disconnected
20150309 20:30:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20150309 20:30:48 D MANAGEMENT: CMD 'state'
20150309 20:30:48 MANAGEMENT: Client disconnected
20150309 20:30:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20150309 20:30:48 D MANAGEMENT: CMD 'state'
20150309 20:30:48 MANAGEMENT: Client disconnected
20150309 20:30:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20150309 20:30:48 D MANAGEMENT: CMD 'status 2'
20150309 20:30:48 MANAGEMENT: Client disconnected
20150309 20:30:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20150309 20:30:48 D MANAGEMENT: CMD 'log 500'


So that shows the client is connected to my VPN provider, however, whenever I use the router (plugged in directly or via wifi) it shows I am not being tunneled through.

That's after a fresh install, so any help would be great.
js1662
DD-WRT Guru


Joined: 23 Jul 2014
Posts: 1237
Location: BC, CA

PostPosted: Tue Mar 10, 2015 2:24    Post subject: Reply with quote
Does everything such as NTP & wifi work normally without vpn? What is your config now, LAN-WAN or LAN-LAN? When you said you want vpn to work on one port only, do you mean you want vpn to work on one device only? If so, you don't need to setup vpn client on the router, you can just setup vpn client on the device.
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Tue Mar 10, 2015 19:03    Post subject: Reply with quote
js1662 wrote:
Does everything such as NTP & wifi work normally without vpn? What is your config now, LAN-WAN or LAN-LAN? When you said you want vpn to work on one port only, do you mean you want vpn to work on one device only? If so, you don't need to setup vpn client on the router, you can just setup vpn client on the device.


LAN - WAN
DHCP Disabled

The rapsberry pi isn't powerful enough to have a OpenVPN client.

I also want it on the router so I can add other devices in the future.

And yes, everything works perfectly fine.
js1662
DD-WRT Guru


Joined: 23 Jul 2014
Posts: 1237
Location: BC, CA

PostPosted: Wed Mar 11, 2015 5:59    Post subject: Reply with quote
Why DHCP disabled? In LAN-WAN configuration, both routers have to have DHCP enabled otherwise devices connected to the router that have DHCP disabled can't get IP. Am I right that primary router is using subnet 192.168.0.x whereas the 2nd router is using subnet 192.168.1.x?

Before you start working on openvpn client setup, it is better to have both routers setup correctly.

As for the openvpn client setup, I suppose you are following specific instructions for setting up openvpn client on dd-wrt as given by your service provider. Make sure you have follow the instructions exactly. By the way, have you confirmed that your openvpn account is working on a smartphone or PC running openvpn client app.? You can also talk to your service provider's technical support team and see if they have any idea.
MrJake
DD-WRT Novice


Joined: 28 Oct 2013
Posts: 14

PostPosted: Mon Mar 23, 2015 19:14    Post subject: Reply with quote
js1662 wrote:
Why DHCP disabled? In LAN-WAN configuration, both routers have to have DHCP enabled otherwise devices connected to the router that have DHCP disabled can't get IP. Am I right that primary router is using subnet 192.168.0.x whereas the 2nd router is using subnet 192.168.1.x?

Before you start working on openvpn client setup, it is better to have both routers setup correctly.

As for the openvpn client setup, I suppose you are following specific instructions for setting up openvpn client on dd-wrt as given by your service provider. Make sure you have follow the instructions exactly. By the way, have you confirmed that your openvpn account is working on a smartphone or PC running openvpn client app.? You can also talk to your service provider's technical support team and see if they have any idea.


Hi,

Sorry for the delayed response! Been real busy as of late -

The reason I opted for DHCP was primarily due to the fact that the NTP Time simply would not update, which is a pretty fundamental problem when trying to get your VPN client going.

I have followed guides by other people who have got it working successfully, and they have never had the added complication of a second router.

If I can get the NTP to update with DHCP enabled then heck, I'd definitely be following that route

(It seems as if it is a DNS error, as I have Telnet into the router only to find I can't ping domains such as Google, however, I can ping the IP Address of Google for example.

I am also able to ping my primary router.

When i try to ntpclient the IP Address of pool.ntp.org, I get an error: network unreachable, however, doing that command with the hostname I get gethostbyname resource temporarily unavailable

-- edit --

Oh boy, was I being silly! The problem I was facing was all down to the fact that I had WAN disabled on the secondary router. i changed the option within setup to "Automatic DHCP Configuration" and everything working perfectly, and the VPN is running.

My final problem (and query)
---------------------------

So a quick testdrive shows I am having some DNS leaking issues, this leads onto a question:

I know why my DNS leaking, it's because I have set the DNS on the secondary router to use my ISP DNS, however, is it possible that I could selectively use say my VPN DNS when things are being routed through that tunnel, and all other traffic to use other DNS of my choice?

Thanks,
js1662
DD-WRT Guru


Joined: 23 Jul 2014
Posts: 1237
Location: BC, CA

PostPosted: Tue Mar 24, 2015 5:31    Post subject: Reply with quote
Have you tried removing the DNS setting on the secondary router? See if it can fix the DNS leak issue. As to the 2nd part of your question, I don't know how you can selectively have some devices not going through the Vpn tunnel. I think I have seen posts on similar subject but I couldn't find them. Try search the forum.
gofsori
DD-WRT Novice


Joined: 30 Mar 2015
Posts: 3

PostPosted: Mon Mar 30, 2015 10:46    Post subject: Reply with quote
Try search the forum..







___________________
Aion kinah
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum