R8000 development

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 14, 15, 16 ... 28, 29, 30  Next
Author Message
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Mon Nov 16, 2015 23:12    Post subject: Re: OpenVPN issue Reply with quote
Grumpledore wrote:
Update: Enabling ipv6 resolved the problem.


LOL. I told you my mom could probably work there as supporter.
Sponsor
cstadach
DD-WRT Novice


Joined: 16 Jul 2013
Posts: 3

PostPosted: Mon Nov 16, 2015 23:18    Post subject: Reply with quote
I have a similar problem with my openvpn setup.

I have my r8000 behind a speedport 921v which is setting up the internet connection.

All of my internal traffic is going through the r8000.

I am able to connect to mullvad.net vpn Service from a local PC.
But when I try to setup ddwrt openvpn I get connection problems.

I used the following source to setup the vpn:
https://mullvad.net/en/setup/ddwrt/

Code:

Clientlog:
20151117 00:03:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:03:33 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:03:33 I UDPv4 link local: [undef]
20151117 00:03:33 I UDPv4 link remote: [AF_INET]95.211.168.147:1194
20151117 00:03:33 TLS: Initial packet from [AF_INET]95.211.168.147:1194 sid=b9b4ba4c ab9447a1
20151117 00:04:34 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:04:34 N TLS Error: TLS handshake failed
20151117 00:04:34 I SIGUSR1[soft tls-error] received process restarting
20151117 00:04:34 Restart pause 2 second(s)
20151117 00:04:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:04:36 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:04:36 I UDPv4 link local: [undef]
20151117 00:04:36 I UDPv4 link remote: [AF_INET]162.219.176.250:1194
20151117 00:04:36 TLS: Initial packet from [AF_INET]162.219.176.250:1194 sid=a75e4bb8 f6d0663d
20151117 00:05:36 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:05:36 N TLS Error: TLS handshake failed
20151117 00:05:36 I SIGUSR1[soft tls-error] received process restarting
20151117 00:05:36 Restart pause 2 second(s)
20151117 00:05:38 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:05:38 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:05:38 I UDPv4 link local: [undef]
20151117 00:05:38 I UDPv4 link remote: [AF_INET]95.211.136.21:1194
20151117 00:05:38 TLS: Initial packet from [AF_INET]95.211.136.21:1194 sid=2326b53c 90cc1d9c
20151117 00:06:38 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:06:38 N TLS Error: TLS handshake failed
20151117 00:06:38 I SIGUSR1[soft tls-error] received process restarting
20151117 00:06:38 Restart pause 2 second(s)
20151117 00:06:40 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:06:40 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:06:40 I UDPv4 link local: [undef]
20151117 00:06:40 I UDPv4 link remote: [AF_INET]193.138.219.241:1194
20151117 00:06:40 TLS: Initial packet from [AF_INET]193.138.219.241:1194 sid=6e71d547 1082d46a
20151117 00:07:40 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:07:40 N TLS Error: TLS handshake failed
20151117 00:07:40 I SIGUSR1[soft tls-error] received process restarting
20151117 00:07:40 Restart pause 2 second(s)
20151117 00:07:42 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:07:42 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:07:42 I UDPv4 link local: [undef]
20151117 00:07:42 I UDPv4 link remote: [AF_INET]46.165.207.15:1194
20151117 00:07:42 TLS: Initial packet from [AF_INET]46.165.207.15:1194 sid=6822e2fc 2e646c12
20151117 00:08:42 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:08:42 N TLS Error: TLS handshake failed
20151117 00:08:42 I SIGUSR1[soft tls-error] received process restarting
20151117 00:08:42 Restart pause 2 second(s)
20151117 00:08:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:08:44 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:08:44 I UDPv4 link local: [undef]
20151117 00:08:44 I UDPv4 link remote: [AF_INET]193.138.219.240:1194
20151117 00:08:44 TLS: Initial packet from [AF_INET]193.138.219.240:1194 sid=b2ef4d9b 23813ce7
20151117 00:09:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:09:44 N TLS Error: TLS handshake failed
20151117 00:09:44 I SIGUSR1[soft tls-error] received process restarting
20151117 00:09:44 Restart pause 2 second(s)
20151117 00:09:46 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:09:46 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:09:46 I UDPv4 link local: [undef]
20151117 00:09:46 I UDPv4 link remote: [AF_INET]178.162.209.231:1194
20151117 00:09:46 TLS: Initial packet from [AF_INET]178.162.209.231:1194 sid=f1fb3c52 f292281e
20151117 00:10:47 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:10:47 N TLS Error: TLS handshake failed
20151117 00:10:47 I SIGUSR1[soft tls-error] received process restarting
20151117 00:10:47 Restart pause 2 second(s)
20151117 00:10:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:10:49 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:10:49 I UDPv4 link local: [undef]
20151117 00:10:49 I UDPv4 link remote: [AF_INET]46.165.228.118:1194
20151117 00:10:49 TLS: Initial packet from [AF_INET]46.165.228.118:1194 sid=e4674a1c 16414aa3
20151117 00:11:49 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:11:49 N TLS Error: TLS handshake failed
20151117 00:11:49 I SIGUSR1[soft tls-error] received process restarting
20151117 00:11:49 Restart pause 2 second(s)
20151117 00:11:51 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:11:51 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:11:51 I UDPv4 link local: [undef]
20151117 00:11:51 I UDPv4 link remote: [AF_INET]184.75.214.130:1194
20151117 00:11:51 TLS: Initial packet from [AF_INET]184.75.214.130:1194 sid=0cc43a29 8206566d
20151117 00:12:51 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:12:51 N TLS Error: TLS handshake failed
20151117 00:12:51 I SIGUSR1[soft tls-error] received process restarting
20151117 00:12:51 Restart pause 2 second(s)
20151117 00:12:53 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:12:53 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:12:53 I UDPv4 link local: [undef]
20151117 00:12:53 I UDPv4 link remote: [AF_INET]199.241.145.218:1194
20151117 00:12:53 TLS: Initial packet from [AF_INET]199.241.145.218:1194 sid=51a4b450 f98ddeab
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'status 2'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher bf-cbc auth sha1 remote openvpn.mullvad.net 1194 comp-lzo yes tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-cipher TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA


when I setup tcp connections I can see that the tcp I get a similar message but with

Code:
20151117 00:15:39 N TCP: connect to [AF_INET]46.166.136.161:1194 failed will try again in 5 seconds: Connection refused


I already tried to disable any firewall settings but it did not work...

A quick pointer in the right direction is much appreciated

thanks
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Mon Nov 16, 2015 23:41    Post subject: Reply with quote
The picture you referenced does not give you all the info.
Not sure what setup info they gave you, some have an openvpn file where you can extract the info.

But you have a problem in your config that's why you get tls errors.
neveroddoreven
DD-WRT Novice


Joined: 11 Aug 2011
Posts: 12

PostPosted: Tue Nov 17, 2015 5:26    Post subject: Reply with quote
Kong, do you think R7900 will run the R8000 firmware? I posted some tty and nvram dumps a few weeks ago in this thread, and photographs of the board, all of it has R8000 all over it. The only differences listed are no extra USB port, and no 256QAM on the 2.4Ghz radio.
cstadach
DD-WRT Novice


Joined: 16 Jul 2013
Posts: 3

PostPosted: Tue Nov 17, 2015 5:51    Post subject: Reply with quote
thanks for the quick reply.

I tried to apply the info of the config file to the setup.
But it did not help...
(maybe I should just switch providers Wink

this is the config file working on my local pc.

Code:

# Notice to Mullvad customers:
#
# Apart from openvpn, you also need to install the
# package "resolvconf", available via apt, e.g.
#
# For those of you behind very restrictive firewalls,
# you can use our tunnels on tcp port 443, as well as
# on udp port 53.
client

dev tun

proto udp

remote de.mullvad.net 1300
cipher AES-256-CBC

tun-ipv6

resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

remote-cert-tls server

ping-restart 60

# Allow calling of built-in executables and user-defined scripts.
script-security 2

# Parses DHCP options from openvpn to update resolv.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

ping 10

ca ca.crt
cert mullvad.crt
key mullvad.key

crl-verify crl.pem

# Limit range of possible TLS cipher-suites
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA

cstadach
DD-WRT Novice


Joined: 16 Jul 2013
Posts: 3

PostPosted: Tue Nov 17, 2015 21:51    Post subject: Reply with quote
I got it working.

The trick was to add all the extra options + enable ipv6

I will contact mullvad.net support to let them update their info page
Grumpledore
DD-WRT Novice


Joined: 15 Nov 2015
Posts: 13

PostPosted: Thu Nov 19, 2015 18:28    Post subject: Re: OpenVPN issue Reply with quote
I still have a problem with openvpn, ipv6 and hma.
When I restart the router openvpn does not reconnect.
It seems that there is a problem with the order services starts.
When I manually start openvpn when the router is up everything works fine.
It is possible to define enabling ipv6 before openvpn starts?

Every help is appreciated
m4f1050
DD-WRT Novice


Joined: 21 Mar 2013
Posts: 30

PostPosted: Tue Nov 24, 2015 16:38    Post subject: Re: OpenVPN issue Reply with quote
Grumpledore wrote:
I still have a problem with openvpn, ipv6 and hma.
When I restart the router openvpn does not reconnect.
It seems that there is a problem with the order services starts.
When I manually start openvpn when the router is up everything works fine.
It is possible to define enabling ipv6 before openvpn starts?

Every help is appreciated


I have chased down this issue. What I do is go to Command and rerun the IPTABLES (firewall - I click EDIT, then SAVE) after I do that my openvpn starts working again. For some reason firewall.sh or whatever it's called it's not being ran when the router reboots? Maybe I'm mistaken, but try my approach to see if your OpenVPN starts working after the IPTABLES (firewall.sh) command, or whatever it is gets executed/run.
neveroddoreven
DD-WRT Novice


Joined: 11 Aug 2011
Posts: 12

PostPosted: Thu Nov 26, 2015 7:36    Post subject: Reply with quote
I attempted to flash the R8000 .chk build onto my R7900 via the stock Netgear HTTPD, and it rejected the firmware without flashing. I also tried using CFE via serial and tftpd the dd-wrt.K3_R8000.chk file from 26 Oct 2015, and the CFE also refused it because the firmware revision didn't match the board revision:
U12H315T00_NETGEAR
U12H315T30_NETGEAR

<Kong> assuming for a moment that the firmware would otherwise work fine, how would I proceed flashing this firmware anyway? Is that the force option in CFE? Should I check anything else before proceeding? I've posted a lot of R7900 info in this thread because it's got the same board and prints R8000 to serial many times when booting.
Grumpledore
DD-WRT Novice


Joined: 15 Nov 2015
Posts: 13

PostPosted: Thu Nov 26, 2015 18:21    Post subject: Re: OpenVPN issue Reply with quote
m4f1050 wrote:

I have chased down this issue. What I do is go to Command and rerun the IPTABLES (firewall - I click EDIT, then SAVE) after I do that my openvpn starts working again. For some reason firewall.sh or whatever it's called it's not being ran when the router reboots? Maybe I'm mistaken, but try my approach to see if your OpenVPN starts working after the IPTABLES (firewall.sh) command, or whatever it is gets executed/run.


It seems that it doesn't matter what i do after the restart, when i press "apply settings", the vpn reconnects succesfully, when ipv6 is enabled.

There's another strange behaviour. When i disable ipv6 after the vpn has started, the vpn connection reconnects succesfully with all the ipv6 stuff (until the next router reboot). It seems that pushing "IPV6 Disable" does not really has any effect.

It smells like bug..
neveroddoreven
DD-WRT Novice


Joined: 11 Aug 2011
Posts: 12

PostPosted: Mon Nov 30, 2015 5:50    Post subject: Reply with quote
I attempted a CFE/tftp 'flash -noheader : nflash1.trx' followed by nvram erase, using the most recent Kong R8000 chk build dated Oct 25 or thereabouts. The build was able to flash but after a reboot it was rejected due to CRC failure, and CFE fell back to asking for another TFTP upload. Uploading the stock R7900 chk build recovered the router back to stock status.
djmulder
DD-WRT User


Joined: 19 Jan 2009
Posts: 120

PostPosted: Wed Dec 02, 2015 22:34    Post subject: Reply with quote
Hmm I have issues with PPPoE with VLan tagged to 6. Normal installation works perfect.. I had OpenVPN working and PPTP

(tested OpenVPN first then PPTP as I thought the issue was in there)

What happens is.. if I reboot the router my WAN just goes down and there's no way to get up again, other than (to my knowledge) erase nvram; reboot.

I ofc tried to run bare without any settings other than the PPPoE. (my provider runs on VLan tagged to 6)

This is quite frustrating. Esp as I'm not 100% sure how to debug the issue.

Version I use: DD-WRT Kong Mod (10-26-15) for NETGEAR R8000

Right now I flashed: DD-WRT Kong Mod (09-07-15) for NETGEAR R8000

and if that doesn't work I'm going to try a v24 version.. perhaps it's a version issue
djmulder
DD-WRT User


Joined: 19 Jan 2009
Posts: 120

PostPosted: Wed Dec 09, 2015 10:17    Post subject: Reply with quote
AHA! found it.. looks like the config that does ifconfig up and down is bugged.. vlan2 kept coming back up even tho my wan was on vlan6 -> so my quick fix is in the startup script:
ifconfig vlan2 down
ifconfig vlan6 up

works like a charm ^.^
tomten
DD-WRT Novice


Joined: 29 Jul 2007
Posts: 31
Location: Sweden

PostPosted: Sun Dec 13, 2015 18:51    Post subject: Anyone try today's build? Reply with quote
Anyone try today's build?
.bin or .chk?
If .bin; 8x00 or 8000?
Paint
DD-WRT User


Joined: 22 Jun 2015
Posts: 135

PostPosted: Sun Dec 13, 2015 19:39    Post subject: Re: Anyone try today's build? Reply with quote
tomten wrote:
Anyone try today's build?
.bin or .chk?
If .bin; 8x00 or 8000?


yes, works for me and I did not do a factory reset. My only issue is that my 6to4 IPv6 Tunnel no longer works - it worked on build Kong's 28000 build.

_________________
pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 Mini-ITX Build
940/880 mbit Fiber Internet from FiOS
Dell PowerConnect 2716 Gigabit Switch
Netgear R8000 AP, running DD-WRT
Asus RT-66U AP, running DD-WRT
Goto page Previous  1, 2, 3 ... 14, 15, 16 ... 28, 29, 30  Next Display posts from previous:    Page 15 of 30
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum