Clientlog:
20151117 00:03:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:03:33 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:03:33 I UDPv4 link local: [undef]
20151117 00:03:33 I UDPv4 link remote: [AF_INET]95.211.168.147:1194
20151117 00:03:33 TLS: Initial packet from [AF_INET]95.211.168.147:1194 sid=b9b4ba4c ab9447a1
20151117 00:04:34 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:04:34 N TLS Error: TLS handshake failed
20151117 00:04:34 I SIGUSR1[soft tls-error] received process restarting
20151117 00:04:34 Restart pause 2 second(s)
20151117 00:04:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:04:36 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:04:36 I UDPv4 link local: [undef]
20151117 00:04:36 I UDPv4 link remote: [AF_INET]162.219.176.250:1194
20151117 00:04:36 TLS: Initial packet from [AF_INET]162.219.176.250:1194 sid=a75e4bb8 f6d0663d
20151117 00:05:36 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:05:36 N TLS Error: TLS handshake failed
20151117 00:05:36 I SIGUSR1[soft tls-error] received process restarting
20151117 00:05:36 Restart pause 2 second(s)
20151117 00:05:38 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:05:38 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:05:38 I UDPv4 link local: [undef]
20151117 00:05:38 I UDPv4 link remote: [AF_INET]95.211.136.21:1194
20151117 00:05:38 TLS: Initial packet from [AF_INET]95.211.136.21:1194 sid=2326b53c 90cc1d9c
20151117 00:06:38 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:06:38 N TLS Error: TLS handshake failed
20151117 00:06:38 I SIGUSR1[soft tls-error] received process restarting
20151117 00:06:38 Restart pause 2 second(s)
20151117 00:06:40 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:06:40 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:06:40 I UDPv4 link local: [undef]
20151117 00:06:40 I UDPv4 link remote: [AF_INET]193.138.219.241:1194
20151117 00:06:40 TLS: Initial packet from [AF_INET]193.138.219.241:1194 sid=6e71d547 1082d46a
20151117 00:07:40 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:07:40 N TLS Error: TLS handshake failed
20151117 00:07:40 I SIGUSR1[soft tls-error] received process restarting
20151117 00:07:40 Restart pause 2 second(s)
20151117 00:07:42 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:07:42 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:07:42 I UDPv4 link local: [undef]
20151117 00:07:42 I UDPv4 link remote: [AF_INET]46.165.207.15:1194
20151117 00:07:42 TLS: Initial packet from [AF_INET]46.165.207.15:1194 sid=6822e2fc 2e646c12
20151117 00:08:42 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:08:42 N TLS Error: TLS handshake failed
20151117 00:08:42 I SIGUSR1[soft tls-error] received process restarting
20151117 00:08:42 Restart pause 2 second(s)
20151117 00:08:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:08:44 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:08:44 I UDPv4 link local: [undef]
20151117 00:08:44 I UDPv4 link remote: [AF_INET]193.138.219.240:1194
20151117 00:08:44 TLS: Initial packet from [AF_INET]193.138.219.240:1194 sid=b2ef4d9b 23813ce7
20151117 00:09:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:09:44 N TLS Error: TLS handshake failed
20151117 00:09:44 I SIGUSR1[soft tls-error] received process restarting
20151117 00:09:44 Restart pause 2 second(s)
20151117 00:09:46 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:09:46 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:09:46 I UDPv4 link local: [undef]
20151117 00:09:46 I UDPv4 link remote: [AF_INET]178.162.209.231:1194
20151117 00:09:46 TLS: Initial packet from [AF_INET]178.162.209.231:1194 sid=f1fb3c52 f292281e
20151117 00:10:47 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:10:47 N TLS Error: TLS handshake failed
20151117 00:10:47 I SIGUSR1[soft tls-error] received process restarting
20151117 00:10:47 Restart pause 2 second(s)
20151117 00:10:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:10:49 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:10:49 I UDPv4 link local: [undef]
20151117 00:10:49 I UDPv4 link remote: [AF_INET]46.165.228.118:1194
20151117 00:10:49 TLS: Initial packet from [AF_INET]46.165.228.118:1194 sid=e4674a1c 16414aa3
20151117 00:11:49 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:11:49 N TLS Error: TLS handshake failed
20151117 00:11:49 I SIGUSR1[soft tls-error] received process restarting
20151117 00:11:49 Restart pause 2 second(s)
20151117 00:11:51 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:11:51 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:11:51 I UDPv4 link local: [undef]
20151117 00:11:51 I UDPv4 link remote: [AF_INET]184.75.214.130:1194
20151117 00:11:51 TLS: Initial packet from [AF_INET]184.75.214.130:1194 sid=0cc43a29 8206566d
20151117 00:12:51 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20151117 00:12:51 N TLS Error: TLS handshake failed
20151117 00:12:51 I SIGUSR1[soft tls-error] received process restarting
20151117 00:12:51 Restart pause 2 second(s)
20151117 00:12:53 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151117 00:12:53 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151117 00:12:53 I UDPv4 link local: [undef]
20151117 00:12:53 I UDPv4 link remote: [AF_INET]199.241.145.218:1194
20151117 00:12:53 TLS: Initial packet from [AF_INET]199.241.145.218:1194 sid=51a4b450 f98ddeab
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'state'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'status 2'
20151117 00:13:07 MANAGEMENT: Client disconnected
20151117 00:13:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151117 00:13:07 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
The picture you referenced does not give you all the info.
Not sure what setup info they gave you, some have an openvpn file where you can extract the info.
But you have a problem in your config that's why you get tls errors.
Kong, do you think R7900 will run the R8000 firmware? I posted some tty and nvram dumps a few weeks ago in this thread, and photographs of the board, all of it has R8000 all over it. The only differences listed are no extra USB port, and no 256QAM on the 2.4Ghz radio.
I tried to apply the info of the config file to the setup.
But it did not help...
(maybe I should just switch providers
this is the config file working on my local pc.
Code:
# Notice to Mullvad customers:
#
# Apart from openvpn, you also need to install the
# package "resolvconf", available via apt, e.g.
#
# For those of you behind very restrictive firewalls,
# you can use our tunnels on tcp port 443, as well as
# on udp port 53.
client
dev tun
proto udp
remote de.mullvad.net 1300
cipher AES-256-CBC
tun-ipv6
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Enable compression on the VPN link.
comp-lzo
# Set log file verbosity.
verb 3
remote-cert-tls server
ping-restart 60
# Allow calling of built-in executables and user-defined scripts.
script-security 2
# Parses DHCP options from openvpn to update resolv.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
ping 10
ca ca.crt
cert mullvad.crt
key mullvad.key
crl-verify crl.pem
# Limit range of possible TLS cipher-suites
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA
Posted: Thu Nov 19, 2015 18:28 Post subject: Re: OpenVPN issue
I still have a problem with openvpn, ipv6 and hma.
When I restart the router openvpn does not reconnect.
It seems that there is a problem with the order services starts.
When I manually start openvpn when the router is up everything works fine.
It is possible to define enabling ipv6 before openvpn starts?
Posted: Tue Nov 24, 2015 16:38 Post subject: Re: OpenVPN issue
Grumpledore wrote:
I still have a problem with openvpn, ipv6 and hma.
When I restart the router openvpn does not reconnect.
It seems that there is a problem with the order services starts.
When I manually start openvpn when the router is up everything works fine.
It is possible to define enabling ipv6 before openvpn starts?
Every help is appreciated
I have chased down this issue. What I do is go to Command and rerun the IPTABLES (firewall - I click EDIT, then SAVE) after I do that my openvpn starts working again. For some reason firewall.sh or whatever it's called it's not being ran when the router reboots? Maybe I'm mistaken, but try my approach to see if your OpenVPN starts working after the IPTABLES (firewall.sh) command, or whatever it is gets executed/run.
I attempted to flash the R8000 .chk build onto my R7900 via the stock Netgear HTTPD, and it rejected the firmware without flashing. I also tried using CFE via serial and tftpd the dd-wrt.K3_R8000.chk file from 26 Oct 2015, and the CFE also refused it because the firmware revision didn't match the board revision:
U12H315T00_NETGEAR
U12H315T30_NETGEAR
<Kong> assuming for a moment that the firmware would otherwise work fine, how would I proceed flashing this firmware anyway? Is that the force option in CFE? Should I check anything else before proceeding? I've posted a lot of R7900 info in this thread because it's got the same board and prints R8000 to serial many times when booting.
Posted: Thu Nov 26, 2015 18:21 Post subject: Re: OpenVPN issue
m4f1050 wrote:
I have chased down this issue. What I do is go to Command and rerun the IPTABLES (firewall - I click EDIT, then SAVE) after I do that my openvpn starts working again. For some reason firewall.sh or whatever it's called it's not being ran when the router reboots? Maybe I'm mistaken, but try my approach to see if your OpenVPN starts working after the IPTABLES (firewall.sh) command, or whatever it is gets executed/run.
It seems that it doesn't matter what i do after the restart, when i press "apply settings", the vpn reconnects succesfully, when ipv6 is enabled.
There's another strange behaviour. When i disable ipv6 after the vpn has started, the vpn connection reconnects succesfully with all the ipv6 stuff (until the next router reboot). It seems that pushing "IPV6 Disable" does not really has any effect.
I attempted a CFE/tftp 'flash -noheader : nflash1.trx' followed by nvram erase, using the most recent Kong R8000 chk build dated Oct 25 or thereabouts. The build was able to flash but after a reboot it was rejected due to CRC failure, and CFE fell back to asking for another TFTP upload. Uploading the stock R7900 chk build recovered the router back to stock status.
AHA! found it.. looks like the config that does ifconfig up and down is bugged.. vlan2 kept coming back up even tho my wan was on vlan6 -> so my quick fix is in the startup script:
ifconfig vlan2 down
ifconfig vlan6 up
Posted: Sun Dec 13, 2015 19:39 Post subject: Re: Anyone try today's build?
tomten wrote:
Anyone try today's build?
.bin or .chk?
If .bin; 8x00 or 8000?
yes, works for me and I did not do a factory reset. My only issue is that my 6to4 IPv6 Tunnel no longer works - it worked on build Kong's 28000 build. _________________ pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 Mini-ITX Build
940/880 mbit Fiber Internet from FiOS
Dell PowerConnect 2716 Gigabit Switch
Netgear R8000 AP, running DD-WRT
Asus RT-66U AP, running DD-WRT