Posted: Thu Jul 12, 2012 4:52 Post subject: openvpn client not working?
Has anyone tried to use an openvpn client setup with this? I have been working on it the past two days without luck, and have finally realized that it must be a dd-wrt issue. I can easily connect with the exact same openvpn files using windows or linux.
It seems to connect and receive the first packet, then it fails and restarts the connection only to fail again etc. I have pasted a snippet of the log below.
Code:
20120711 22:50:57 VERIFY OK: depth=1 /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=HideME_CA/emailAddress=feedback@hideme.ru
20120711 22:50:57 VERIFY OK: nsCertType=SERVER
20120711 22:50:57 VERIFY OK: depth=0 /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=server/emailAddress=feedback@hideme.ru
20120711 22:51:56 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20120711 22:51:56 N TLS Error: TLS handshake failed
20120711 22:51:56 TCP/UDP: Closing socket
20120711 22:51:56 I SIGUSR1[soft tls-error] received process restarting
20120711 22:51:56 Restart pause 2 second(s)
20120711 22:51:58 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120711 22:51:58 I Re-using SSL/TLS context
20120711 22:51:58 I LZO compression initialized
20120711 22:51:58 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120711 22:51:58 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120711 22:51:58 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120711 22:51:58 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120711 22:51:58 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120711 22:51:58 Local Options hash (VER=V4): 'd79ca330'
20120711 22:51:58 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120711 22:51:58 I UDPv4 link local: [undef]
20120711 22:51:58 I UDPv4 link remote: xxx.xxx.xxx.xxx:1194
20120711 22:51:58 TLS: Initial packet from xxx.xxx.xxx.xxx:1194 sid=9b733ef1 64808606
20120711 22:51:59 VERIFY OK: depth=1 /C=DE/ST=Bayern/L=Gunzenhausen/O=HideME/CN=HideME_CA/emailAddress=feedback@hideme.ru
20120711 22:51:59 VERIFY OK: nsCertType=SERVER
20120711 22:51:59 VERIFY OK: depth=0
It's also worth noting that I tried to use a PPTP VPN client setup as a test and it also seems to not work for some reason. This is using the exact same PPTP setup that I was using on my previous dd-wrt router. I see that mbze430 noted the same problem above.
Brainslayer, is there any chance you could confirm this problem and maybe tell us if there is some sort of workaround? There is a free 2 day VPN trial at incloak if you need something for testing. http://incloak.com/vpn/
Posted: Fri Jul 13, 2012 21:10 Post subject: Re: openvpn client not working?
spiraleyes wrote:
<snip>
It's also worth noting that I tried to use a PPTP VPN client setup as a test and it also seems to not work for some reason. This is using the exact same PPTP setup that I was using on my previous dd-wrt router. I see that mbze430 noted the same problem above.
Brainslayer, is there any chance you could confirm this problem and maybe tell us if there is some sort of workaround? There is a free 2 day VPN trial at incloak if you need something for testing. http://incloak.com/vpn/
I gave up on the VPN for now... WORSE part is... I can't forward PPTP to my other WNDR3400 which the PPTP VPN is working.
There is some MAJOR bugs in the firmware.
Here is my setup.
192.168.69.1 = WZR-D1800H = FAIL on PPTP VPN via local LAN ip & via WAN ip.
192.168.69.2 = WNDR3400 = Works fine on LAN ip PPTP VPN.
192.168.69.1 is my WAN router, it won't forward the PPTP connection to 192.168.69.2 either.
I have port 1792 & 1723 port forward to 192.168.69.2
the only thing I can think of is that 192.168.69.1 is not passing GRE...
If anyone is willing to help, I can PM my iptables
I was hoping I can get VPN working via Port Forwarding until the VPN is fixed in the WZR-D1800H. No such luck.
Worse part is, this thread is dying out.
ALSO NOTE:
My WZR-D1800H is now rebooting by itself... and sometimes when it reboot by itself, it get stuck. What I have noticed for the past 2 weeks. Before the router "locks up" the BUFFALO word will flash in WHITE... then all of the sudden it will black out, then flash Red then to a solid red
Is there a way to log why it's rebooting by itself?
My WZR-D1800H is now rebooting by itself... and sometimes when it reboot by itself, it get stuck. What I have noticed for the past 2 weeks. Before the router "locks up" the BUFFALO word will flash in WHITE... then all of the sudden it will black out, then flash Red then to a solid red
Is there a way to log why it's rebooting by itself?
Thought it might be a HW issue ... as only ONE of the two I have showed this behaviour.
Just when I was preparing to send it back ... the WiFi stopped working altogether (28 days after first use) ... even after a 30-30-30 reset did it NOT come back to live.
So I am getting a replacement tomorrow ... hopefully this one will work as the first one I got ... I will keep you posted
I asked Buffalo when this router would be shipping with DDWRT as standard like their previous performance routers, and they basically said they didn't know and had no idea if it ever would.
My WZR-D1800H is now rebooting by itself... and sometimes when it reboot by itself, it get stuck. What I have noticed for the past 2 weeks. Before the router "locks up" the BUFFALO word will flash in WHITE... then all of the sudden it will black out, then flash Red then to a solid red
Is there a way to log why it's rebooting by itself?
Thought it might be a HW issue ... as only ONE of the two I have showed this behaviour.
Just when I was preparing to send it back ... the WiFi stopped working altogether (28 days after first use) ... even after a 30-30-30 reset did it NOT come back to live.
So I am getting a replacement tomorrow ... hopefully this one will work as the first one I got ... I will keep you posted
Still having issues ... I set it up to REBOOT once a day, hoping to eliminate some of the issues ... but that did not go well ==> router freezes (does not come back) after reboot started using keep-alive.
The speeds I get are awesome ... 600 - 800 from one end of my property to the other
So the review is mixed.
Maybe its the DD-WRT build we use ... having a few memory leaks or some other "bad" bug ?!
Anyhow, I am now considering to put this experiment on hold and wait until either an official DD-WRT build comes out OR another vendor with "ac" support.
Posted: Wed Jul 18, 2012 18:28 Post subject: New Firmware available from Buffalo
I noticed that new software (beta) is available from buffalo. I downloaded the firmware and tried to upgrade from wrt. It always gives me a "failed". Is there something I can do so I can go back to the original or the latest beta??? HELP. The wrt works ok but I have to reboot once/week.
Thanks!
i will provide a backflash image soon. i have the buffalo image and i converted it to dd-wrt already. but i'm sure sure if i'm allowed to provide this image since its a decrypted variant of the original firmware.
i can usually also implement the buffalo webflash variant. so you can use the original encrypted image to flash back from dd-wrt web interface. both is possible. not sure which way i go
Any chance of me getting a copy of the un-encrypted file. I need to go back to original firmware 1.86 or 1.88 beta. Thanks
Joined: 21 Nov 2010 Posts: 132 Location: North America
Posted: Thu Jul 19, 2012 14:09 Post subject:
bobiii wrote:
BrainSlayer wrote:
i will provide a backflash image soon. i have the buffalo image and i converted it to dd-wrt already. but i'm sure sure if i'm allowed to provide this image since its a decrypted variant of the original firmware.
i can usually also implement the buffalo webflash variant. so you can use the original encrypted image to flash back from dd-wrt web interface. both is possible. not sure which way i go
Any chance of me getting a copy of the un-encrypted file. I need to go back to original firmware 1.86 or 1.88 beta. Thanks
Here are 2 unencryptedBuffalo Factory Firmware files that will allow back flashing from dd-wrt. Please allow about 4 minutes for flashing and then power cycle the router. These firmwares will reset all parameters to factory defaults (i.e. -- IP address 192.168.11.1, User id: admin, Password: password, etc..).
Some helpful hints:
1.) Don't try flashing across Wi-Fi as the router will probably hang.
2.) Turn off Ad Block Plus (ABP) add-on to Linux FireFox to prevent losing big pieces of video on some screens when configuring the Buffalo factory firmware. ( This may also apply to Windows ... I haven't tested .)
Joined: 21 Nov 2010 Posts: 132 Location: North America
Posted: Sun Jul 22, 2012 7:45 Post subject: JFFS2 Is Broken
@BrainSlayer
...And while you're at it ... could you fix a problem with JFFS ?
Enabling JFFS2 on the Administration -> Management menu doesn't cause any special device to be auto mounted to the /jffs directory. If my thinking is correct, this is what should be happening: mount -t jffs2 -w /dev/mtdblock/6 /jffs .
Incidentally entering this command at the prompt doesn't fix the problem either. It appears that something is blocking the use of the /jffs directory as a mount point. Also, I noticed on the Status -> Router web page under Space Usage it shows JFFS2 13.38MB/13.38MB. This corresponds to rootfs which is on /dev/mtdblock/4 on the WZR-D1800H. Apparently the code behind the web page is making this assumption. On other Broadcom based routers such as the Linksys E4200v1 and the Asus RT-N66U, the /dev/mtdblock/4 device is auto mounted to /jffs when JFFS2 is enabled.
I found myself with a few extra WLI-H4-D1300 bridges and thought I'd see if I could make them useful. I can confirm that BrainSlayer's 19364 build does indeed work on these.
Even though the IP address of the stock firmware on this device defaults to 1.1.1.1, the CFE still uses 192.168.11.1 like the WZR-D1800H. I couldn't get it to accept firmware via TFTP out of the box, so I had to break it open and serial it, then enable boot_wait. Then it took the 19364 .bin fine. The stock firmware would not take the encrypted image... must have a check for the "correct" device. But TFTP worked fine. DD-WRT reports it as a WZR-D1800H.
I made a backup of the stock WLI-H4-D1300 firmware which I'm happy to post if anyone cares.
Is it possible to flash this device without having to open it up and enable boot_wait? Don't really want to open my other two if I can avoid it...
Thanks to BrainSlayer for making this port possible, and to others in this thread who have provided additional info and testing!
