Author
Message
matthandy DD-WRT Novice Joined: 16 Jun 2016 Posts: 1
Posted: Thu Jun 16, 2016 1:30 Post subject: VPN with IPVANISH just wont work please help!!
The situation:
I have a modem router thats connected to my phone line and all is well, i get on line no problems.
This is connected to a switch which feeds other parts of the house, all devices on the switch are working just fine.
I connected a router to the switch via its wan port, set the wireless up and had a new ssid and could get online just fine.
I flashed the new router with dd wrt and still all good.
I then went through the process steps with ipvanish to set this as a dedicated VPN router.I tried the
GUI method
https://www.ipvanish.com/visualguides/OpenVPN/DD-WRT/
and I tried their script method.
https://support.ipvanish.com/customer/portal/articles/1969163-dd-wrt-script
http://files.ipvanish.com/OpenVPN_DDWRT.txt
I am still online but my ip is my isp assigned ip so i know its failing.
The time on the vpn router is correct and NAT is enabled
to confirm the second router is on a different subnet
On the modem router I have:
bound the mac and ip address of the vpn router
set up port forwarding of all ports on the list plus 443 and selected bu TCP and UDP
I have placed the ip of the vpn router in the DMZ
here is the log from the vpn router thats generated from their script -any help greatly appreciated
http://pastebin.com/iPnyMLNg
Back to top
Sponsor
Mike42Smith DD-WRT User Joined: 14 Feb 2016 Posts: 146 Location: Germany
Posted: Fri Jun 17, 2016 17:53 Post subject:
You don't have to do anything with your modem-router if you just want to run a VPN client onto your VPN router, because it's an outgoing connection!
Nevertheless I mean you havn't set a new default gateway address into your VPN router. That means if you look at your VPN route (typing: route) you will see the LAN IP address of your modem-router as default gateway IP address.
Therefore add the following line to your additional config in the VPN section of your DD-WRT router:
route-gateway dhcp
More information you will find here:
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage _________________ Ongoing experiences with:
Linksys E3000 and WRT610N v2
TP-Link Archer C9
Raspberry Pi and TP-Link TL-WR710N with OpenWRT
Back to top
mac913 DD-WRT Guru Joined: 02 May 2008 Posts: 1848 Location: Canada
Posted: Sun Jun 19, 2016 19:48 Post subject:
https://www.ipvanish.com/visualguides/OpenVPN/DD-WRT/
This setup is old and hasn't been updated.
In the IPVansish guides follow 1-7 as shown.
Guide 8 Changes. Newer version of DD-WRT allow Username and Password to be entered in the GUI no need to add scripts from Guide 15.
Guide 9 Changes with these 2 changes.
1)for TLS Cipher use "None"
2) for Addititional Config I use these settings but change <ipvanish server IP/name> to yours...
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
persist-remote-ip
auth SHA256
keysize 256
tls-remote <ipvanish server IP/Name>
script-security 3 system
Guides 15 & 16 skip them and continue with 17 & 18 and done.
Hope it helps. _________________Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
YAMon 3.4.6 | DNSCrypt-Proxy V2
Back to top
b1driver DD-WRT Novice Joined: 29 Jul 2016 Posts: 1
Posted: Fri Jul 29, 2016 1:16 Post subject: Username/Password
Not seeing the username or password in the GUI, using Kong's build 29900M. Where should I see it? Thanks
Back to top
benj710 DD-WRT Novice Joined: 05 Aug 2016 Posts: 2
Posted: Fri Aug 05, 2016 3:28 Post subject:
mac913 wrote: https://www.ipvanish.com/visualguides/OpenVPN/DD-WRT/
This setup is old and hasn't been updated.
In the IPVansish guides follow 1-7 as shown.
Guide 8 Changes. Newer version of DD-WRT allow Username and Password to be entered in the GUI no need to add scripts from Guide 15.
Guide 9 Changes with these 2 changes.
1)for TLS Cipher use "None"
2) for Addititional Config I use these settings but change <ipvanish server IP/name> to yours...
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
persist-remote-ip
auth SHA256
keysize 256
tls-remote <ipvanish server IP/Name>
script-security 3 system
Guides 15 & 16 skip them and continue with 17 & 18 and done.
Hope it helps.
worked perfect. I did have to update dns server to google's. Thanks! Last edited by benj710 on Tue Aug 09, 2016 1:52; edited 1 time in total
Back to top
deslauriermc DD-WRT Novice Joined: 02 Aug 2016 Posts: 6
Posted: Tue Aug 09, 2016 1:29 Post subject:
will this work with DD-WRT ver 3.0 as , by Ipvanish's Customer service, they claim that their openVPN version only works with versions 2.x
The only way they claim it works is through PPTP.
Back to top
benj710 DD-WRT Novice Joined: 05 Aug 2016 Posts: 2
Posted: Tue Aug 09, 2016 1:49 Post subject:
deslauriermc wrote: will this work with DD-WRT ver 3.0 as , by Ipvanish's Customer service, they claim that their openVPN version only works with versions 2.x
The only way they claim it works is through PPTP.
I'm running Firmware: DD-WRT v3.0-r28788 std (01/13/16)
Back to top
elDGM DD-WRT Novice Joined: 20 Aug 2016 Posts: 3
Posted: Tue Aug 23, 2016 15:03 Post subject:
Hello, new forum member here. I'm running DD-WRT v3.0-r29409 std (04/05/16) on a TP-Link Archer C9 V1
I have been back and forth with IP Vanish tech support and cannot get the VPN to work through the WEB GUI. I have been able to get it working through the scripts they provide, but then I lose the ability to do policy based routing, which I need.
I have followed the instructions provided in this thread to the letter for using the WEB GUI and still get errors. Can someone please help? The Open VPN log from the status page follows:
State
Client: RECONNECTING tls-error
Local Address:
Remote Address:
Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 0
Auth read bytes 0
Log
Clientlog:
20160823 09:55:22 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:22 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:22 N TLS Error: TLS handshake failed
20160823 09:55:22 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:22 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:22 Restart pause 5 second(s)
20160823 09:55:27 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 09:55:27 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 09:55:27 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.20:443
20160823 09:55:27 I Attempting to establish TCP connection with [AF_INET]209.107.216.20:443 [nonblock]
20160823 09:55:28 I TCP connection established with [AF_INET]209.107.216.20:443
20160823 09:55:28 I TCPv4_CLIENT link local: [undef]
20160823 09:55:28 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.20:443
20160823 09:55:28 TLS: Initial packet from [AF_INET]209.107.216.20:443 sid=11b3d6d8 724f00b3
20160823 09:55:28 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 09:55:28 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a14.ipvanish.com/emailAddress=support@ipvanish.com must be <209.107.216.20>
20160823 09:55:28 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:28 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:28 N TLS Error: TLS handshake failed
20160823 09:55:28 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:28 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:28 Restart pause 5 second(s)
20160823 09:55:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 09:55:33 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 09:55:33 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.20:443
20160823 09:55:33 I Attempting to establish TCP connection with [AF_INET]209.107.216.20:443 [nonblock]
20160823 09:55:34 I TCP connection established with [AF_INET]209.107.216.20:443
20160823 09:55:34 I TCPv4_CLIENT link local: [undef]
20160823 09:55:34 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.20:443
20160823 09:55:34 TLS: Initial packet from [AF_INET]209.107.216.20:443 sid=ef4869f7 78bb78b0
20160823 09:55:34 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 09:55:34 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a14.ipvanish.com/emailAddress=support@ipvanish.com must be <209.107.216.20>
20160823 09:55:34 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:34 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:34 N TLS Error: TLS handshake failed
20160823 09:55:34 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:34 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:34 Restart pause 5 second(s)
20160823 09:55:39 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 09:55:39 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 09:55:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.20:443
20160823 09:55:39 I Attempting to establish TCP connection with [AF_INET]209.107.216.20:443 [nonblock]
20160823 09:55:40 I TCP connection established with [AF_INET]209.107.216.20:443
20160823 09:55:40 I TCPv4_CLIENT link local: [undef]
20160823 09:55:40 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.20:443
20160823 09:55:40 TLS: Initial packet from [AF_INET]209.107.216.20:443 sid=bb4ff1dd 4bf6d9c6
20160823 09:55:40 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 09:55:40 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a14.ipvanish.com/emailAddress=support@ipvanish.com must be <209.107.216.20>
20160823 09:55:40 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:40 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:40 N TLS Error: TLS handshake failed
20160823 09:55:40 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:40 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:40 Restart pause 5 second(s)
20160823 09:55:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 09:55:45 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 09:55:45 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.20:443
20160823 09:55:45 I Attempting to establish TCP connection with [AF_INET]209.107.216.20:443 [nonblock]
20160823 09:55:46 I TCP connection established with [AF_INET]209.107.216.20:443
20160823 09:55:46 I TCPv4_CLIENT link local: [undef]
20160823 09:55:46 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.20:443
20160823 09:55:46 TLS: Initial packet from [AF_INET]209.107.216.20:443 sid=c1cf9918 36a3819f
20160823 09:55:46 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 09:55:46 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a14.ipvanish.com/emailAddress=support@ipvanish.com must be <209.107.216.20>
20160823 09:55:46 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:46 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:46 N TLS Error: TLS handshake failed
20160823 09:55:46 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:46 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:46 Restart pause 5 second(s)
20160823 09:55:51 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 09:55:51 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 09:55:51 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.20:443
20160823 09:55:51 I Attempting to establish TCP connection with [AF_INET]209.107.216.20:443 [nonblock]
20160823 09:55:52 I TCP connection established with [AF_INET]209.107.216.20:443
20160823 09:55:52 I TCPv4_CLIENT link local: [undef]
20160823 09:55:52 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.20:443
20160823 09:55:52 TLS: Initial packet from [AF_INET]209.107.216.20:443 sid=ec90efb7 76d0b096
20160823 09:55:53 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 09:55:53 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a14.ipvanish.com/emailAddress=support@ipvanish.com must be <209.107.216.20>
20160823 09:55:53 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 09:55:53 N TLS Error: TLS object -> incoming plaintext read error
20160823 09:55:53 N TLS Error: TLS handshake failed
20160823 09:55:53 N Fatal TLS error (check_tls_errors_co) restarting
20160823 09:55:53 I SIGUSR1[soft tls-error] received process restarting
20160823 09:55:53 Restart pause 5 second(s)
20160823 09:55:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 09:55:56 D MANAGEMENT: CMD 'state'
20160823 09:55:56 MANAGEMENT: Client disconnected
20160823 09:55:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 09:55:56 D MANAGEMENT: CMD 'state'
20160823 09:55:56 MANAGEMENT: Client disconnected
20160823 09:55:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 09:55:56 D MANAGEMENT: CMD 'state'
20160823 09:55:56 MANAGEMENT: Client disconnected
20160823 09:55:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 09:55:56 D MANAGEMENT: CMD 'status 2'
20160823 09:55:56 MANAGEMENT: Client disconnected
20160823 09:55:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 09:55:56 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00
ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher aes-256-cbc auth sha256 auth-user-pass /tmp/openvpncl/credentials remote 209.107.216.20 443 comp-lzo yes tun-mtu 1500 mtu-disc yes tun-ipv6 tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA persist-remote-ip auth SHA256 keysize 256 tls-remote <209.107.216.20> script-security 3 system
Thank you in advance for any help possible!
Back to top
Mike42Smith DD-WRT User Joined: 14 Feb 2016 Posts: 146 Location: Germany
Posted: Tue Aug 23, 2016 18:29 Post subject:
Try to set the tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA to NONE / leave it out.
In consequence of this the OpenVPN server will negotiate the best tls-cipher at connecting sequence. _________________ Ongoing experiences with:
Linksys E3000 and WRT610N v2
TP-Link Archer C9
Raspberry Pi and TP-Link TL-WR710N with OpenWRT
Back to top
elDGM DD-WRT Novice Joined: 20 Aug 2016 Posts: 3
Posted: Tue Aug 23, 2016 19:28 Post subject:
Thanks for the quick reply! Tried leaving out the TLS cipher and no VPN still. I think I got the same messages in the log:
State
Client: RECONNECTING tls-error
Local Address:
Remote Address:
Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 0
Auth read bytes 0
Log
Clientlog:
20160823 14:25:12 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:12 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:12 N TLS Error: TLS handshake failed
20160823 14:25:12 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:12 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:12 Restart pause 5 second(s)
20160823 14:25:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 14:25:17 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 14:25:17 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.9:443
20160823 14:25:17 I Attempting to establish TCP connection with [AF_INET]209.107.216.9:443 [nonblock]
20160823 14:25:18 I TCP connection established with [AF_INET]209.107.216.9:443
20160823 14:25:18 I TCPv4_CLIENT link local: [undef]
20160823 14:25:18 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.9:443
20160823 14:25:18 TLS: Initial packet from [AF_INET]209.107.216.9:443 sid=15b5b950 9b3fee5d
20160823 14:25:19 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 14:25:19 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a07.ipvanish.com/emailAddress=support@ipvanish.com must be
20160823 14:25:19 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:19 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:19 N TLS Error: TLS handshake failed
20160823 14:25:19 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:19 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:19 Restart pause 5 second(s)
20160823 14:25:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 14:25:24 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 14:25:24 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.9:443
20160823 14:25:24 I Attempting to establish TCP connection with [AF_INET]209.107.216.9:443 [nonblock]
20160823 14:25:25 I TCP connection established with [AF_INET]209.107.216.9:443
20160823 14:25:25 I TCPv4_CLIENT link local: [undef]
20160823 14:25:25 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.9:443
20160823 14:25:25 TLS: Initial packet from [AF_INET]209.107.216.9:443 sid=635f0762 e978d27c
20160823 14:25:25 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 14:25:25 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a07.ipvanish.com/emailAddress=support@ipvanish.com must be
20160823 14:25:25 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:25 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:25 N TLS Error: TLS handshake failed
20160823 14:25:25 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:25 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:25 Restart pause 5 second(s)
20160823 14:25:30 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 14:25:30 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 14:25:30 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.9:443
20160823 14:25:30 I Attempting to establish TCP connection with [AF_INET]209.107.216.9:443 [nonblock]
20160823 14:25:31 I TCP connection established with [AF_INET]209.107.216.9:443
20160823 14:25:31 I TCPv4_CLIENT link local: [undef]
20160823 14:25:31 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.9:443
20160823 14:25:31 TLS: Initial packet from [AF_INET]209.107.216.9:443 sid=c49e5a07 9e9d7ee1
20160823 14:25:31 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 14:25:31 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a07.ipvanish.com/emailAddress=support@ipvanish.com must be
20160823 14:25:31 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:31 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:31 N TLS Error: TLS handshake failed
20160823 14:25:31 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:31 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:31 Restart pause 5 second(s)
20160823 14:25:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 14:25:36 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 14:25:36 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.9:443
20160823 14:25:36 I Attempting to establish TCP connection with [AF_INET]209.107.216.9:443 [nonblock]
20160823 14:25:37 I TCP connection established with [AF_INET]209.107.216.9:443
20160823 14:25:37 I TCPv4_CLIENT link local: [undef]
20160823 14:25:37 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.9:443
20160823 14:25:37 TLS: Initial packet from [AF_INET]209.107.216.9:443 sid=df32d2c7 277aa4dc
20160823 14:25:37 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 14:25:37 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a07.ipvanish.com/emailAddress=support@ipvanish.com must be
20160823 14:25:37 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:37 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:37 N TLS Error: TLS handshake failed
20160823 14:25:37 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:37 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:37 Restart pause 5 second(s)
20160823 14:25:42 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20160823 14:25:42 Socket Buffers: R=[87380->87380] S=[16384->16384]
20160823 14:25:42 I TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.216.9:443
20160823 14:25:42 I Attempting to establish TCP connection with [AF_INET]209.107.216.9:443 [nonblock]
20160823 14:25:43 I TCP connection established with [AF_INET]209.107.216.9:443
20160823 14:25:43 I TCPv4_CLIENT link local: [undef]
20160823 14:25:43 I TCPv4_CLIENT link remote: [AF_INET]209.107.216.9:443
20160823 14:25:43 TLS: Initial packet from [AF_INET]209.107.216.9:443 sid=bae532fa dc6fb402
20160823 14:25:44 VERIFY OK: depth=1 /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
20160823 14:25:44 VERIFY X509NAME ERROR: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=dal-a07.ipvanish.com/emailAddress=support@ipvanish.com must be
20160823 14:25:44 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
20160823 14:25:44 N TLS Error: TLS object -> incoming plaintext read error
20160823 14:25:44 N TLS Error: TLS handshake failed
20160823 14:25:44 N Fatal TLS error (check_tls_errors_co) restarting
20160823 14:25:44 I SIGUSR1[soft tls-error] received process restarting
20160823 14:25:44 Restart pause 5 second(s)
20160823 14:25:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 14:25:44 D MANAGEMENT: CMD 'state'
20160823 14:25:44 MANAGEMENT: Client disconnected
20160823 14:25:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 14:25:44 D MANAGEMENT: CMD 'state'
20160823 14:25:44 MANAGEMENT: Client disconnected
20160823 14:25:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 14:25:44 D MANAGEMENT: CMD 'state'
20160823 14:25:44 MANAGEMENT: Client disconnected
20160823 14:25:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 14:25:44 D MANAGEMENT: CMD 'status 2'
20160823 14:25:44 MANAGEMENT: Client disconnected
20160823 14:25:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20160823 14:25:44 D MANAGEMENT: CMD 'log 500'
19691231 18:00:00
ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher aes-256-cbc auth sha256 auth-user-pass /tmp/openvpncl/credentials remote dal-a07.ipvanish.com 443 comp-lzo yes tun-mtu 1500 mtu-disc yes tun-ipv6 persist-remote-ip auth SHA256 keysize 256 tls-remote script-security 3 system
Back to top
Mike42Smith DD-WRT User Joined: 14 Feb 2016 Posts: 146 Location: Germany
Posted: Wed Aug 24, 2016 5:52 Post subject:
By the way did you set the tls-auth key-file to your config provided by IPvansh? because I don't see any "tls-auth" entry in your config logs. _________________ Ongoing experiences with:
Linksys E3000 and WRT610N v2
TP-Link Archer C9
Raspberry Pi and TP-Link TL-WR710N with OpenWRT
Back to top
elDGM DD-WRT Novice Joined: 20 Aug 2016 Posts: 3
Posted: Wed Aug 24, 2016 12:59 Post subject:
Just heard back from IP Vanish with a suggestion that worked! Aside from deleting the TLS cipher line in the additional configuration box they also suggested removing the <> symbols around the server name/ip address in the tls-remote line. After doing this and rebooting it is working and also even policy based routing is working when I added that to the appropriate field in the GUI!!!
My corrected additional config is as follows:
persist-remote-ip
auth SHA256
keysize 256
tls-remote ipvanish server IP/Name
script-security 3 system
Thanks so much for the quick responses in this thread!! I hope I have added some useful information for others that encounter the same problem.
Back to top
Cowsland DD-WRT Novice Joined: 05 Jan 2017 Posts: 8
Posted: Fri Jan 20, 2017 17:38 Post subject:
Do you know if there have been extra changes to the necessary settings?
I've followed this updated guide to the letter but still can't connect
Back to top
Cowsland DD-WRT Novice Joined: 05 Jan 2017 Posts: 8
Posted: Fri Jan 20, 2017 23:56 Post subject:
I don't understand why i only have this log
Clientlog:
ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher aes-256-cbc auth sha256 auth-user-pass /tmp/openvpncl/credentials remote nyc-a18.ipvanish.com 443 comp-lzo yes tun-mtu 1500 mtu-disc yes tun-ipv6 persist-remote-ip auth SHA256 keysize 256 tls-remote nyc-a18.ipvanish.com script-security 3 system
It looks like it's not even trying to connect
Back to top
Cowsland DD-WRT Novice Joined: 05 Jan 2017 Posts: 8
Posted: Sat Jan 21, 2017 0:26 Post subject:
I've checked and rechecked everything.
It's step by step identical to the suggested settings
Is it possible some default settings in other tabs stop the openvpn from working properly?
Back to top