This build is running without issues on ASUS RT-AC68U rev.B
Used ddup --flash-latest without resetting. Current uptime > 3 days
Openvpn, samba, port forwarding works, no wifi issues _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Mon Apr 17, 2017 5:08 Post subject:
WJames wrote:
This build has been up for just over two days. Overall, it has been very solid. However, I have seen one OpenVPN "disconnect" with this build. Actually, Windows still shows an active VPN connection, but I cannot access any web sites or intranet computers. I have experienced this issue from time to time with the past few builds. Disconnecting and then re-connecting usually fixes the issue. *Shrug*
I saw the same thing here with my R8000. After two days *poof* no VPN..
I'll try updating to the newest build and see what happens. _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)
This build has been up for just over two days. Overall, it has been very solid. However, I have seen one OpenVPN "disconnect" with this build. Actually, Windows still shows an active VPN connection, but I cannot access any web sites or intranet computers. I have experienced this issue from time to time with the past few builds. Disconnecting and then re-connecting usually fixes the issue. *Shrug*
I saw the same thing here with my R8000. After two days *poof* no VPN..
I'll try updating to the newest build and see what happens.
The new build has comes with openvpn 2.4.1, maybe it helps, if not, checkout /var/log/messages and the syslog output on the vpn status tab. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Mon Apr 17, 2017 21:46 Post subject:
<Kong> wrote:
tmo1138 wrote:
WJames wrote:
This build has been up for just over two days. Overall, it has been very solid. However, I have seen one OpenVPN "disconnect" with this build. Actually, Windows still shows an active VPN connection, but I cannot access any web sites or intranet computers. I have experienced this issue from time to time with the past few builds. Disconnecting and then re-connecting usually fixes the issue. *Shrug*
I saw the same thing here with my R8000. After two days *poof* no VPN..
I'll try updating to the newest build and see what happens.
The new build has comes with openvpn 2.4.1, maybe it helps, if not, checkout /var/log/messages and the syslog output on the vpn status tab.
OpenVPN died again.. I'm running the syslogd now and I'll share logs for you to look at when it happens again.. _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)
Apr 18 04:36:39 R8000 daemon.warn openvpn[11100]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wrong cipher. If you don't receive this message when you first connect, then it is likely, that something changed on the server side between first and reconnect, but the error is clear. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Thu Apr 20, 2017 3:24 Post subject:
<Kong> wrote:
Apr 18 04:36:39 R8000 daemon.warn openvpn[11100]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wrong cipher. If you don't receive this message when you first connect, then it is likely, that something changed on the server side between first and reconnect, but the error is clear.
That's really strange.. you're right.. that's exactly the warning.. but it doesn't make sense why... I'm using the correct certs, port and encryption type.. And I just double-checked the settings.. I checked using 'nvram show' and the nvram settings even show the right cipher:
Apr 18 04:36:39 R8000 daemon.warn openvpn[11100]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wrong cipher. If you don't receive this message when you first connect, then it is likely, that something changed on the server side between first and reconnect, but the error is clear.
That's really strange.. you're right.. that's exactly the warning.. but it doesn't make sense why... I'm using the correct certs, port and encryption type.. And I just double-checked the settings.. I checked using 'nvram show' and the nvram settings even show the right cipher:
Code:
openvpncl_cipher=aes-128-cbc
You set the wrong cipher, can't you read?
The server uses blowfish on the port you are using, it is possible to run multiple instances on a server, that uses different encryption settings. It is also possible, that there is a load balancer that directs you to different servers where one of their servers is configured badly.
Just use a different server or port. Usually if a provider uses different settings as in his guide, then their server is not correctly configured and most likely other settings are bad as well. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Thu Apr 20, 2017 14:39 Post subject:
<Kong> wrote:
tmo1138 wrote:
<Kong> wrote:
Apr 18 04:36:39 R8000 daemon.warn openvpn[11100]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wrong cipher. If you don't receive this message when you first connect, then it is likely, that something changed on the server side between first and reconnect, but the error is clear.
That's really strange.. you're right.. that's exactly the warning.. but it doesn't make sense why... I'm using the correct certs, port and encryption type.. And I just double-checked the settings.. I checked using 'nvram show' and the nvram settings even show the right cipher:
Code:
openvpncl_cipher=aes-128-cbc
You set the wrong cipher, can't you read?
The server uses blowfish on the port you are using, it is possible to run multiple instances on a server, that uses different encryption settings. It is also possible, that there is a load balancer that directs you to different servers where one of their servers is configured badly.
Just use a different server or port. Usually if a provider uses different settings as in his guide, then their server is not correctly configured and most likely other settings are bad as well.
I can read just fine.. I'm not being obtuse and I'm not an idiot. Now maybe PIA are being idiots and I need to take my business to someone else.. *I* did not set the wrong cipher based on their documentation.. and I read and RE-read it just to be sure.
Sorry to be a bother.. I'll find out what PIA is doing and share for others here.
In their own documentation they say to set for that port as follows:
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Sat Apr 22, 2017 22:24 Post subject:
@Kong
I tried changing to Blowfish for the Cipher and still had the same problem: Eventually VPN would disconnect, the logs would show that auth failed and the connection would drop exactly like in the logs above:
Code:
R8000 daemon.notice openvpn[11100]: SIGTERM[soft,auth-failure] received, process exiting
In another thread someone mentioned a config change which I tried and the problem is now solved - for me, anyway.. if VPN does disconnect, I'm able to re-authenticate regardless of cipher.
I don't know specifically when I started seeing this problem but my best recollection is that it was with one of the prior 3 or 4 builds. Prior to a few weeks ago I had no problems with PIA reconnections failing on dd-wrt - that I know for sure. I have no idea if this is PrivateInternet, a bug in OpenVPN.. something going on with dd-wrt.. or what. I'm just sharing the information here should anyone else have a problem configuring VPN on their router.
