I need a custom script that checks OpenVPN connection

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4  Next
View previous topic :: View next topic  
Author Message
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549
PostPosted: Sun Jul 16, 2017 20:34    Post subject: Reply with quote
1. Yes, either example should go in the additional config section.

2. vpn_gateway is a variable for the VPN network within OpenVPN. Its not meant to be a placeholder it will be parsed by OpenVPN as a variable.

3. Yes, there would already be a route setup for the tun1 interface, you are just doing the routing rules within OpenVPN itself.

Because you are running route-nopull, you essentially have the VPN tunnel active but no traffic will use it, unless explicitly told to.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Back to top View user's profile Send private message Visit poster's website
Sponsor
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Sun Jul 16, 2017 20:37    Post subject: Reply with quote
Sorry for my serial posts. You're the man. Looks like you fixed the problem. What I did:

I removed my ip routes from startup.
I added all these lines to Additional Config field.
Reboot router.

Code:
route-nopull
reneg-sec 300
ping 10
ping-restart 60

route 208.85.40.0 255.255.255.0
route 198.35.26.0 255.255.254.0


When I tracert pandora.com it goes thru 10.10.0.1

Route working perfectly. But I need to test the system more than one days if still working that means you fixed. Thank you Laughing
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549
PostPosted: Sun Jul 16, 2017 20:42    Post subject: Reply with quote
No worries! Hopefully that should be more stable for you.

Even if OpenVPN disconnects, the changes should keep your specific routing rules in place and automatically re-establish the connection to the tunnel if it drops.

If you do still get disconnects you might want to investigate that further, maybe add a higher logging level like verb 5, to see whats going on in the logs.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Sun Jul 16, 2017 20:48    Post subject: Reply with quote
Thank you very much James. I don't think I'll see any problem in the future. Looks fixed as you said. Even if it drops your code adds routes again. I use my WRT1900AC v1 as a VPN Server. Kong's Build is very nice. I don't want to try other builds. My build is very stable.

I can connect to my home via my iPhone thru SoftEtherVPN
My garden IP Camera connects thru OpenVPN Server
I have access for some websites thats normally my ISP blocks (pandora.com, wikipedia.org etc) via OpenVPNClient
I use Recursive DNS (My internet connection secure)
I use ADBlock Plus filters on my Privoxy (same router)

As you see lots of thing working on this great router. Maybe you like my solution for Recursive DNS Resolution with DNSMasq. Check it:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=309795&highlight=
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Mon Jul 17, 2017 23:37    Post subject: Reply with quote
James, I think my problem is still continue. IP route and VPN connection is OK but sometimes it drops and I do not have access to pandora.com and wikipedia.org even I can see the correct IP Routes. Here is the client log:

Clientlog:
19700101 03:00:37 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
19700101 03:00:37 I OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 8 2017
19700101 03:00:37 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
19700101 03:00:37 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 03:00:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 03:00:37 W WARNING: Your certificate is not yet valid!
20170717 23:00:01 N RESOLVE: Cannot resolve host address: us1.vpnbook.com:25000 (Try again)
20170717 23:00:03 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:00:03 I UDPv4 link local: (not bound)
20170717 23:00:03 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170717 23:00:04 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=67783fb5 12094186
20170717 23:00:04 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170717 23:00:05 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:00:05 VERIFY OK: nsCertType=SERVER
20170717 23:00:05 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:00:09 NOTE: --mute triggered...
20170717 23:00:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:09 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170717 23:00:10 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170717 23:00:11 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.6 10.10.0.5'
20170717 23:00:11 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 NOTE: --mute triggered...
20170717 23:00:11 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:11 OPTIONS IMPORT: timers and/or timeouts modified
20170717 23:00:11 OPTIONS IMPORT: --ifconfig/up options modified
20170717 23:00:11 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:00:11 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170717 23:00:11 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:00:11 NOTE: --mute triggered...
20170717 23:00:11 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:11 I TUN/TAP device tun1 opened
20170717 23:00:11 TUN/TAP TX queue length set to 100
20170717 23:00:11 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170717 23:00:11 I /sbin/ifconfig tun1 10.10.0.6 pointopoint 10.10.0.5 mtu 1500
20170717 23:00:11 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.5
20170717 23:00:11 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.5
20170717 23:00:11 I Initialization Sequence Completed
20170717 23:05:09 TLS: soft reset sec=0 bytes=9843/-1 pkts=128/0
20170717 23:06:05 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:06:05 VERIFY OK: nsCertType=SERVER
20170717 23:06:05 NOTE: --mute triggered...
20170717 23:06:10 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:06:10 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20170717 23:06:10 N TLS Error: TLS handshake failed
20170717 23:06:10 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
20170717 23:06:24 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=9e91e8b0 f4ce39ab
20170717 23:06:31 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:06:31 NOTE: --mute triggered...
20170717 23:07:02 8 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:02 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170717 23:07:02 I SIGUSR1[soft ping-restart] received process restarting
20170717 23:07:02 Restart pause 5 second(s)
20170717 23:07:07 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170717 23:07:07 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170717 23:07:07 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:07:07 I UDPv4 link local: (not bound)
20170717 23:07:07 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170717 23:07:07 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=d6391194 b276c04f
20170717 23:07:14 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:07:14 VERIFY OK: nsCertType=SERVER
20170717 23:07:14 NOTE: --mute triggered...
20170717 23:07:14 2 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:14 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170717 23:07:15 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170717 23:07:15 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.114 10.10.0.113'
20170717 23:07:15 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 NOTE: --mute triggered...
20170717 23:07:15 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:15 OPTIONS IMPORT: timers and/or timeouts modified
20170717 23:07:15 OPTIONS IMPORT: --ifconfig/up options modified
20170717 23:07:15 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:07:15 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170717 23:07:15 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:07:15 NOTE: --mute triggered...
20170717 23:07:15 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:15 I Preserving previous TUN/TAP instance: tun1
20170717 23:07:15 I Initialization Sequence Completed
20170717 23:12:14 TLS: soft reset sec=0 bytes=8165/-1 pkts=99/0
20170717 23:12:19 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:12:19 VERIFY OK: nsCertType=SERVER
20170717 23:12:19 NOTE: --mute triggered...
20170718 02:33:22 357 variation(s) on previous 3 message(s) suppressed by --mute
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:23 D MANAGEMENT: CMD 'status 2'
20170718 02:33:23 MANAGEMENT: Client disconnected
20170718 02:33:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:23 D MANAGEMENT: CMD 'log 500'
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549
PostPosted: Tue Jul 18, 2017 5:23    Post subject: Reply with quote
Quote:

19700101 03:00:37 W WARNING: Your certificate is not yet valid!
20170717 23:00:01 N RESOLVE: Cannot resolve host address: us1.vpnbook.com:25000 (Try again)
20170717 23:00:03 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:00:03 I UDPv4 link local: (not bound)


That part of the log is interesting. It would suggest there is a potential issue with the time settings on your router.

Are you using NTP to ensure your router's time and date is up to date?

Certificate errors in OpenVPN are often related to the system clock being incorrect.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Tue Jul 18, 2017 7:21    Post subject: Reply with quote
Hello James, my NTP settings and my router time correct. I am make sure. But I discovered when I copy paste your code from forum, the forum php script adds space char (whitespace) to end of each line. I delete these lines and reboot my router again. I am testing now. IF it is fail again. I delete your code but I will keep your ROUTE settings. Maybe it can fix my problem. I'll let you know.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Tue Jul 18, 2017 21:44    Post subject: Reply with quote
During the last 14 hours, your code works perfectly. I believe I made a mistake when I copy paste your code. AS I said forum adds whitespace each line. Still I am testing. IT supposed to be fail during 14 hours. I will wait more. Currently I have access pandora and wikipedia thru VPN.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Fri Jul 21, 2017 13:04    Post subject: Reply with quote
Hi James,

I am still struggling with Open VPN. I will share my Client log with you. Can you help me? First everything is OK but after sometimes I do not have access to pandora.com and wikipedia.org (I should able to access ONLY these websites via OpenVPN) After your modification my ip route always correct but still I have a problem. If I stopservice openvpn it tells me error about NAT, I re-run stopservice than I can stop the OpenVPN. Looks like this is related with DNS I guess or gateway. Only way to use OpenVPN reboot my router.

Here is the log:

Code:
Clientlog:
20170720 18:37:49 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20170720 18:37:49 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20170720 18:37:49 I OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 8 2017
20170720 18:37:49 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
20170720 18:37:49 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20170720 18:37:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170720 18:37:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170720 18:37:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170720 18:37:49 I UDPv4 link local: (not bound)
20170720 18:37:49 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170720 18:37:49 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=52eabf3f 6006b3cd
20170720 18:37:49 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170720 18:38:06 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:38:06 VERIFY OK: nsCertType=SERVER
20170720 18:38:06 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:38:06 NOTE: --mute triggered...
20170720 18:38:06 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:06 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170720 18:38:07 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170720 18:38:09 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.162 10.10.0.161'
20170720 18:38:09 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 NOTE: --mute triggered...
20170720 18:38:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:09 OPTIONS IMPORT: timers and/or timeouts modified
20170720 18:38:09 OPTIONS IMPORT: --ifconfig/up options modified
20170720 18:38:09 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170720 18:38:09 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170720 18:38:09 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170720 18:38:09 NOTE: --mute triggered...
20170720 18:38:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:09 I TUN/TAP device tun1 opened
20170720 18:38:09 TUN/TAP TX queue length set to 100
20170720 18:38:09 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170720 18:38:09 I /sbin/ifconfig tun1 10.10.0.162 pointopoint 10.10.0.161 mtu 1500
20170720 18:38:09 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.161
20170720 18:38:09 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.161
20170720 18:38:10 I Initialization Sequence Completed
20170720 18:43:06 TLS: soft reset sec=0 bytes=331693/-1 pkts=830/0
20170720 18:43:07 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:43:07 VERIFY OK: nsCertType=SERVER
20170720 18:43:07 NOTE: --mute triggered...
20170721 02:04:05 771 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:05 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170721 02:04:05 I SIGUSR1[soft ping-restart] received process restarting
20170721 02:04:05 Restart pause 5 second(s)
20170721 02:04:10 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170721 02:04:10 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170721 02:04:10 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170721 02:04:10 I UDPv4 link local: (not bound)
20170721 02:04:10 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170721 02:04:14 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=dde862cf 62f37b95
20170721 02:04:19 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170721 02:04:19 VERIFY OK: nsCertType=SERVER
20170721 02:04:19 NOTE: --mute triggered...
20170721 02:04:28 2 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:28 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170721 02:04:29 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170721 02:04:30 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.166 10.10.0.165'
20170721 02:04:30 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 NOTE: --mute triggered...
20170721 02:04:30 1 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:30 OPTIONS IMPORT: timers and/or timeouts modified
20170721 02:04:30 OPTIONS IMPORT: --ifconfig/up options modified
20170721 02:04:30 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170721 02:04:30 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170721 02:04:30 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170721 02:04:30 NOTE: --mute triggered...
20170721 02:04:30 1 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:30 I Preserving previous TUN/TAP instance: tun1
20170721 02:04:30 I Initialization Sequence Completed
20170721 02:09:28 TLS: soft reset sec=0 bytes=7631/-1 pkts=109/0
20170721 02:09:38 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170721 02:09:38 VERIFY OK: nsCertType=SERVER
20170721 02:09:38 NOTE: --mute triggered...
20170721 15:54:35 1455 variation(s) on previous 3 message(s) suppressed by --mute
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'status 2'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'log 500'


Here is the additional config:

Code:
route-nopull
reneg-sec 300
ping 10
ping-restart 60
route 208.85.40.0 255.255.255.0
route 198.35.26.0 255.255.254.0


Here is the startup script:

Code:
openvpn --mktun --dev tap2
brctl addif br0 tap2
ifconfig tap2 0.0.0.0 promisc up
sleep 45
vpncmd localhost:443 /SERVER /PASSWORD /CMD ConfigSet //tmp//vpn_server.config
sleep 15
brctl addif br0 tap_soft

sleep 10
stopservice unbound
stopservice dnsmasq
sed -i '/server:/ a\port: 5153\' /tmp/unbound.conf
unbound -c /tmp/unbound.conf

sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Fri Jul 21, 2017 13:45    Post subject: Reply with quote
Maybe related with this: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310247
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Sat Jul 22, 2017 22:44    Post subject: Reply with quote
James, my problem related with my DNS modifications (Ubound and DNSMasq)

As I said before here is the my startup script:

Code:
openvpn --mktun --dev tap2
brctl addif br0 tap2
ifconfig tap2 0.0.0.0 promisc up
sleep 45
vpncmd localhost:443 /SERVER /PASSWORD /CMD ConfigSet //tmp//vpn_server.config
sleep 15
brctl addif br0 tap_soft

sleep 10
stopservice unbound
stopservice dnsmasq
sed -i '/server:/ a\port: 5153\' /tmp/unbound.conf
unbound -c /tmp/unbound.conf

sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf


After my OpenVPN client drop and re-connect I cannot able to access pandora.com and wikipedia.org YOur code creates the ip routes but I cannot access. I found out:

If my router successfully connected to OpenVPN Server but I cannot access these websites if I run these commands:

Code:
stopservice unbound
stopservice dnsmasq
sed -i '/server:/ a\port: 5153\' /tmp/unbound.conf
unbound -c /tmp/unbound.conf

sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf


I can able to connect these websites.

What I need:

I want to create custom script above. Everytime after OpenVPN connection success or restart (with your modification) this cutome script should be run. But how?

Thanks.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Sat Jul 22, 2017 22:51    Post subject: Reply with quote
I found these lines in /tmp/openvpncl/route-up.sh folder. This explain why I cannot able to access pandora.com and wikipedia.org after re-connect. Looks like this is related with dnsmasq. And I modified my dnsmasq options. Please check my previous post.

Code:
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
stopservice dnsmasq -f
startservice dnsmasq -f
cat /tmp/resolv.dnsmasq > /tmp/resolv.dnsmasq_isp
env | grep 'dhcp-option DNS' | awk '{ print "nameserver " $3 }' > /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp >> /tmp/resolv.dnsmasq

_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Sun Jul 23, 2017 11:04    Post subject: Reply with quote
I created following custom.sh script:

Code:
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
stopservice dnsmasq -f
dnsmasq --conf-file=/tmp/dnsmasq.conf
cat /tmp/resolv.dnsmasq > /tmp/resolv.dnsmasq_isp
env | grep 'dhcp-option DNS' | awk '{ print "nameserver " $3 }' > /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp >> /tmp/resolv.dnsmasq


and I added this line to end of startup script:

cp -afRv /tmp/custom.sh /tmp/openvpncl/route-up.sh

Looks like problem fixed but I am testing. What my code makes:

I modified route-up.sh file after it was created by the system. I changed how dnsmasq service start with this line:

dnsmasq --conf-file=/tmp/dnsmasq.conf
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549
PostPosted: Thu Jul 27, 2017 19:09    Post subject: Reply with quote
Hi,

Sorry for not responding. Admittedly, your setup does seem quite bespoke, so its difficult to know where the issue is.

You'll want to potentially investigate why the VPN tunnel is not stable and keeps dropping. Adding higher verb logging on OpenVPN might reveal more clues, if its still not resolved.
_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Back to top View user's profile Send private message Visit poster's website
mkaand
DD-WRT User


Joined: 06 Jan 2008
Posts: 307
Location: Istanbul
PostPosted: Thu Jul 27, 2017 19:22    Post subject: Reply with quote
James2k wrote:
Hi,

Sorry for not responding. Admittedly, your setup does seem quite bespoke, so its difficult to know where the issue is.

You'll want to potentially investigate why the VPN tunnel is not stable and keeps dropping. Adding higher verb logging on OpenVPN might reveal more clues, if its still not resolved.


My connection drops and after restoration access problem for pandora and wiki still continue. Could you help me? How to I can investigate it? How to make higher verb logging? Thanks.
_________________
Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top View user's profile Send private message Visit poster's website
Goto page Previous  1, 2, 3, 4  Next Display posts from previous:    Page 2 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum