In your OpenVPN config set verb 5 (default is 3) this will increase the log messages and verbosity of various events. You essentially need to capture the logs when the VPN tunnel drops, to understand what happened leading up to it. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Just bold letters we added thru config window. Can I add verb 5 in config window? I guess if I added it will add two verbs. One comes from service directly. Is it problem? _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Yeah the default is verb 3, you should be able to override it by adding it to additional config. As it appears later in the config the verb 5 value should override.
OpenVPN status page will confirm the log level set. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
I added verb 5 but I dont know it is ok or not. I installed freeware ping monitor to my laptop. If no response from pandora.com IT will send me an email. So we will understand what time it gets down. But I am not make sure my logs now more detailed or not. Here is the log:
Code:
Clientlog:
20170728 00:58:45 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
20170728 00:58:45 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20170728 00:58:45 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-128-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20170728 00:58:48 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170728 00:58:48 I UDPv4 link local: (not bound)
20170728 00:58:48 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'state'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'status 2'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:48 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=d9970c6b 9513c30c
20170728 00:58:48 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170728 00:58:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:58:48 D MANAGEMENT: CMD 'log 500'
20170728 00:58:48 MANAGEMENT: Client disconnected
20170728 00:58:49 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 00:58:49 VERIFY OK: nsCertType=SERVER
20170728 00:58:49 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 00:58:49 NOTE: --mute triggered...
20170728 00:58:49 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:49 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170728 00:58:50 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170728 00:58:51 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.210 10.10.0.209'
20170728 00:58:51 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170728 00:58:51 NOTE: --mute triggered...
20170728 00:58:51 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:51 OPTIONS IMPORT: timers and/or timeouts modified
20170728 00:58:51 OPTIONS IMPORT: --ifconfig/up options modified
20170728 00:58:51 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:406 ET:0 EL:3 ]
20170728 00:58:51 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 00:58:51 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170728 00:58:51 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170728 00:58:51 NOTE: --mute triggered...
20170728 00:58:51 1 variation(s) on previous 3 message(s) suppressed by --mute
20170728 00:58:51 I TUN/TAP device tun1 opened
20170728 00:58:51 TUN/TAP TX queue length set to 100
20170728 00:58:51 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170728 00:58:51 I /sbin/ifconfig tun1 10.10.0.210 pointopoint 10.10.0.209 mtu 1500
20170728 00:58:51 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.209
20170728 00:58:51 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.209
20170728 00:58:51 I Initialization Sequence Completed
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'state'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'status 2'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 00:59:02 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 00:59:02 D MANAGEMENT: CMD 'log 500'
20170728 00:59:02 MANAGEMENT: Client disconnected
20170728 01:03:49 TLS: soft reset sec=0 bytes=165470/-1 pkts=1423/0
20170728 01:03:50 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170728 01:03:50 VERIFY OK: nsCertType=SERVER
20170728 01:03:50 NOTE: --mute triggered...
20170728 01:06:41 6 variation(s) on previous 3 message(s) suppressed by --mute
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'state'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'status 2'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:06:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:06:41 D MANAGEMENT: CMD 'log 500'
20170728 01:06:41 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'state'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'status 2'
20170728 01:07:40 MANAGEMENT: Client disconnected
20170728 01:07:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170728 01:07:40 D MANAGEMENT: CMD 'log 500'
19700101 03:00:00
Easiest solution, take out the verb 5 in additional config manually edit /tmp/openvpncl/openvpn.conf.
Change verb 3 to verb 5
Code:
stopservice openvpn && startservice openvpn
As long as you don't use the save/apply settings in the GUI, the setting should stick until a reboot. Should give more detailed log info for now. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
I cant do that. Because after modification stop-start the openvpb service its restores to original config. If I stop the service I got this.
root@WRT1900AC:~# stopservice openvpn
The kernel doesn't support the ebtables 'nat' table.
root@WRT1900AC:~# stopservice openvpn
root@WRT1900AC:~# startservice openvpn
First it doesnt let me stop I do it again and stops. If the openvpn service stops it deleted everyting in tmp/openvpncl folder. After start it creates automatically. _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
I have an idea about the reason of my problem. As you can see. I copied and overwrite custom.sh to route-up.sh at the startup. But if my openvpn server restarts for any reason it creates original route-up.sh file. Maybe I have to trigger copying custom.sh to route-up.sh every 30 minutes. If I have a chance to edit original gernated route-up.sh my problem will be fixed I guess. _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
I think you already give me the answer of my last post Thanks.
Edit:
But I have another question. I use this router for OpenVPN Client + OpenVPN Server. How about Server? My server works perfectly. MY garden IP Camera connects to this server. IT shouldn't be effected. Can I start OpenVPN Client Service separetly? Or they work together? _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Last edited by mkaand on Thu Jul 27, 2017 22:56; edited 1 time in total
So, I think you have a DNS setup based issue here. I think the OpenVPN tunnel is actually OK, but your DNS setup breaks, causing domains to not be resolved once it happens. The two are related but not directly linked.
I personally don't use unbound so its hard to troubleshoot it. Likewise as you have various custom scripts, your going further away from any easy support.
Maybe someone else has more experience on the forums with unbound that can help. Sorry I can't be more help. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
It is working but it needs to improve. Every hour I trigger this tester script. But I want to kill vpn-test.sh before it run at the beginning but how? _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Finally I did it James. I merged my vpnbook password updater script with vpn tester script. It a little bit complicated but it work perfectly. VPNBook updates their free vpn password every 5-8 days. I wrote a php script that check @vpnbook twitter account every hour if the password change, it updates saved password in the router. My VPN tester script pings pandora.com. If no response during 5 second it restarts openvpn service with your suggested parameters (credit goes to James2k)
Here is the my new startup script: (Only bold lines related with OpenVPN Client Service)