OpenVPN Server | Help needed

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
s1mf3r
DD-WRT Novice


Joined: 29 Mar 2017
Posts: 26

PostPosted: Tue Aug 01, 2017 8:58    Post subject: OpenVPN Server | Help needed Reply with quote
Hello Smile

I am trying to get OpenVPN Server working on latest Kong Firmware, but I am having some troubles - mostly due to way to many outdated tutorials each showing other settings/parameters.

My Details:
Model: R9000
Firmware: DD-WRT v3.0-r32170M kongal (06/02/17)
DDNS: no-ip.com confirmed working an pointing to my router

My Goal:
1. Connect to my Home Network using TUN (since Android and iPhone dont like TAP)
2. Ping/Communicate with all my devices on my home network (NAS/some Raspberry Pis/etc)
3. Reach the WAN when connected to my VPN

After reading many tutorials/howtos and a lot of outdated information I came here to ask for help. I'm trying to be as detailed as possible so plz bear with me Smile

Here is what I have set up so far:

1. Screenshot of "Network Setup":

Screenshot of "OpenVPN Server/Daemon"



2. Screenshot of OpenVPN DDWRT Status:


3. Screenshot from OpenVPN for Android on my Phone:


4. My Client Config file:
Code:
client
dev tun
proto udp
remote myddns.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC

float
comp-lzo adaptive
tun-mtu 1500
verb 4
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>



Connecting to the VPN works fine it seems (tested using my mobile phone with Android).

I can even ping my router (10.10.0.1) but I have no WAN access.
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Aug 01, 2017 13:38    Post subject: Reply with quote
TRY -
Services Page in Additional DNSMasq Options put in
Code:
interface=tun2


Administration / Commands ... Save as Firewall
Code:
iptables -t nat -A POSTROUTING -s 10.10.88.0/24 -j MASQUERADE


Services / VPN ... OpenVPN Server/Daemon --- Additional Config
Code:
push "route 10.10.0.1 255.255.255.0"
push "dhcp-option DNS 10.10.0.1"


Also Enable Tunnel UDP MSS-Fix .. some clients you can enable this feature
but not sure about OpenVPN Connect ... better to enable on server then not worry
about it anywhere else ---- NOTE: it should only be enabled on Server or the Client -- not both.

To access Windows shares you will have to open Firewall on the winders box to allow 10.10.88.0/24
see >>> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1075023#1075023
s1mf3r
DD-WRT Novice


Joined: 29 Mar 2017
Posts: 26

PostPosted: Tue Aug 01, 2017 14:47    Post subject: Reply with quote
mrjcd wrote:
TRY -
Services Page in Additional DNSMasq Options put in
Code:
interface=tun2


Administration / Commands ... Save as Firewall
Code:
iptables -t nat -A POSTROUTING -s 10.10.88.0/24 -j MASQUERADE


Services / VPN ... OpenVPN Server/Daemon --- Additional Config
Code:
push "route 10.10.0.1 255.255.255.0"
push "dhcp-option DNS 10.10.0.1"


Also Enable Tunnel UDP MSS-Fix .. some clients you can enable this feature
but not sure about OpenVPN Connect ... better to enable on server then not worry
about it anywhere else ---- NOTE: it should only be enabled on Server or the Client -- not both.

To access Windows shares you will have to open Firewall on the winders box to allow 10.10.88.0/24
see >>> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1075023#1075023


You are my hero!
After a quick test it seems everything is working now as expected!
Thank you for your help!! Sadly there is so much outdated or incomplete information out there.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Tue Aug 01, 2017 15:01    Post subject: Reply with quote
s1mf3r wrote:
mrjcd wrote:
TRY -
Services Page in Additional DNSMasq Options put in
Code:
interface=tun2


Administration / Commands ... Save as Firewall
Code:
iptables -t nat -A POSTROUTING -s 10.10.88.0/24 -j MASQUERADE


Services / VPN ... OpenVPN Server/Daemon --- Additional Config
Code:
push "route 10.10.0.1 255.255.255.0"
push "dhcp-option DNS 10.10.0.1"


Also Enable Tunnel UDP MSS-Fix .. some clients you can enable this feature
but not sure about OpenVPN Connect ... better to enable on server then not worry
about it anywhere else ---- NOTE: it should only be enabled on Server or the Client -- not both.

To access Windows shares you will have to open Firewall on the winders box to allow 10.10.88.0/24
see >>> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1075023#1075023


You are my hero!
After a quick test it seems everything is working now as expected!
Thank you for your help!! Sadly there is so much outdated or incomplete information out there.

Glad you got it sorted --
Yea, we need a real Hero to write up a bunch of new stuff in the wiki --- new to builds of this year.
But unfortunate as it is most have real jobs that must be tended to from time to time Smile
s1mf3r
DD-WRT Novice


Joined: 29 Mar 2017
Posts: 26

PostPosted: Thu Aug 03, 2017 18:49    Post subject: Reply with quote
Sadly I have to ask for help again Embarassed
The VPN thing is now working properly, thank you again!

But now the Guest Wifi I have set up has no WAN access though.

I have used the guide at https://www.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners (I didnt set any QOS) and I can confirm that the guest network worked before I messed with the whole VPN Server stuff..

You can connect fine to the Guest Network and the GUI even shows that the client is connected, but I have no WAN access.

Virtual Interfaces ath1.1 on 2.4GHz


Network Configuration ath1.1


DHCPD
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Thu Aug 03, 2017 19:39    Post subject: Reply with quote
Disable Forced DNS Redirection on ath1.1
You can do it in networking or in wireless settings.
Might have to reboot.

That feature usually will not work if you have Forced DNS Redirection enabled on main setup page.....even though looks like you are using one of same DNS servers.
Enabled on main setup usually will catch everything and force to set DNS but it this case I have seen it be a conflict if also set on a VAP.

If that don't work you may have to ask in the r9000 thread in atheros forum.

Also if you are using DNSCrypt it may break DNS on the VAP...just seen that on the EA8500 with Kong new build.
good luck
s1mf3r
DD-WRT Novice


Joined: 29 Mar 2017
Posts: 26

PostPosted: Thu Aug 03, 2017 21:33    Post subject: Reply with quote
mrjcd wrote:
Disable Forced DNS Redirection on ath1.1
You can do it in networking or in wireless settings.
Might have to reboot.

That feature usually will not work if you have Forced DNS Redirection enabled on main setup page.....even though looks like you are using one of same DNS servers.
Enabled on main setup usually will catch everything and force to set DNS but it this case I have seen it be a conflict if also set on a VAP.

If that don't work you may have to ask in the r9000 thread in atheros forum.

Also if you are using DNSCrypt it may break DNS on the VAP...just seen that on the EA8500 with Kong new build.
good luck


Thank you again!
After I disabled "Force DNS Redirection" it works now.
I will also try to use a complete different DNS server there and see if this is the problem.
Thank you for all your help. Much appreciated!
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Thu Aug 03, 2017 21:53    Post subject: Reply with quote
s1mf3r wrote:
mrjcd wrote:
Disable Forced DNS Redirection on ath1.1
You can do it in networking or in wireless settings.
Might have to reboot.

That feature usually will not work if you have Forced DNS Redirection enabled on main setup page.....even though looks like you are using one of same DNS servers.
Enabled on main setup usually will catch everything and force to set DNS but it this case I have seen it be a conflict if also set on a VAP.

If that don't work you may have to ask in the r9000 thread in atheros forum.

Also if you are using DNSCrypt it may break DNS on the VAP...just seen that on the EA8500 with Kong new build.
good luck


Thank you again!
After I disabled "Force DNS Redirection" it works now.
I will also try to use a complete different DNS server there and see if this is the problem.
Thank you for all your help. Much appreciated!

You will probably have to turn off 'Forced DNS Redirection' on main setup page.
This shouldn't be a problem since you should control everything connected to the main subnet.
Now with that off the 'Forced DNS Redirection' should work enabled on ath1.1 or any other VAP.
example -- you could use OpenDNS Family Shield DNS on ath1.1 if you wanted to restrict people from going where they shouldn't ... e.g. kids Smile .. only give out PW to the VAP network.
anthonywkho
DD-WRT Novice


Joined: 15 Mar 2015
Posts: 12

PostPosted: Thu Aug 10, 2017 5:46    Post subject: OpenVPN server problem Reply with quote
HI i followed the setting you posted but still cannot connect and log below

Thu Aug 10 13:41:47 2017 us=743988 Current Parameter Settings:
Thu Aug 10 13:41:47 2017 us=745489 config = 'SampleClient2new.ovpn'
Thu Aug 10 13:41:47 2017 us=745489 mode = 0
Thu Aug 10 13:41:47 2017 us=745489 show_ciphers = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 show_digests = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 show_engines = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 genkey = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 key_pass_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745489 show_tls_ciphers = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 connect_retry_max = 0
Thu Aug 10 13:41:47 2017 us=745489 Connection profiles [0]:
Thu Aug 10 13:41:47 2017 us=745489 proto = udp
Thu Aug 10 13:41:47 2017 us=745489 local = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745489 local_port = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745489 remote = 'anthonywkho.ddns.net'
Thu Aug 10 13:41:47 2017 us=745489 remote_port = '1194'
Thu Aug 10 13:41:47 2017 us=745489 remote_float = ENABLED
Thu Aug 10 13:41:47 2017 us=745489 bind_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 bind_local = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 bind_ipv6_only = DISABLED
Thu Aug 10 13:41:47 2017 us=745489 connect_retry_seconds = 5
Thu Aug 10 13:41:47 2017 us=745489 connect_timeout = 120
Thu Aug 10 13:41:47 2017 us=745489 socks_proxy_server = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 socks_proxy_port = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 tun_mtu = 1500
Thu Aug 10 13:41:47 2017 us=745989 tun_mtu_defined = ENABLED
Thu Aug 10 13:41:47 2017 us=745989 link_mtu = 1500
Thu Aug 10 13:41:47 2017 us=745989 link_mtu_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 tun_mtu_extra = 0
Thu Aug 10 13:41:47 2017 us=745989 tun_mtu_extra_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 mtu_discover_type = -1
Thu Aug 10 13:41:47 2017 us=745989 fragment = 0
Thu Aug 10 13:41:47 2017 us=745989 mssfix = 1450
Thu Aug 10 13:41:47 2017 us=745989 explicit_exit_notification = 0
Thu Aug 10 13:41:47 2017 us=745989 Connection profiles END
Thu Aug 10 13:41:47 2017 us=745989 remote_random = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 ipchange = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 dev = 'tun'
Thu Aug 10 13:41:47 2017 us=745989 dev_type = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 dev_node = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 lladdr = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 topology = 1
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_local = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_remote_netmask = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_noexec = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_nowarn = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_ipv6_local = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_ipv6_netbits = 0
Thu Aug 10 13:41:47 2017 us=745989 ifconfig_ipv6_remote = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=745989 shaper = 0
Thu Aug 10 13:41:47 2017 us=745989 mtu_test = 0
Thu Aug 10 13:41:47 2017 us=745989 mlock = DISABLED
Thu Aug 10 13:41:47 2017 us=745989 keepalive_ping = 0
Thu Aug 10 13:41:47 2017 us=745989 keepalive_timeout = 0
Thu Aug 10 13:41:47 2017 us=745989 inactivity_timeout = 0
Thu Aug 10 13:41:47 2017 us=745989 ping_send_timeout = 0
Thu Aug 10 13:41:47 2017 us=745989 ping_rec_timeout = 0
Thu Aug 10 13:41:47 2017 us=746489 ping_rec_timeout_action = 0
Thu Aug 10 13:41:47 2017 us=746489 ping_timer_remote = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 remap_sigusr1 = 0
Thu Aug 10 13:41:47 2017 us=746489 persist_tun = ENABLED
Thu Aug 10 13:41:47 2017 us=746489 persist_local_ip = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 persist_remote_ip = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 persist_key = ENABLED
Thu Aug 10 13:41:47 2017 us=746489 passtos = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 resolve_retry_seconds = 1000000000
Thu Aug 10 13:41:47 2017 us=746489 resolve_in_advance = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 username = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 groupname = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 chroot_dir = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 cd_dir = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 writepid = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 up_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 down_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746489 down_pre = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 up_restart = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 up_delay = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 daemon = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 inetd = 0
Thu Aug 10 13:41:47 2017 us=746489 log = ENABLED
Thu Aug 10 13:41:47 2017 us=746489 suppress_timestamps = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 machine_readable_output = DISABLED
Thu Aug 10 13:41:47 2017 us=746489 nice = 0
Thu Aug 10 13:41:47 2017 us=746489 verbosity = 4
Thu Aug 10 13:41:47 2017 us=746489 mute = 0
Thu Aug 10 13:41:47 2017 us=746489 gremlin = 0
Thu Aug 10 13:41:47 2017 us=746489 status_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 status_file_version = 1
Thu Aug 10 13:41:47 2017 us=746990 status_file_update_freq = 60
Thu Aug 10 13:41:47 2017 us=746990 occ = ENABLED
Thu Aug 10 13:41:47 2017 us=746990 rcvbuf = 0
Thu Aug 10 13:41:47 2017 us=746990 sndbuf = 0
Thu Aug 10 13:41:47 2017 us=746990 sockflags = 0
Thu Aug 10 13:41:47 2017 us=746990 fast_io = DISABLED
Thu Aug 10 13:41:47 2017 us=746990 comp.alg = 2
Thu Aug 10 13:41:47 2017 us=746990 comp.flags = 1
Thu Aug 10 13:41:47 2017 us=746990 route_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 route_default_gateway = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 route_default_metric = 0
Thu Aug 10 13:41:47 2017 us=746990 route_noexec = DISABLED
Thu Aug 10 13:41:47 2017 us=746990 route_delay = 5
Thu Aug 10 13:41:47 2017 us=746990 route_delay_window = 30
Thu Aug 10 13:41:47 2017 us=746990 route_delay_defined = ENABLED
Thu Aug 10 13:41:47 2017 us=746990 route_nopull = DISABLED
Thu Aug 10 13:41:47 2017 us=746990 route_gateway_via_dhcp = DISABLED
Thu Aug 10 13:41:47 2017 us=746990 allow_pull_fqdn = DISABLED
Thu Aug 10 13:41:47 2017 us=746990 management_addr = '127.0.0.1'
Thu Aug 10 13:41:47 2017 us=746990 management_port = '25343'
Thu Aug 10 13:41:47 2017 us=746990 management_user_pass = 'stdin'
Thu Aug 10 13:41:47 2017 us=746990 management_log_history_cache = 250
Thu Aug 10 13:41:47 2017 us=746990 management_echo_buffer_size = 100
Thu Aug 10 13:41:47 2017 us=746990 management_write_peer_info_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 management_client_user = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 management_client_group = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 management_flags = 6
Thu Aug 10 13:41:47 2017 us=746990 shared_secret_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=746990 key_direction = 0
Thu Aug 10 13:41:47 2017 us=746990 ciphername = 'AES-256-CBC'
Thu Aug 10 13:41:47 2017 us=746990 ncp_enabled = ENABLED
Thu Aug 10 13:41:47 2017 us=746990 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Aug 10 13:41:47 2017 us=747490 authname = 'SHA1'
Thu Aug 10 13:41:47 2017 us=747490 prng_hash = 'SHA1'
Thu Aug 10 13:41:47 2017 us=747490 prng_nonce_secret_len = 16
Thu Aug 10 13:41:47 2017 us=747490 keysize = 0
Thu Aug 10 13:41:47 2017 us=747490 engine = DISABLED
Thu Aug 10 13:41:47 2017 us=747490 replay = ENABLED
Thu Aug 10 13:41:47 2017 us=747490 mute_replay_warnings = DISABLED
Thu Aug 10 13:41:47 2017 us=747490 replay_window = 64
Thu Aug 10 13:41:47 2017 us=747490 replay_time = 15
Thu Aug 10 13:41:47 2017 us=747490 packet_id_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 use_iv = ENABLED
Thu Aug 10 13:41:47 2017 us=747490 test_crypto = DISABLED
Thu Aug 10 13:41:47 2017 us=747490 tls_server = DISABLED
Thu Aug 10 13:41:47 2017 us=747490 tls_client = ENABLED
Thu Aug 10 13:41:47 2017 us=747490 key_method = 2
Thu Aug 10 13:41:47 2017 us=747490 ca_file = '[[INLINE]]'
Thu Aug 10 13:41:47 2017 us=747490 ca_path = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 dh_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 cert_file = '[[INLINE]]'
Thu Aug 10 13:41:47 2017 us=747490 extra_certs_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 priv_key_file = '[[INLINE]]'
Thu Aug 10 13:41:47 2017 us=747490 pkcs12_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 cryptoapi_cert = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 cipher_list = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 tls_verify = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 tls_export_cert = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 verify_x509_type = 0
Thu Aug 10 13:41:47 2017 us=747490 verify_x509_name = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 crl_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747490 ns_cert_type = 1
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747490 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_ku[i] = 0
Thu Aug 10 13:41:47 2017 us=747991 remote_cert_eku = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747991 ssl_flags = 0
Thu Aug 10 13:41:47 2017 us=747991 tls_timeout = 2
Thu Aug 10 13:41:47 2017 us=747991 renegotiate_bytes = -1
Thu Aug 10 13:41:47 2017 us=747991 renegotiate_packets = 0
Thu Aug 10 13:41:47 2017 us=747991 renegotiate_seconds = 3600
Thu Aug 10 13:41:47 2017 us=747991 handshake_window = 60
Thu Aug 10 13:41:47 2017 us=747991 transition_window = 3600
Thu Aug 10 13:41:47 2017 us=747991 single_session = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 push_peer_info = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 tls_exit = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 tls_auth_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747991 tls_crypt_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=747991 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_protected_authentication = DISABLED
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_private_mode = 00000000
Thu Aug 10 13:41:47 2017 us=748491 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=748992 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_cert_private = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_pin_cache_period = -1
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_id = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749492 pkcs11_id_management = DISABLED
Thu Aug 10 13:41:47 2017 us=749492 server_network = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749492 server_netmask = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749492 server_network_ipv6 = ::
Thu Aug 10 13:41:47 2017 us=749492 server_netbits_ipv6 = 0
Thu Aug 10 13:41:47 2017 us=749492 server_bridge_ip = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749492 server_bridge_netmask = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749492 server_bridge_pool_start = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 server_bridge_pool_end = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_start = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_end = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_netmask = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_pool_persist_refresh_freq = 600
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_ipv6_pool_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_ipv6_pool_base = ::
Thu Aug 10 13:41:47 2017 us=749993 ifconfig_ipv6_pool_netbits = 0
Thu Aug 10 13:41:47 2017 us=749993 n_bcast_buf = 256
Thu Aug 10 13:41:47 2017 us=749993 tcp_queue_limit = 64
Thu Aug 10 13:41:47 2017 us=749993 real_hash_size = 256
Thu Aug 10 13:41:47 2017 us=749993 virtual_hash_size = 256
Thu Aug 10 13:41:47 2017 us=749993 client_connect_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749993 learn_address_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749993 client_disconnect_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749993 client_config_dir = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=749993 ccd_exclusive = DISABLED
Thu Aug 10 13:41:47 2017 us=749993 tmp_dir = 'C:\Users\chatt\AppData\Local\Temp\'
Thu Aug 10 13:41:47 2017 us=749993 push_ifconfig_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=749993 push_ifconfig_local = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 push_ifconfig_remote_netmask = 0.0.0.0
Thu Aug 10 13:41:47 2017 us=749993 push_ifconfig_ipv6_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 push_ifconfig_ipv6_local = ::/0
Thu Aug 10 13:41:47 2017 us=750493 push_ifconfig_ipv6_remote = ::
Thu Aug 10 13:41:47 2017 us=750493 enable_c2c = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 duplicate_cn = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 cf_max = 0
Thu Aug 10 13:41:47 2017 us=750493 cf_per = 0
Thu Aug 10 13:41:47 2017 us=750493 max_clients = 1024
Thu Aug 10 13:41:47 2017 us=750493 max_routes_per_client = 256
Thu Aug 10 13:41:47 2017 us=750493 auth_user_pass_verify_script = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=750493 auth_user_pass_verify_script_via_file = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 auth_token_generate = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 auth_token_lifetime = 0
Thu Aug 10 13:41:47 2017 us=750493 client = ENABLED
Thu Aug 10 13:41:47 2017 us=750493 pull = ENABLED
Thu Aug 10 13:41:47 2017 us=750493 auth_user_pass_file = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=750493 show_net_up = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 route_method = 3
Thu Aug 10 13:41:47 2017 us=750493 block_outside_dns = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 ip_win32_defined = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 ip_win32_type = 3
Thu Aug 10 13:41:47 2017 us=750493 dhcp_masq_offset = 0
Thu Aug 10 13:41:47 2017 us=750493 dhcp_lease_time = 31536000
Thu Aug 10 13:41:47 2017 us=750493 tap_sleep = 0
Thu Aug 10 13:41:47 2017 us=750493 dhcp_options = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 dhcp_renew = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 dhcp_pre_release = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 domain = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=750493 netbios_scope = '[UNDEF]'
Thu Aug 10 13:41:47 2017 us=750493 netbios_node_type = 0
Thu Aug 10 13:41:47 2017 us=750493 disable_nbt = DISABLED
Thu Aug 10 13:41:47 2017 us=750493 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Thu Aug 10 13:41:47 2017 us=750493 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 10 13:41:47 2017 us=750994 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Aug 10 13:41:47 2017 us=751994 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
Thu Aug 10 13:41:47 2017 us=751994 Need hold release from management interface, waiting...
Thu Aug 10 13:41:48 2017 us=177878 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
Thu Aug 10 13:41:48 2017 us=278469 MANAGEMENT: CMD 'state on'
Thu Aug 10 13:41:48 2017 us=278469 MANAGEMENT: CMD 'log all on'
Thu Aug 10 13:41:48 2017 us=519684 MANAGEMENT: CMD 'echo all on'
Thu Aug 10 13:41:48 2017 us=522687 MANAGEMENT: CMD 'hold off'
Thu Aug 10 13:41:48 2017 us=525690 MANAGEMENT: CMD 'hold release'
Thu Aug 10 13:41:48 2017 us=525690 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Aug 10 13:41:48 2017 us=833969 LZO compression initializing
Thu Aug 10 13:41:48 2017 us=833969 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Aug 10 13:41:48 2017 us=834467 MANAGEMENT: >STATE:1502343708,RESOLVE,,,,,,
Thu Aug 10 13:41:49 2017 us=34649 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Aug 10 13:41:49 2017 us=34649 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Aug 10 13:41:49 2017 us=34649 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Aug 10 13:41:49 2017 us=34649 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Thu Aug 10 13:41:49 2017 us=35149 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 10 13:41:49 2017 us=35149 UDP link local: (not bound)
Thu Aug 10 13:41:49 2017 us=35149 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Thu Aug 10 13:41:49 2017 us=35149 MANAGEMENT: >STATE:1502343709,WAIT,,,,,,
Thu Aug 10 13:42:49 2017 us=214048 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Aug 10 13:42:49 2017 us=214048 TLS Error: TLS handshake failed
Thu Aug 10 13:42:49 2017 us=214554 TCP/UDP: Closing socket
Thu Aug 10 13:42:49 2017 us=214554 SIGUSR1[soft,tls-error] received, process restarting
Thu Aug 10 13:42:49 2017 us=214554 MANAGEMENT: >STATE:1502343769,RECONNECTING,tls-error,,,,,
Thu Aug 10 13:42:49 2017 us=214554 Restart pause, 5 second(s)
Thu Aug 10 13:42:54 2017 us=217049 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Aug 10 13:42:54 2017 us=217049 Re-using SSL/TLS context
Thu Aug 10 13:42:54 2017 us=217049 LZO compression initializing
Thu Aug 10 13:42:54 2017 us=217049 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Aug 10 13:42:54 2017 us=217506 MANAGEMENT: >STATE:1502343774,RESOLVE,,,,,,
Thu Aug 10 13:42:54 2017 us=296074 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Aug 10 13:42:54 2017 us=296074 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Aug 10 13:42:54 2017 us=296074 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Aug 10 13:42:54 2017 us=296074 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194
Thu Aug 10 13:42:54 2017 us=296575 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 10 13:42:54 2017 us=296575 UDP link local: (not bound)
Thu Aug 10 13:42:54 2017 us=296575 UDP link remote: [AF_INET]xx.xx.xx.xx:1194
Thu Aug 10 13:42:54 2017 us=296575 MANAGEMENT: >STATE:1502343774,WAIT,,,,,,
Thu Aug 10 13:42:55 2017 us=258439 TCP/UDP: Closing socket
Thu Aug 10 13:42:55 2017 us=258439 SIGTERM[hard,] received, process exiting
Thu Aug 10 13:42:55 2017 us=258439 MANAGEMENT: >STATE:1502343775,EXITING,SIGTERM,,,,,


Thanks for your help.
Xeon2k8
DD-WRT Guru


Joined: 11 Feb 2016
Posts: 1288

PostPosted: Sun Aug 13, 2017 11:11    Post subject: Re: OpenVPN server problem Reply with quote
anthonywkho wrote:

Thu Aug 10 13:41:47 2017 us=745489 remote = 'anthonywkho.ddns.net'

This gives no reply pinging to it

_________________
R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS)
R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS)
R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS)
R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum