Custom firmware build for R9000

[farenheit]

Hi Voxel

I have tried every combination to get my VPN working but i have had no luck whatsoever.

I cannot connect with it enabled. I have all certificates in openvpn-client directory in root of usb containing 4 files:

auth.txt, ca.rsa.2048.crt, crl.rsa.2048.pem and manchester.ovpn.

I have followed the guide here:

https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r900...

Please advise?

 

[kamoj]

Hi Voxel
I have tried every combination to get my VPN working but i have had no luck whatsoever.
I cannot connect with it enabled. I have all certificates in openvpn-client directory in root of usb containing 4 files:
auth.txt, ca.rsa.2048.crt, crl.rsa.2048.pem and manchester.ovpn.
I have followed the guide here:
https://www.myopenrouter.com/article/how-set-openvpn-client-netgear-r900...
Please advise?

Check the openvpn-client log file by logging in to the router with telnet or ssh, and then using the command:
cat /var/log/openvpn-client.log

 

[farenheit]

How would I log in via telnet?
I’ve enabled it in the debug page.
Also how do I delete all the openvpn files on the router to start again? (Just to be sure!)

 

[kamoj]

How would I log in via telnet?

- Install the telnet program on your computer.
For Windows 10, do like this:
Hold down the Windows Key, then press “R“.
The Run dialog box appears. In the Open: window, type:
pkgmgr /iu:”TelnetClient”
Click OK.

- Enable Telnet access to the router:
Login to the router page, http://routerlogin.net/debug.htm
Check the box for: Enable Telnet

- Login to the router:
Open a command prompt (Windows 10):
The Run dialog box appears. In the Open: window, type:
cmd
Click OK.
In the opened DOS-command window, type:
telnet routerlogin.net
(The password is the same as from the normal router login page)

Also how do I delete all the openvpn files on the router to start again? (Just to be sure!)

Place/Create a file named "disable" in the USB directory: /openvpn-client/
Remove the USB-device and insert it again after some time (or reboot and insert the USB-device).
To install openvpn-client, again just remove/rename the disable file.

 

[farenheit]

Thanks
I currently have the disable file on the usb which is in the router. That’s finally made everything work as normal.
Do I remove it or leave it in there?
Ta

 

[farenheit]

After telnet'ing in to the router and typing the command: cat /var/log/openvpn-client.log
i get No such file or directory
do i need to try and activate it again and run the command?

 

[farenheit]

This is the log:

root@R9000:/$
root@R9000:/$ cat /var/log/openvpn-client.log
Tue May  1 02:00:06 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZ
O] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue May  1 02:00:06 2018 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
Tue May  1 02:00:06 2018 NOTE: the current --script-security setting may allow t
his configuration to call user-defined scripts
Tue May  1 02:00:06 2018 TCP/UDP: Preserving recently used remote address: [AF_I
NET]89.238.139.6:1198
Tue May  1 02:00:06 2018 UDP link local: (not bound)
Tue May  1 02:00:06 2018 UDP link remote: [AF_INET]89.238.139.6:1198
Tue May  1 02:00:06 2018 WARNING: this configuration may cache passwords in memo
ry -- use the auth-nocache option to prevent this
Tue May  1 02:00:07 2018 [3dea0748400ae2aed9307c2b0d6af8e2] Peer Connection Init
iated with [AF_INET]89.238.139.6:1198
Tue May  1 02:00:08 2018 TUN/TAP device tun0 opened
Tue May  1 02:00:08 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue May  1 02:00:08 2018 /sbin/ifconfig tun0 10.79.10.6 pointopoint 10.79.10.5 m
tu 1500
Tue May  1 02:00:08 2018 /etc/openvpn/ovpnclient-up.sh tun0 1500 1558 10.79.10.6
 10.79.10.5 init
Tue May  1 02:00:08 2018 Initialization Sequence Completed
root@R9000:/$
root@R9000:/$

How do i edit the router date/time?
*edit* the date and time on the actual router under ntp settings is correct so cant understand why the log above has Tue May 1???

 

[kamoj]

The log looks good!
Check your ip at eg: https://checkmyip.com/

This is the log:

root@R9000:/$
root@R9000:/$ cat /var/log/openvpn-client.log
Tue May  1 02:00:06 2018 OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZ
.
.
Tue May  1 02:00:08 2018 Initialization Sequence Completed
root@R9000:/$
root@R9000:/$

How do i edit the router date/time?

Set time example:
date -s "080122492017" && date
gives: Tue Aug 1 22:49:00 GMT 2017

PS
To make the openvpn-client wait for time sync you can add to "/etc/init.d/openvpn-client" the following line, after "START=99":

while [ ! -e /tmp/ntp_updated ] && [ $(grep -c "\[Time synchronized with NTP server]" /var/log/log-message) -lt 1 ]; do sleep 1; done

 

[kamoj]

*edit* the date and time on the actual router under ntp settings is correct so cant understand why the log above has Tue May 1???

It takes some time (4-14 seconds for me) to get time synced after boot, and the openvpn-client is started before that.

 

[farenheit]

I cant check ip or anything as i cannot connect to the internet
Also your last post regarding date/time went way over my head
Not sure what i am suppose to do, if log looks good why can i not access the internet?
Do i need to change my DNS settings?

 

[kamoj]

I cant check ip or anything as i cannot connect to the internet
Also your last post regarding date/time went way over my head
Not sure what i am suppose to do, if log looks good why can i not access the internet?
Do i need to change my DNS settings?

Keep DNS the same as working before you add vpn.

To see if the openvpn-client is running:

ps -w | grep -v grep | grep vpn

PS
(The date string is not so complicated if you look closer...
"080122492017" is "month day hours minutes year")

 

[farenheit]

To see if the openvpn-client is running:

ps -w | grep -v grep | grep vpn

Do i enter this at the Telnet prompt?

PS
(The date string is not so complicated if you look closer...
"080122492017" is "month day hours minutes year")

Where do i enter this and is this really necessary?

 

[kamoj]

Do i enter this at the Telnet prompt?

After you have logged in, "yes". (Then it's not a telnet prompt, rather a prompt from an operating system shell ...)

Where do i enter this and is this really necessary?

No, that date/time from last year was just an example. You actually asked how to do!

To not clutter this topic/thread you may want to start a new topic about your problem.

 

[Voxel]

I cant check ip or anything as i cannot connect to the internet
Also your last post regarding date/time went way over my head
Not sure what i am suppose to do, if log looks good why can i not access the internet?
Do i need to change my DNS settings?

For me it is really looks as a problem in DNS because of log is OK. Just try to run from telnet or from your Windows client's command prompt (Run->cmd), i.e. from Windows PC attached to router the following command:

ping 8.8.8.8

If it is OK then problem is really DNS. So (temporary) try to use Google DNS in your settings of router (8.8.8.8 and 8.8.4.4).

Problem with proper time setting could be because of the same DNS, router fails to resolve NTP server addresses.

If it helps, consider to use dnscrypt-proxy for security (as a next step).

Voxel.

 

[farenheit]

For me it is really looks as a problem in DNS because of log is OK. Just try to run from telnet or from your Windows client's command prompt (Run->cmd), i.e. from Windows PC attached to router the following command:

ping 8.8.8.8

If it is OK then problem is really DNS. So (temporary) try to use Google DNS in your settings of router (8.8.8.8 and 8.8.4.4).

Problem with proper time setting could be because of the same DNS, router fails to resolve NTP server addresses.

If it helps, consider to use dnscrypt-proxy for security (as a next step).

Voxel.

Thanks, I will try this when I get back home later today (after work)
What I failed to mention is that I have the dnscrypt file on the root of the usb.
I wonder if that’s causing the problem??
If I remove that from the usb will it automatically remove it from the router file system?
Thanks

 

[Voxel]

What I failed to mention is that I have the dnscrypt file on the root of the usb.
I wonder if that’s causing the problem??

No. It is not copied automatically from USB.

Your dnscrypt.conf will work if you have it in /etc directory. To stop its using it is enough to remove this conf and reboot your router (from telnet console):

rm -f /etc/dnscrypt.conf
reboot

Voxel.

 

[farenheit]

Ok I removed the dnscrypt.conf and tried again.
This is the outcome:

root@R9000:/$
root@R9000:/$ ps -w | grep -v grep | grep vpn
10002 root       1960 S   /usr/sbin/openvpn --fast-io --sndbuf 393216 --rcvbuf 3
93216 --tun-mtu 1500 --mssfix 1460 --writepid /var/r
12318 root       1960 S   /usr/sbin/openvpn --fast-io --sndbuf 393216 --rcvbuf 3
93216 --tun-mtu 1500 --mssfix 1460 --writepid /var/r
root@R9000:/$
root@R9000:/$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

it just sits on the ping.
I'm out of ideas

 

[kamoj]

Ok I removed the dnscrypt.conf and tried again.
This is the outcome:

root@R9000:/$
root@R9000:/$ ps -w | grep -v grep | grep vpn
10002 root       1960 S   /usr/sbin/openvpn --fast-io --sndbuf 393216 --rcvbuf 3
93216 --tun-mtu 1500 --mssfix 1460 --writepid /var/r
12318 root       1960 S   /usr/sbin/openvpn --fast-io --sndbuf 393216 --rcvbuf 3
93216 --tun-mtu 1500 --mssfix 1460 --writepid /var/r
root@R9000:/$
root@R9000:/$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

it just sits on the ping.
I'm out of ideas

Thank you for good co-operation and feedback!

One problem is that you are running 2 clients at the same time...
I have seen this many times. I reported it to Voxel long time ago. ;-)

It's a "feature" that may happen if you have the USB with /openvpn-client/ connected to the router.

Remove the USB or rename the openvpn-client directory on the USB.

 

[farenheit]

Thanks
Ive removed the USB, how would i start the client without USB
I'm guessing its the following:

/etc/init.d/openvpn-client start

 

[farenheit]

Thank you for good co-operation and feedback!

One problem is that you are running 2 clients at the same time...
I have seen this many times. I reported it to Voxel long time ago. ;-)

It's a "feature" that may happen if you have the USB with /openvpn-client/ connected to the router.

Remove the USB or rename the openvpn-client directory on the USB.

Thanks this fixed it.
I removed the usb while i had vpn running and rebooted.