What's new

Help with VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

borg357

New Around Here
Well.. everything was going so good for me. Then one day, I noticed I wasn't on VPN anymore.. and I could not get back on!! No software, firmware, or anything updates.. Was running for 66 days too.

I have a ASUS RT-AC88U with asusWRT-merlin firmare 380.66_6

VPN is Ghost VPN.

Just for testing, I used the same .ovpn config, on my Mac using tunnelblick. Works great!

I've tried the beta firmware, but just went back to non beta now.

Here's the log:


Jun 29 22:56:26 openvpn[3905]: OpenVPN 2.4.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Jun 29 22:56:26 openvpn[3905]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Jun 29 22:56:26 openvpn[3906]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 29 22:56:26 openvpn[3906]: LZO compression initializing
Jun 29 22:56:26 openvpn[3906]: Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Jun 29 22:56:27 openvpn[3906]: Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
Jun 29 22:56:27 openvpn[3906]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Jun 29 22:56:27 openvpn[3906]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth MD5,keysize 256,key-method 2,tls-client'
Jun 29 22:56:27 openvpn[3906]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-256-CBC,auth MD5,keysize 256,key-method 2,tls-server'
Jun 29 22:56:27 openvpn[3906]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.45.12.212:443
Jun 29 22:56:27 openvpn[3906]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Jun 29 22:56:27 openvpn[3906]: UDP link local: (not bound)
Jun 29 22:56:27 openvpn[3906]: UDP link remote: [AF_INET]185.45.12.212:443
Jun 29 22:56:27 openvpn[3906]: TLS: Initial packet from [AF_INET]185.45.12.212:443, sid=bb9083d0 6347c307
Jun 29 22:56:27 openvpn[3906]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 29 22:56:27 openvpn[3906]: VERIFY OK: depth=1, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost Root CA, emailAddress=info@cyberghost.ro
Jun 29 22:56:27 openvpn[3906]: VERIFY KU OK
Jun 29 22:56:27 openvpn[3906]: Validating certificate extended key usage
Jun 29 22:56:27 openvpn[3906]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 29 22:56:27 openvpn[3906]: VERIFY EKU OK
Jun 29 22:56:27 openvpn[3906]: VERIFY OK: depth=0, C=RO, L=Bucharest, O=CyberGhost S.A., CN=CyberGhost VPN Server Bucharest-S03-I02, emailAddress=info@cyberghost.ro
Jun 29 22:56:28 openvpn[3906]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jun 29 22:56:28 openvpn[3906]: [CyberGhost VPN Server Bucharest-S03-I02] Peer Connection Initiated with [AF_INET]185.45.12.212:443
Jun 29 22:56:29 openvpn[3906]: SENT CONTROL [CyberGhost VPN Server Bucharest-S03-I02]: 'PUSH_REQUEST' (status=1)
Jun 29 22:56:29 openvpn[3906]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 185.156.172.178,dhcp-option DNS 185.93.180.131,dhcp-option DNS 83.143.245.42,comp-lzo yes,tun-ipv6,route 10.129.0.1,topology net30,ifconfig-ipv6 2a04:9dc0:c1:112:302:200:0:1121/112 2a04:9dc0:c1:112:302:200:0:1,ifconfig 10.129.4.138 10.129.4.137,peer-id 46,cipher AES-256-GCM'
Jun 29 22:56:29 openvpn[3906]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: compression parms modified
Jun 29 22:56:29 openvpn[3906]: LZO compression initializing
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: route options modified
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: peer-id set
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: adjusting link_mtu to 1629
Jun 29 22:56:29 openvpn[3906]: OPTIONS IMPORT: data channel crypto options modified
Jun 29 22:56:29 openvpn[3906]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 29 22:56:29 openvpn[3906]: Data Channel MTU parms [ L:1557 D:1300 EF:57 EB:407 ET:0 EL:3 ]
Jun 29 22:56:29 openvpn[3906]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 29 22:56:29 openvpn[3906]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 29 22:56:29 openvpn[3906]: GDG6: remote_host_ipv6=n/a
Jun 29 22:56:29 openvpn[3906]: TUN/TAP device tun11 opened
Jun 29 22:56:29 openvpn[3906]: TUN/TAP TX queue length set to 100
Jun 29 22:56:29 openvpn[3906]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Jun 29 22:56:29 openvpn[3906]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jun 29 22:56:29 openvpn[3906]: /usr/sbin/ip addr add dev tun11 local 10.129.4.138 peer 10.129.4.137
Jun 29 22:56:29 openvpn[3906]: /usr/sbin/ip -6 addr add 2a04:9dc0:c1:112:302:200:0:1121/112 dev tun11
Jun 29 22:56:29 openvpn[3906]: Linux ip -6 addr add failed: external program exited with error status: 2
Jun 29 22:56:29 openvpn[3906]: Exiting due to fatal error
Jun 29 23:00:05 disk_monitor: Got SIGALRM...

Not sure where too go from here.. hopefully someone can point me in the right direction.

Thank you!!

-Richard
 
Tell your router to ignore the IPv6 parameters - these do not work on the router. In your custom settings section:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
 
Tell your router to ignore the IPv6 parameters - these do not work on the router. In your custom settings section:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

Added this to the top of the custom section..
Worked!


Can I edit the .ovpn config and put this in too?

Thanks!
 
Added this to the top of the custom section..
Worked!


Can I edit the .ovpn config and put this in too?

Thanks!

What ovpn config? The router relies on what's in nvram, it does not store the ovpn file. Once imported to nvram and processed, the file is discarded.
 
What ovpn config? The router relies on what's in nvram, it does not store the ovpn file. Once imported to nvram and processed, the file is discarded.

I keep a .ovpn config file that the VPN gave me. I put all the settings in this file, including the TLS cert keys and all the settings.. This way I can install the config file with tunnelblick and log in, so as to rule out the VPN as the problem.

Having the .ovpn configs also allow me to make server changes in case something changes from the VPN. I just upload the .ovpn to the router, and it makes all the settings set themselves. Setting up the VPN client from the ASUS is a tedious task.. uploading the .ovpn to the router, makes that task easy.

-Richard
 
Gotcha.

Yes, you can insert these commands into the ovpn file. Assuwrt-Merlin will automatically put them into the custom section.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top