Problem routing through VPN on Asus RT-N65U with padavan firmware (Now includes syslog)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

jon sumisu

New Around Here
Hi
Could someone please help me with this. I want to route either certain remote domains through the VPN, or only one local client through the VPN. I've had a look at some tutorials for ipset, iptables and dnsmasq and, although I can take in the syntax, none of them show how it all goes together to accomplish what I want.

I found the example below and followed the instructions by Alexander Ryzhov near the bottom of the page:

https://bitbucket.org/padavan/rt-n56u/issues/580/routing-some-local-ip-through-vpn-and-let

I double checked every step but I just can't get it to work. Whatismyip is showing my own IP and tunein is showing the content for my location. That example was for the RT-N56U where as I have the RT-N65U, but the padavan settings and options seem the be the same for both machines.
Here is a syslog:

May 12 14:20:34 RT-N65U: starting OpenVPN client...
May 12 14:20:34 openvpn-cli[615]: OpenVPN 2.3.12 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 5 2017
May 12 14:20:34 openvpn-cli[615]: library versions: OpenSSL 1.0.1u 22 Sep 2016, LZO 2.09
May 12 14:20:34 openvpn-cli[616]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 12 14:20:34 openvpn-cli[616]: Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: Socket Buffers: R=[163840->163840] S=[163840->163840]
May 12 14:20:34 openvpn-cli[616]: Data Channel MTU parms [ L:1601 D:1450 EF:69 EB:12 ET:32 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link local: [undef]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link remote: [AF_INET]67.205.143.111:1194
May 12 14:20:34 openvpn-cli[616]: TLS: Initial packet from [AF_INET]67.205.143.111:1194, sid=2fd0ed9b 76b5e4d1
May 12 14:20:34 openvpn-cli[616]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=1, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=[email protected]
May 12 14:20:34 openvpn-cli[616]: Validating certificate key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has key usage 00a0, expects 00a0
May 12 14:20:34 openvpn-cli[616]: VERIFY KU OK
May 12 14:20:34 openvpn-cli[616]: Validating certificate extended key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 12 14:20:34 openvpn-cli[616]: VERIFY EKU OK
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=0, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=[email protected]
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
May 12 14:20:36 openvpn-cli[616]: NOTE: --mute triggered...
May 12 14:20:36 openvpn-cli[616]: 3 variation(s) on previous 10 message(s) suppressed by --mute
May 12 14:20:36 openvpn-cli[616]: [VPNArea] Peer Connection Initiated with [AF_INET]67.205.143.111:1194
May 12 14:20:38 openvpn-cli[616]: SENT CONTROL [VPNArea]: 'PUSH_REQUEST' (status=1)
May 12 14:20:38 openvpn-cli[616]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 167.71.248.31,dhcp-option DNS 188.166.37.89,explicit-exit-notify 5,sndbuf 786432,rcvbuf 786432,route 10.186.35.1,topology net30,ping 10,ping-restart 120,ifconfig 10.186.35.18 10.186.35.17,peer-id 3'
May 12 14:20:38 openvpn-cli[616]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: explicit-exit-notify (2.3.12)
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: timers and/or timeouts modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
May 12 14:20:38 openvpn-cli[616]: Socket Buffers: R=[163840->1572864] S=[163840->1572864]
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ifconfig/up options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: route options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: peer-id set
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: adjusting link_mtu to 1604
May 12 14:20:38 openvpn-cli[616]: TUN/TAP device tun0 opened
May 12 14:20:38 openvpn-cli[616]: TUN/TAP TX queue length set to 100
May 12 14:20:38 openvpn-cli[616]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 12 14:20:38 openvpn-cli[616]: /sbin/ifconfig tun0 10.186.35.18 pointopoint 10.186.35.17 mtu 1500
May 12 14:20:38 openvpn-cli[616]: ovpnc.script tun0 1500 1604 10.186.35.18 10.186.35.17 init
May 12 14:20:38 dnsmasq[469]: read /etc /hosts - 8 addresses
May 12 14:20:38 dnsmasq[469]: read /etc /storage /dnsmasq /hosts - 0 addresses
May 12 14:20:38 dnsmasq-dhcp[469]: read /etc /dnsmasq /dhcp /dhcp-hosts.rc
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain tunein.com
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain whatismyip.com
May 12 14:20:38 dnsmasq[469]: using nameserver 167.71.248.31#53
May 12 14:20:38 dnsmasq[469]: using nameserver 188.166.37.89#53
May 12 14:20:38 vpnc-script: tun0 up
May 12 14:20:38 openvpn-cli[616]: Initialization Sequence Completed

I'm just learning so I can't tell if anything is wrong with this. I can see one error in the middle, is that causing problems?

jon
 
Last edited:

jon sumisu

New Around Here
Well after a week of struggling with this I finally managed to get it working. There wasn't anything wrong with the code. It just needed the setting 'Obtaining DNS from VPN Server:' changing from 'Replace all existing' to 'Add to existing list' and it works fine now.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top