VPN setup with Padavan Firmware

[steve67474]

Hi Guys
New here so hope you can help. I have an Asus RT-N56U router that I have flashed with Padavan firmware version 3.4.9-099. This all went well and I have a Purevpn account so I went into the VPN client section and setup PPTP Protocol and put my info in the boxes and saved it all rebooted the router and when I go in to the VPN section it says connected next to my remote vpn server. I then connect to the internet OK.

The problem is when I do a "what is my IP" it shows me in uk not in the country I set my vpn to. I have never used Padavan before as I normally use DD-WRT but this box does not support that. Any ideas guys

Regards

Steve

 

[ppeinard]

Hi,
I have tested Padavan, and it's really a shame that it is getting forgotten.
More stable and some more functionnalities than the original ASUS (overall with N56U, offering to it in fine a... VPN Client)

Anyway, the actual question is very old, and I think the problem is resolved by now.
But there is an amazing finding: there is no "correct" tutorial, all over Internet for this setup. More funny, there are a lot of (same) wrong instructions, copying each others, and even PureVPN has spreaded this folish: they use a "VPN server Setup" tab to explain how to setup "Client VPN" !

For those who will be in trouble, setting PPTP with Padavan is so, so easy (unfortunately, in some future, PPTP will disappears, replaced more and more by openVPN).
In the mean time, here it is:
- Select "VPN Client" tab (and not the "VPN Server" as usually explained by false professors)
- Enable VPN Client button, and select protocol PPTP
- Enter the chosen country server proposed by VPN provider (something like "fr1.pointtoserver.com")
- Enter your username and password
- leave everything by defaut: auto, auto, 1450, 1450, no, no...
- till last line: Route all trafic to interface, select YES (I think that the above problem comes from this option not selected)
- That's it. click on APPLY
(Wait some second for a green button "connected" appears. If not, check either your username, password, server IP is surely incorrect)
Now, test to see your new (VPN) IP

Then to go further:
- change "obtaining DNS..." and/or "restrict servers..." with the others options, and compare speed test. Sometimes it works better...
- There is also a script to add in case of disconnect and automatic reconnection...
Now, as (or if) it is working, you are not afraid to do more test, are you ?
A lot of sites are showing it, something like:
peer_lan="192.168.9.0"
peer_msk="255.255.255.0"
func_ipup()
{
if iptables -C FORWARD -j REJECT; then
iptables -D FORWARD -j REJECT
fi
return 0
}
etc...
Just test...

 

[Andy99]

Hello everyone!

I will re-use this topic from very similar problem. I wanted to create a VPN connection between server (racoon + xl2tpd) and client (Android).

I have RT-N65U with custom Padavan's firmware. VPN is working with Linux Windows 7, iOS and Android 6. But the goal is to have it working with Android 9. It is working on per 1.6 minutes. After that, it is disconnected with xl2tpd's status "queued due to no phase1 found". I have change also the racoon with ipsec, but with the same result.

INFO: Reading configuration from "/opt/etc/racoon.conf"
2019-04-20 21:24:02: INFO: 92.52.x.x[4500] used for NAT-T
2019-04-20 21:24:02: INFO: 92.52.x.x[4500] used as isakmp port (fd=7)
2019-04-20 21:24:02: INFO: 92.52.x.x[500] used for NAT-T
2019-04-20 21:24:02: INFO: 92.52.x.x[500] used as isakmp port (fd=8)
<--- racoon was successfully started
2019-04-20 21:24:56: INFO: respond new phase 1 negotiation: 92.52.x.x[500]<=>62.197.x.x[500]
<--- device connected
2019-04-20 21:24:56: INFO: begin Identity Protection mode.
2019-04-20 21:24:56: INFO: received Vendor ID: RFC 3947
2019-04-20 21:24:56: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2019-04-20 21:24:56: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2019-04-20 21:24:56: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
2019-04-20 21:24:56: INFO: received broken Microsoft ID: FRAGMENTATION
2019-04-20 21:24:56: INFO: received Vendor ID: DPD
2019-04-20 21:24:56: [62.197.x.x] INFO: Selected NAT-T version: RFC 3947
2019-04-20 21:24:56: [92.52.x.x] INFO: Hashing 92.52.x.x[500] with algo #2
2019-04-20 21:24:56: INFO: NAT-D payload #0 verified
2019-04-20 21:24:56: [62.197.x.x] INFO: Hashing 62.197.x.x[500] with algo #2
2019-04-20 21:24:56: INFO: NAT-D payload #1 doesn't match
2019-04-20 21:24:56: INFO: NAT detected: PEER
2019-04-20 21:24:56: [62.197.x.x] INFO: Hashing 62.197.x.x[500] with algo #2
2019-04-20 21:24:56: [92.52.x.x] INFO: Hashing 92.52.x.x[500] with algo #2
2019-04-20 21:24:56: INFO: Adding remote and local NAT-D payloads.
2019-04-20 21:24:56: [62.197.x.x] ERROR: couldn't find the pskey for 62.197.x.x.
2019-04-20 21:24:56: [62.197.x.x] NOTIFY: Using default PSK.
2019-04-20 21:24:56: INFO: NAT-T: ports changed to: 62.197.x.x[4500]<->92.52.x.x[4500]
2019-04-20 21:24:56: INFO: KA list add: 92.52.x.x[4500]->62.197.x.x[4500]
2019-04-20 21:24:56: INFO: ISAKMP-SA established 92.52.x.x[4500]-62.197.x.x[4500] spi:e05fxxxxxxxxxxxx:71ddxxxxxxxxxxxx
2019-04-20 21:24:56: [62.197.x.x] INFO: received INITIAL-CONTACT
2019-04-20 21:24:57: INFO: respond new phase 2 negotiation: 92.52.x.x[4500]<=>62.197.x.x[4500]
2019-04-20 21:24:57: INFO: Update the generated policy : 192.168.1.107/32[0] 92.52.x.x/32[1701] proto=udp dir=in
2019-04-20 21:24:57: INFO: Adjusting my encmode UDP-Transport->Transport
2019-04-20 21:24:57: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2)
2019-04-20 21:24:57: WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha512
2019-04-20 21:24:57: WARNING: authtype mismatched: my:hmac-sha256 peer:hmac-sha512
2019-04-20 21:24:57: INFO: IPsec-SA established: ESP/Transport 92.52.x.x[4500]->62.197.x.x[4500] spi=100636673(0x5ff9801)
2019-04-20 21:24:57: INFO: IPsec-SA established: ESP/Transport 92.52.x.x[4500]->62.197.x.x[4500] spi=214494796(0xcc8ee4c)
<--- disconnected after 1.6 minutes
2019-04-20 21:26:32: INFO: deleting a generated policy.
2019-04-20 21:26:32: INFO: purged IPsec-SA proto_id=ESP spi=214494796.
2019-04-20 21:26:32: INFO: ISAKMP-SA expired 92.52.x.x[4500]-62.197.x.x[4500] spi:e05fxxxxxxxxxxxx:71ddxxxxxxxxxxxx
2019-04-20 21:26:32: INFO: ISAKMP-SA deleted 92.52.x.x[4500]-62.197.x.x[4500] spi:e05fxxxxxxxxxxxx:71ddxxxxxxxxxxxx
2019-04-20 21:26:32: INFO: KA remove: 92.52.x.x[4500]->62.197.x.x[4500]
2019-04-20 21:26:36: INFO: IPsec-SA request for 62.197.x.x queued due to no phase1 found.
2019-04-20 21:26:36: INFO: initiate new phase 1 negotiation: 92.52.x.x[500]<=>62.197.x.x[500]
2019-04-20 21:26:36: INFO: begin Identity Protection mode.
2019-04-20 21:27:07: [62.197.x.x] ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 62.197.x.x[0]->92.52.x.x[0]
2019-04-20 21:27:07: INFO: delete phase 2 handler.

2019-04-20 21:26:36: INFO: IPsec-SA request for 62.197.x.x queued due to no phase1 found.
2019-04-20 21:27:07: [62.197.x.x] ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 62.197.x.x[0]->92.52.x.x[0]

/opt/etc/racoon.conf

path pre_shared_key "/opt/etc/racoon/psk.txt";

remote anonymous {
exchange_mode main;
verify_identifier off;
nat_traversal on;
generate_policy on;
proposal_check obey; # obey, strict, or claim

proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}

sainfo anonymous {
lifetime time 30 minutes;
encryption_algorithm aes;
authentication_algorithm hmac_sha1, hmac_sha256, hmac_sha512;
compression_algorithm deflate;
pfs_group 2;
}

So, what could be wrong? And why is on another devices working as well?

I have found some "workaround", which could be working... https://allstarnix.blogspot.com/2014/01/correct-ppp-parameters-setup-for-xl2tpd.html But this it not the way, which I would like to go.