The content of this topic has been archived between 16 Sep 2014 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.
Who maintains the software repo for CC builds?
src/gz chaos_calmer_base http://downloads.openwrt.org/snapshots/ … kages/base
What needs to be done to get some missing packages added in there. Could someone please point me to the right direction?
thanks
Sorry, posts 3727 to 3725 are missing from our archive.
DavidMcWRT wrote:belliash wrote:I know that, and thats not what im asking about...
McWrt is based on OpenWrt and it supports squashfs. So I wonder why McWrt images are based on jffs only?
Because no-one took care about enabling squashfs image in config, or it lacks anything and such image would brick wrt1900ac...Customer walks into a modern Ford dealership.
C: I'm wondering why the Model T is only available in black.
F: Sir, the Model T is no longer being produced.
C: I know that, but why can't I get a yellow one?
In answer to your original question, Chadster might be able to give some explanation - maybe it was a decision he made, or likely it might just be the case that the AA branch that McWRT was based off (compared to our current CC trunk) didn't support it.
Stupid comparision, as this is OpenSource software and anyone can rebuild it.
I know all of that, but still this is unclear why he decided to not enable squashfs in the McWrt config. So i wonder if McWrt misses something in the code specific to this platform and generating such image and flashing afterwards would brick a router or is it just an option which didnt get enabled....
Hit this link/forum and ask Chadster yourself.
http://community.linksys.com/t5/Wireless-Routers/WRT1900AC-and-OpenWrt/td-p/810750
Well, --force-depends isn't a good idea for kernel modules.
Thx for the tip :}
Good morning guys,
first post and long time follower of this thread. After seeing the great work you have all been doing with this router, i finally bit the bullet and bought one.
So hopefully this question is such a noob question it is easy to answer!
Over the weekend i tried to achieve one thing (other than basic wifi and routing) and that was to get Samba running and sharing a USB flash drive. (ideally a 1tb external portable hard drive), but any drive!
Ultimately my problem is the opposite to most samba problems.
I can Write to the Samba share, I can browse the Samba share, but i cant read from it.
If i copy a file to the share from my laptop, i cant copy it back.
I have tried with both wired and wireless connections.
I have tried the firmware from Trunk (21st), Kaloz Snapshot (20th), Lifehacksback latest testing.
I have tried both a normal flash drive and a portable 1tb hard drive
and i have tried formatting as fat32 or ext4
So im hoping someone has the obvious answer i must be missing, or can point me in the right direction to diagnose.
thanks in advance
Ad blocking
Tested with kaloz's latest build
openwrt r44908
Linux 3.18.9 #11 SMP Fri Mar 20 14:23:00 CET 2015 armv7l GNU/Linux
This (which gives the possibility to add some custom hosts in either /etc/hosts or /mnt/sda1/hosts)
dl_hosts.sh
---- cut here
#!/bin/sh
export DLHOSTS=/tmp/dlhosts_log
echo "" > $DLHOSTS
_rogue=0.0.0.0
echo -e "#!/bin/sh\nn=1\nwhile sleep 60\ndo\n\twget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep \"^0.0.0.0\" | grep -v localhost | awk '{print \"$_rogue\\\t\"\$2}' | tr -d '\\\015' >/tmp/dlhosts\n" >/tmp/write_dlhosts
echo -e "\t[ \`grep -il doubleclick /tmp/dlhosts\` ] && break\n\t[ \$n -gt 5 ] && break\n\tlet n+=1\ndone\n[ -e /mnt/sda1/hosts ] && cat /mnt/sda1/hosts >>/tmp/dlhosts\n[ -e /etc/hosts ] && cat /etc/hosts >>/tmp/dlhosts\nkillall -HUP dnsmasq" >>/tmp/write_dlhosts
chmod +x /tmp/write_dlhosts
/tmp/write_dlhosts &
echo "Done!" >> $DLHOSTS
---- cut here
notes:
Put dl_hosts.sh in /tmp
From web UI add, network > DHCP and DNS > Resolv and Hosts file > Additional Hosts files /tmp/dlhosts
Run /tmp/dl_hosts.sh from your startup
-gufus
@kaloz
I had this error on 2.4ghz https://forum.openwrt.org/viewtopic.php … 26#p261726
NEW wifi driver. FIXED 
-----
Sun Mar 22 14:05:01 2015 cron.info crond[1161]: crond: USER root pid 2729 cmd /sbin/fan_ctrl.sh
Sun Mar 22 14:09:17 2015 daemon.info hostapd: wlan0: STA be:a3:86:4b:61:ee WPA: group key handshake completed (RSN)
Sun Mar 22 14:09:17 2015 daemon.info hostapd: wlan0: STA 20:aa:4b:3e:5e:39 WPA: group key handshake completed (RSN)
Sun Mar 22 14:10:01 2015 cron.info crond[1161]: crond: USER root pid 3602 cmd /sbin/fan_ctrl.sh
Sun Mar 22 14:15:01 2015 cron.info crond[1161]: crond: USER root pid 4389 cmd /sbin/fan_ctrl.sh
Sun Mar 22 14:19:17 2015 daemon.info hostapd: wlan0: STA be:a3:86:4b:61:ee WPA: group key handshake completed (RSN)
Sun Mar 22 14:19:17 2015 daemon.info hostapd: wlan0: STA 20:aa:4b:3e:5e:39 WPA: group key handshake completed (RSN)
Sun Mar 22 14:20:01 2015 cron.info crond[1161]: crond: USER root pid 5175 cmd /sbin/fan_ctrl.sh
Sun Mar 22 14:25:01 2015 cron.info crond[1161]: crond: USER root pid 5965 cmd /sbin/fan_ctrl.sh
Sun Mar 22 14:29:17 2015 daemon.info hostapd: wlan0: STA be:a3:86:4b:61:ee WPA: group key handshake completed (RSN)
Sun Mar 22 14:29:17 2015 daemon.info hostapd: wlan0: STA 20:aa:4b:3e:5e:39 WPA: group key handshake completed (RSN)
Sun Mar 22 14:30:01 2015 cron.info crond[1161]: crond: USER root pid 6751 cmd /sbin/fan_ctrl.sh
(Last edited by gufus on 22 Mar 2015, 22:12)
Folks, further to my post below, I have narrowed it down...
I started off fresh with Kaloz' snapshot 20Mar
Firstly i can confirm what was reported a couple of days ago, that using the USB3.0 port, USB drives dont appear in /dev/
So, switching to the USB2.0 port and i can happily mount the drive.
That aside, i did the clean install using wired connection only. I did not configure the wireless at all.
To my surprise Samba worked as it should. I could read and write to the share at about 30 MB/s. Great.
However, as soon as i enabled the wireless and associated my laptop to it, my problems as below occur.
Now on wired (wireless disabled on laptop) or wireless i can write to the Samba share. I can list the Samba share, but i cant copy from the Samba share.
(btw, i turned my windows firewall off to test).
EDIT
Stopping the WRT firewall didnt change the behaviour either
Any thoughts appreciated
Good morning guys,
first post and long time follower of this thread. After seeing the great work you have all been doing with this router, i finally bit the bullet and bought one.So hopefully this question is such a noob question it is easy to answer!
Over the weekend i tried to achieve one thing (other than basic wifi and routing) and that was to get Samba running and sharing a USB flash drive. (ideally a 1tb external portable hard drive), but any drive!
Ultimately my problem is the opposite to most samba problems.
I can Write to the Samba share, I can browse the Samba share, but i cant read from it.
If i copy a file to the share from my laptop, i cant copy it back.I have tried with both wired and wireless connections.
I have tried the firmware from Trunk (21st), Kaloz Snapshot (20th), Lifehacksback latest testing.I have tried both a normal flash drive and a portable 1tb hard drive
and i have tried formatting as fat32 or ext4So im hoping someone has the obvious answer i must be missing, or can point me in the right direction to diagnose.
thanks in advance
(Last edited by drewgarth2 on 23 Mar 2015, 00:39)
Ad blocking
Tested with kaloz's latest build
openwrt r44908
Linux 3.18.9 #11 SMP Fri Mar 20 14:23:00 CET 2015 armv7l GNU/LinuxThis (which gives the possibility to add some custom hosts in either /etc/hosts or /mnt/sda1/hosts)
dl_hosts.sh
---- cut here
#!/bin/shexport DLHOSTS=/tmp/dlhosts_log
echo "" > $DLHOSTS
_rogue=0.0.0.0
echo -e "#!/bin/sh\nn=1\nwhile sleep 60\ndo\n\twget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep \"^0.0.0.0\" | grep -v localhost | awk '{print \"$_rogue\\\t\"\$2}' | tr -d '\\\015' >/tmp/dlhosts\n" >/tmp/write_dlhosts
echo -e "\t[ \`grep -il doubleclick /tmp/dlhosts\` ] && break\n\t[ \$n -gt 5 ] && break\n\tlet n+=1\ndone\n[ -e /mnt/sda1/hosts ] && cat /mnt/sda1/hosts >>/tmp/dlhosts\n[ -e /etc/hosts ] && cat /etc/hosts >>/tmp/dlhosts\nkillall -HUP dnsmasq" >>/tmp/write_dlhosts
chmod +x /tmp/write_dlhosts
/tmp/write_dlhosts &
echo "Done!" >> $DLHOSTS
---- cut herenotes:
Put dl_hosts.sh in /tmp
From web UI add, network > DHCP and DNS > Resolv and Hosts file > Additional Hosts files /tmp/dlhosts
Run /tmp/dl_hosts.sh from your startup
-gufus
Works perfect !
Thanks again Gufus !
@mojolacerator
I noticed in one of your earlier posts that you were using the WRT1900ac as the Access point, but still using the rt-ac3200 for the Disk sharing, torrents, etc.
Was there any particular reason related to the WRT that forced you down the path? Or was it just the most convenient way to bring the WRT back into useful service?
Im obviously struggling with the Disk sharing bit on the WRT....
cheers
Andrew
@mojolacerator
I noticed in one of your earlier posts that you were using the WRT1900ac as the Access point, but still using the rt-ac3200 for the Disk sharing, torrents, etc.Was there any particular reason related to the WRT that forced you down the path? Or was it just the most convenient way to bring the WRT back into useful service?
Im obviously struggling with the Disk sharing bit on the WRT....
cheers
Andrew
After that post, Kaloz posted his latest image which I flashed on the WRT1900. It had been awhile since I had tried a new image as the WRT had me quite irritated.
There was such a noticeable difference in the WRT's efficiency, it is now the gateway. I quite honestly do not use the wireless on the WRT at all. I use the extra horsepower in it to do the routing and adblocking. The RT-AC3200 is the wireless access point using it's stability, and the fantastic USB apps. The torrent management is so easy. The RT-AC3200 manages all the torrents right to the hard drive, no computer required.
At least It is working for me, everything is lighting fast, the WRT allows the RT-AC3200 dlna server to do its thing, everyone on my network has access etc. Everyone on the network uses the torrent server on the ASUS whenever they feel like it, 35gb of music and movies this weekend. Network speed isn't compromised with the torrents downloading, our ps4's were having no issues online at all.
The WRT is backing all of it.
Thanks for the reply...im definitely frustrated. ....
I have narrowed it down even further.
Wireless Disabled, Wired Connection -> Samba share works perfectly
Wireless Enabled, Associate a wireless client, then disconnect and used Wired connection., Samba only lets me copy TO the share
Wireless Enabled, Wireless Connection, Samba Only Lets me copy TO the share.
Disable wireless, Reboot router, Wired Connection - > and...Samba share works perfectly again.
I also get the same behaviour if i share out /tmp without USB drive connected. So it definately seems to be something to do with the Wifi and Samba
cheers
Andrew
I've followed the OpenWRT OpenVPN tutorials to the letter, and no matter how many times I redo the VPN setup, OpenWRT refuses to allow clients to connect to tun0 on 1194.
- running snapshot trunk build from 3/21 (however this has been occurring for 2+ weeks)
- all certificates and keys correctly set up (ca, server/client crt and key, dh, & ta)
- both server and client config files set up correctly with mirrored options
- tried both tcp, then udp, separately, with both failing when server connection is attempted (tcp says server rejects, udp times out).
- Tunnel [tun0] is set up correctly as I can ping the tunnel server IP [10.10.10.1/24] from within the LAN subnet [192.168.200.0/24]Followed tutorials:
http://wiki.openwrt.org/doc/howto/vpn.openvpn
http://wiki.openwrt.org/doc/howto/vpn.s … penvpn.tun
http://wiki.openwrt.org/oldwiki/vpn.server.openvpn.tunas well as:
https://openvpn.net/index.php/open-sour … tml#pkcs11
http://joepaetzel.com/2012/07/24/openvp … eenas-8-2/
http://joepaetzel.com/2014/03/04/secure … -firewall/
https://forums.freenas.org/index.php?th … ail.21856/... and quite a few others, every time the server [wrt1900ac] refuses the connection, even though I've set up the firewall rules exactly as specified in the OpenWRT tutorials.
root@OpenWRT:~# uci show openvpn
openvpn.vpnserver=openvpn
openvpn.vpnserver.enabled=1
openvpn.vpnserver.dev=tun
openvpn.vpnserver.proto=tcp
openvpn.vpnserver.local=192.168.200.1
openvpn.vpnserver.server=10.10.10.0 255.255.255.0
openvpn.vpnserver.port=1194
openvpn.vpnserver.keepalive=10 120
openvpn.vpnserver.push=route 192.168.200.0 255.255.255.0
openvpn.vpnserver.ca=/etc/openvpn/keys/ca.crt
openvpn.vpnserver.cert=/etc/openvpn/keys/OpenWRT-VPNserver.crt
openvpn.vpnserver.key=/etc/openvpn/keys/OpenWRT-VPNserver.key
openvpn.vpnserver.dh=/etc/openvpn/keys/dh2048.pem
openvpn.vpnserver.tls_auth=/etc/openvpn/keys/ta.key 0
openvpn.vpnserver.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.vpnserver.log_append=/tmp/openvpn.log
openvpn.vpnserver.status=/tmp/openvpn-status.log
openvpn.vpnserver.verb=4
openvpn.vpnserver.comp_lzo=yes
openvpn.vpnserver.cipher=AES-256-CBC
openvpn.vpnserver.client_to_client=1
openvpn.vpnserver.persist_key=1
openvpn.vpnserver.persist_tun=1root@OpenWRT:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=REJECT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].input=REJECT
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=REJECT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan wan6
firewall.@zone[2]=zone
firewall.@zone[2].name=vpn
firewall.@zone[2].input=ACCEPT
firewall.@zone[2].forward=ACCEPT
firewall.@zone[2].output=ACCEPT
firewall.@zone[2].network=vpn0
firewall.@zone[2].masq=1
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-OpenVPN-Inbound
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].dest_port=1194
firewall.@rule[0].family=ipv4
firewall.@rule[0].proto=tcp udp
firewall.@rule[0].src=wan
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src=lan
firewall.@forwarding[0].dest=vpn
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src=vpn
firewall.@forwarding[1].dest=lan
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest=wan
firewall.@forwarding[2].src=lan
firewall.@rule[1]=rule
firewall.@rule[1].target=ACCEPT
firewall.@rule[1].src=vpn
firewall.@rule[1].dest=lan
firewall.@rule[2]=rule
firewall.@rule[2].target=ACCEPT
firewall.@rule[2].src=lan
firewall.@rule[2].dest=vpnClient (Windows/Android; Android obviously doesnt use back slashes)
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.crt"
key "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.key"
tls-auth "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ta.key" 1
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 9#dev tap
#dev-node MyTap
#proto udp
#remote-random
#user nobody
#group nobody
#http-proxy-retry # retry on connection failures
#http-proxy [proxy server] [proxy port #]
#mute 20I'm really at a loss here, so any opinions would be greatly appreciated. I've tried disabling the router firewall, as well as the firewall on my Nexus 6 [and PC] and the connection is still rejected by the router. I'm missing something here... just not sure exactly what.
I found that a reboot was needed after install of openvpn, also compression can be a problem, maybe increase verb to get more information
is tun loaded, if not "insmod tun" and reboot
What's in /tmp/openvpn.log
(Last edited by hd2659 on 23 Mar 2015, 11:22)
The new driver has been pushed to trunk, including the fix for iwinfo.
The new driver has been pushed to trunk, including the fix for iwinfo.
That will be in the next build, right?
snapshot builds are automatic - my build already had these
running on march 20th build of kaloz.
flashed from stock firmware, up and running since then, with wifi 5ghz only on 3x apple devices (ipad4, iphone5s and iphone 5c)
verry excited about new driver release, thanks kaloz! Keep up the good work!
tusc wrote:My router locked up after half a day of use on the 3.18.9 image provided by Kaloz. Back to 4.0-rc4 for me until the marvell changes gets integrated into trunk.
Weird, there should be about no differences between the two when it comes to platform code.
@tusc,
I've found a patch that might fix your issues - it didn't make it into the stable tree yet. I've uploaded a new image with it, please test.
(p.s.: I've also fixed up usb3 support in that image)
JW0914 wrote:I've followed the OpenWRT OpenVPN tutorials to the letter, and no matter how many times I redo the VPN setup, OpenWRT refuses to allow clients to connect to tun0 on 1194.
- running snapshot trunk build from 3/21 (however this has been occurring for 2+ weeks)
- all certificates and keys correctly set up (ca, server/client crt and key, dh, & ta)
- both server and client config files set up correctly with mirrored options
- tried both tcp, then udp, separately, with both failing when server connection is attempted (tcp says server rejects, udp times out).
- Tunnel [tun0] is set up correctly as I can ping the tunnel server IP [10.10.10.1/24] from within the LAN subnet [192.168.200.0/24]Followed tutorials:
http://wiki.openwrt.org/doc/howto/vpn.openvpn
http://wiki.openwrt.org/doc/howto/vpn.s … penvpn.tun
http://wiki.openwrt.org/oldwiki/vpn.server.openvpn.tunas well as:
https://openvpn.net/index.php/open-sour … tml#pkcs11
http://joepaetzel.com/2012/07/24/openvp … eenas-8-2/
http://joepaetzel.com/2014/03/04/secure … -firewall/
https://forums.freenas.org/index.php?th … ail.21856/... and quite a few others, every time the server [wrt1900ac] refuses the connection, even though I've set up the firewall rules exactly as specified in the OpenWRT tutorials.
I'm really at a loss here, so any opinions would be greatly appreciated. I've tried disabling the router firewall, as well as the firewall on my Nexus 6 [and PC] and the connection is still rejected by the router. I'm missing something here... just not sure exactly what.
I found that a reboot was needed after install of openvpn, also compression can be a problem, maybe increase verb to get more information
is tun loaded, if not "insmod tun" and reboot
What's in /tmp/openvpn.log
From OpenVPN forum
Traffic wrote:
what is output of netstat -antupUnder >network/firewall/port-forward: make rule to forward external port 1194 to LAN address.
I deleted all prior forwarding and input rules in firewall, added the forward, however, it's still providing the same errors as before.
netstat -antup
root@OpenWRT:~# netstat -antup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.200.1:1194 0.0.0.0:* LISTEN 1921/openvpn
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1877/smbd
tcp 0 0 192.168.200.1:2222 0.0.0.0:* LISTEN 1399/dropbear
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2438/uhttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2061/dnsmasq
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1877/smbd
tcp 0 248 192.168.200.1:2222 192.168.200.15:53081 ESTABLISHED 2394/dropbear
tcp 0 0 127.0.0.1:80 127.0.0.1:44567 TIME_WAIT -
tcp 0 0 127.0.0.1:44565 127.0.0.1:80 ESTABLISHED 2394/dropbear
tcp 0 0 127.0.0.1:80 127.0.0.1:44565 ESTABLISHED 2438/uhttpd
tcp 0 0 127.0.0.1:80 127.0.0.1:44566 ESTABLISHED 2438/uhttpd
tcp 0 0 127.0.0.1:44566 127.0.0.1:80 ESTABLISHED 2394/dropbear
tcp 0 0 :::139 :::* LISTEN 1877/smbd
tcp 0 0 :::80 :::* LISTEN 2438/uhttpd
tcp 0 0 :::53 :::* LISTEN 2061/dnsmasq
tcp 0 0 :::445 :::* LISTEN 1877/smbd
udp 0 0 0.0.0.0:53 0.0.0.0:* 2061/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 2061/dnsmasq
udp 0 0 192.168.200.255:137 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.1:137 0.0.0.0:* 1883/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.255:138 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.1:138 0.0.0.0:* 1883/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 1883/nmbd
udp 0 0 :::546 :::* 1791/odhcp6c
udp 0 0 :::547 :::* 1302/odhcpd
udp 0 0 :::53 :::* 2061/dnsmasq
udp 0 0 :::123 :::* 1952/ntpd
Firewall
root@OpenWRT:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=REJECT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].input=REJECT
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=REJECT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan wan6
firewall.@zone[2]=zone
firewall.@zone[2].name=vpn
firewall.@zone[2].input=ACCEPT
firewall.@zone[2].forward=ACCEPT
firewall.@zone[2].output=ACCEPT
firewall.@zone[2].network=vpn0
firewall.@zone[2].masq=1
firewall.@zone[2].conntrack=1
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src=vpn
firewall.@forwarding[0].dest=lan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lan
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=1194
firewall.@redirect[0].dest_ip=192.168.200.1
firewall.@redirect[0].dest_port=1194
firewall.@redirect[0].name=VPN
OpenVPN Server Config
root@OpenWRT:~# uci show openvpn
openvpn.vpnserver=openvpn
openvpn.vpnserver.enabled=1
openvpn.vpnserver.dev=tun
openvpn.vpnserver.proto=tcp
openvpn.vpnserver.port=1194
openvpn.vpnserver.local=192.168.200.1
openvpn.vpnserver.server=10.10.10.0 255.255.255.0
openvpn.vpnserver.push=route 192.168.200.0 255.255.255.0
openvpn.vpnserver.ca=/etc/openvpn/keys/ca.crt
openvpn.vpnserver.cert=/etc/openvpn/keys/OpenWRT-VPNserver.crt
openvpn.vpnserver.key=/etc/openvpn/keys/OpenWRT-VPNserver.key
openvpn.vpnserver.dh=/etc/openvpn/keys/dh2048.pem
openvpn.vpnserver.tls_auth=/etc/openvpn/keys/ta.key 0
openvpn.vpnserver.cipher=AES-256-CBC
openvpn.vpnserver.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.vpnserver.log=/tmp/openvpn.log
openvpn.vpnserver.status=/tmp/openvpn-status.log
openvpn.vpnserver.keepalive=10 120
openvpn.vpnserver.comp_lzo=yes
openvpn.vpnserver.client_to_client=1
openvpn.vpnserver.persist_key=1
openvpn.vpnserver.persist_tun=1
openvpn.vpnserver.verb=9
OpenVPN Server Log
root@OpenWRT:~# cat /tmp/openvpn.log
Mon Mar 23 07:56:16 2015 us=315506 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Mon Mar 23 07:56:16 2015 us=317871 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Mon Mar 23 07:56:16 2015 us=761610 Diffie-Hellman initialized with 2048 bit key
Mon Mar 23 07:56:16 2015 us=801089 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Mon Mar 23 07:56:16 2015 us=802806 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 07:56:16 2015 us=803003 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 07:56:16 2015 us=805143 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Mar 23 07:56:16 2015 us=805414 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Mar 23 07:56:16 2015 us=808584 TUN/TAP device tun0 opened
Mon Mar 23 07:56:16 2015 us=808858 TUN/TAP TX queue length set to 100
Mon Mar 23 07:56:16 2015 us=809086 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar 23 07:56:16 2015 us=809366 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Mon Mar 23 07:56:16 2015 us=819206 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Mon Mar 23 07:56:16 2015 us=826509 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 23 07:56:16 2015 us=826798 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Mon Mar 23 07:56:16 2015 us=830886 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Mon Mar 23 07:56:16 2015 us=831180 TCPv4_SERVER link remote: [undef]
Mon Mar 23 07:56:16 2015 us=832244 MULTI: multi_init called, r=256 v=256
Mon Mar 23 07:56:16 2015 us=832556 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Mon Mar 23 07:56:16 2015 us=832731 IFCONFIG POOL LIST
Mon Mar 23 07:56:16 2015 us=833009 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Mar 23 07:56:16 2015 us=840787 Initialization Sequence Completed
Windows Client Config
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.crt"
key "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.key"
tls-auth "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ta.key" 1
ns-cert-type server
#remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 9
#route-method exe
#route-delay 2
#route 0.0.0.0 0.0.0.0 10.10.10.1#dev tap
#dev-node MyTap
#proto udp
#remote-random
#user nobody
#group nobody
#http-proxy-retry # retry on connection failures
#http-proxy [proxy server] [proxy port #]
#mute 20
Windows Client Log
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_pin_cache_period = -1
Mon Mar 23 08:11:53 2015 pkcs11_id = '[UNDEF]'
Mon Mar 23 08:11:53 2015 pkcs11_id_management = DISABLED
Mon Mar 23 08:11:53 2015 server_network = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_network_ipv6 = ::
Mon Mar 23 08:11:53 2015 server_netbits_ipv6 = 0
Mon Mar 23 08:11:53 2015 server_bridge_ip = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_pool_start = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_pool_end = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_defined = DISABLED
Mon Mar 23 08:11:53 2015 ifconfig_pool_start = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_end = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Mar 23 08:11:53 2015 ifconfig_pool_persist_refresh_freq = 600
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_defined = DISABLED
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_base = ::
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_netbits = 0
Mon Mar 23 08:11:53 2015 n_bcast_buf = 256
Mon Mar 23 08:11:53 2015 tcp_queue_limit = 64
Mon Mar 23 08:11:53 2015 real_hash_size = 256
Mon Mar 23 08:11:53 2015 virtual_hash_size = 256
Mon Mar 23 08:11:53 2015 client_connect_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 learn_address_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 client_disconnect_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 client_config_dir = '[UNDEF]'
Mon Mar 23 08:11:53 2015 ccd_exclusive = DISABLED
Mon Mar 23 08:11:53 2015 tmp_dir = 'C:\Users\James\AppData\Local\Temp\'
Mon Mar 23 08:11:53 2015 push_ifconfig_defined = DISABLED
Mon Mar 23 08:11:53 2015 push_ifconfig_local = 0.0.0.0
Mon Mar 23 08:11:53 2015 push_ifconfig_remote_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_defined = DISABLED
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_local = ::/0
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_remote = ::
Mon Mar 23 08:11:53 2015 enable_c2c = DISABLED
Mon Mar 23 08:11:53 2015 duplicate_cn = DISABLED
Mon Mar 23 08:11:53 2015 cf_max = 0
Mon Mar 23 08:11:53 2015 cf_per = 0
Mon Mar 23 08:11:53 2015 max_clients = 1024
Mon Mar 23 08:11:53 2015 max_routes_per_client = 256
Mon Mar 23 08:11:53 2015 auth_user_pass_verify_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 auth_user_pass_verify_script_via_file = DISABLED
Mon Mar 23 08:11:53 2015 client = ENABLED
Mon Mar 23 08:11:53 2015 pull = ENABLED
Mon Mar 23 08:11:53 2015 auth_user_pass_file = '[UNDEF]'
Mon Mar 23 08:11:53 2015 show_net_up = DISABLED
Mon Mar 23 08:11:53 2015 route_method = 0
Mon Mar 23 08:11:53 2015 ip_win32_defined = DISABLED
Mon Mar 23 08:11:53 2015 ip_win32_type = 3
Mon Mar 23 08:11:53 2015 dhcp_masq_offset = 0
Mon Mar 23 08:11:53 2015 dhcp_lease_time = 31536000
Mon Mar 23 08:11:53 2015 tap_sleep = 0
Mon Mar 23 08:11:53 2015 dhcp_options = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_renew = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_pre_release = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_release = DISABLED
Mon Mar 23 08:11:53 2015 domain = '[UNDEF]'
Mon Mar 23 08:11:53 2015 netbios_scope = '[UNDEF]'
Mon Mar 23 08:11:53 2015 netbios_node_type = 0
Mon Mar 23 08:11:53 2015 disable_nbt = DISABLED
Mon Mar 23 08:11:53 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Mon Mar 23 08:11:53 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Mon Mar 23 08:11:53 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Mar 23 08:11:53 2015 Need hold release from management interface, waiting...
Mon Mar 23 08:11:53 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'state on'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'log all on'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'hold off'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'hold release'
Mon Mar 23 08:11:54 2015 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\OpenWRT-VPNserver\ta.key' as a OpenVPN static key file
Mon Mar 23 08:11:54 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 08:11:54 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 08:11:54 2015 LZO compression initialized
Mon Mar 23 08:11:54 2015 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Mar 23 08:11:54 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Mar 23 08:11:54 2015 MANAGEMENT: >STATE:1427116314,RESOLVE,,,
Mon Mar 23 08:11:54 2015 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 23 08:11:54 2015 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Mar 23 08:11:54 2015 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Mar 23 08:11:54 2015 Local Options hash (VER=V4): '2f2c6498'
Mon Mar 23 08:11:54 2015 Expected Remote Options hash (VER=V4): '9915e4a2'
Mon Mar 23 08:11:54 2015 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
Mon Mar 23 08:11:54 2015 MANAGEMENT: >STATE:1427116314,TCP_CONNECT,,,
Mon Mar 23 08:12:04 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Mon Mar 23 08:12:09 2015 MANAGEMENT: >STATE:1427116329,RESOLVE,,,
Mon Mar 23 08:12:09 2015 MANAGEMENT: >STATE:1427116329,TCP_CONNECT,,,
Mon Mar 23 08:12:19 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Android Config (Static Key Removed, utilizes imported pkcs12 in Android Keychain)
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1----------END OpenVPN Static key V1-----
</tls-auth>
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 9# dev tap
# dev-node MyTap
# proto udp
# remote my-server-2 1194
# remote-random
# user nobody
# group nobody
# http-proxy-retry # retry on connection failures
# http-proxy [proxy server] [proxy port #]
# mute 20
Android Client Log
2015-03-23 07:56:36 Running on Nexus 6 (shamu) google, Android API 21, version 0.6.29, official build
2015-03-23 07:56:36 Log cleared.
2015-03-23 07:57:10 Building configuration…
2015-03-23 07:57:13 started Socket Thread
2015-03-23 07:57:13 Network Status: CONNECTED to WIFI "Fibonacci 5G Fractals"
2015-03-23 07:57:13 Current Parameter Settings:
2015-03-23 07:57:13 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-03-23 07:57:13 mode = 0
2015-03-23 07:57:13 show_ciphers = DISABLED
2015-03-23 07:57:13 show_digests = DISABLED
2015-03-23 07:57:13 show_engines = DISABLED
2015-03-23 07:57:13 genkey = DISABLED
2015-03-23 07:57:13 key_pass_file = '[UNDEF]'
2015-03-23 07:57:13 show_tls_ciphers = DISABLED
2015-03-23 07:57:13 connect_retry_max = 5
2015-03-23 07:57:13 Connection profiles [0]:
2015-03-23 07:57:13 proto = tcp-client
2015-03-23 07:57:13 local = '[UNDEF]'
2015-03-23 07:57:13 local_port = '[UNDEF]'
2015-03-23 07:57:13 remote = 'vpnserver.dyndns-server.com'
2015-03-23 07:57:13 remote_port = '1194'
2015-03-23 07:57:13 remote_float = DISABLED
2015-03-23 07:57:13 bind_defined = DISABLED
2015-03-23 07:57:13 bind_local = DISABLED
2015-03-23 07:57:13 bind_ipv6_only = DISABLED
2015-03-23 07:57:13 connect_retry_seconds = 5
2015-03-23 07:57:13 connect_timeout = 10
2015-03-23 07:57:13 socks_proxy_server = '[UNDEF]'
2015-03-23 07:57:13 socks_proxy_port = '[UNDEF]'
2015-03-23 07:57:13 socks_proxy_retry = DISABLED
2015-03-23 07:57:13 tun_mtu = 1500
2015-03-23 07:57:13 tun_mtu_defined = ENABLED
2015-03-23 07:57:13 link_mtu = 1500
2015-03-23 07:57:13 link_mtu_defined = DISABLED
2015-03-23 07:57:13 tun_mtu_extra = 0
2015-03-23 07:57:13 tun_mtu_extra_defined = DISABLED
2015-03-23 07:57:13 mtu_discover_type = -1
2015-03-23 07:57:13 fragment = 0
2015-03-23 07:57:13 mssfix = 1450
2015-03-23 07:57:13 explicit_exit_notification = 0
2015-03-23 07:57:13 Connection profiles END
2015-03-23 07:57:13 remote_random = DISABLED
2015-03-23 07:57:13 ipchange = '[UNDEF]'
2015-03-23 07:57:13 dev = 'tun'
2015-03-23 07:57:13 dev_type = '[UNDEF]'
2015-03-23 07:57:13 dev_node = '[UNDEF]'
2015-03-23 07:57:13 lladdr = '[UNDEF]'
2015-03-23 07:57:13 topology = 1
2015-03-23 07:57:13 tun_ipv6 = DISABLED
2015-03-23 07:57:13 ifconfig_local = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_remote_netmask = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_noexec = DISABLED
2015-03-23 07:57:13 ifconfig_nowarn = ENABLED
2015-03-23 07:57:13 ifconfig_ipv6_local = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_ipv6_netbits = 0
2015-03-23 07:57:13 ifconfig_ipv6_remote = '[UNDEF]'
2015-03-23 07:57:13 shaper = 0
2015-03-23 07:57:13 mtu_test = 0
2015-03-23 07:57:13 mlock = DISABLED
2015-03-23 07:57:13 keepalive_ping = 0
2015-03-23 07:57:13 keepalive_timeout = 0
2015-03-23 07:57:13 inactivity_timeout = 0
2015-03-23 07:57:13 ping_send_timeout = 0
2015-03-23 07:57:13 ping_rec_timeout = 0
2015-03-23 07:57:13 ping_rec_timeout_action = 0
2015-03-23 07:57:13 ping_timer_remote = DISABLED
2015-03-23 07:57:13 remap_sigusr1 = 0
2015-03-23 07:57:13 persist_tun = ENABLED
2015-03-23 07:57:13 persist_local_ip = DISABLED
2015-03-23 07:57:13 persist_remote_ip = DISABLED
2015-03-23 07:57:13 persist_key = DISABLED
2015-03-23 07:57:13 passtos = DISABLED
2015-03-23 07:57:13 resolve_retry_seconds = 1000000000
2015-03-23 07:57:13 resolve_in_advance = ENABLED
2015-03-23 07:57:13 username = '[UNDEF]'
2015-03-23 07:57:13 groupname = '[UNDEF]'
2015-03-23 07:57:13 chroot_dir = '[UNDEF]'
2015-03-23 07:57:13 cd_dir = '[UNDEF]'
2015-03-23 07:57:13 writepid = '[UNDEF]'
2015-03-23 07:57:13 up_script = '[UNDEF]'
2015-03-23 07:57:13 down_script = '[UNDEF]'
2015-03-23 07:57:13 down_pre = DISABLED
2015-03-23 07:57:13 up_restart = DISABLED
2015-03-23 07:57:13 up_delay = DISABLED
2015-03-23 07:57:13 daemon = DISABLED
2015-03-23 07:57:13 inetd = 0
2015-03-23 07:57:13 log = DISABLED
2015-03-23 07:57:13 suppress_timestamps = DISABLED
2015-03-23 07:57:13 machine_readable_output = ENABLED
2015-03-23 07:57:13 nice = 0
2015-03-23 07:57:13 verbosity = 4
2015-03-23 07:57:13 mute = 0
2015-03-23 07:57:13 gremlin = 0
2015-03-23 07:57:13 status_file = '[UNDEF]'
2015-03-23 07:57:13 status_file_version = 1
2015-03-23 07:57:13 status_file_update_freq = 60
2015-03-23 07:57:13 occ = ENABLED
2015-03-23 07:57:13 rcvbuf = 65536
2015-03-23 07:57:13 sndbuf = 65536
2015-03-23 07:57:13 sockflags = 0
2015-03-23 07:57:13 fast_io = DISABLED
2015-03-23 07:57:13 comp.alg = 2
2015-03-23 07:57:13 comp.flags = 1
2015-03-23 07:57:13 route_script = '[UNDEF]'
2015-03-23 07:57:13 route_default_gateway = '[UNDEF]'
2015-03-23 07:57:13 route_default_metric = 0
2015-03-23 07:57:13 route_noexec = DISABLED
2015-03-23 07:57:13 route_delay = 0
2015-03-23 07:57:13 route_delay_window = 30
2015-03-23 07:57:13 route_delay_defined = DISABLED
2015-03-23 07:57:13 route_nopull = DISABLED
2015-03-23 07:57:13 route_gateway_via_dhcp = DISABLED
2015-03-23 07:57:13 allow_pull_fqdn = DISABLED
2015-03-23 07:57:13 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-03-23 07:57:13 management_port = 'unix'
2015-03-23 07:57:13 management_user_pass = '[UNDEF]'
2015-03-23 07:57:13 management_log_history_cache = 250
2015-03-23 07:57:13 management_echo_buffer_size = 100
2015-03-23 07:57:13 management_write_peer_info_file = '[UNDEF]'
2015-03-23 07:57:13 management_client_user = '[UNDEF]'
2015-03-23 07:57:13 management_client_group = '[UNDEF]'
2015-03-23 07:57:13 management_flags = 806
2015-03-23 07:57:13 shared_secret_file = '[UNDEF]'
2015-03-23 07:57:13 key_direction = 2
2015-03-23 07:57:13 ciphername_defined = ENABLED
2015-03-23 07:57:13 ciphername = 'AES-256-CBC'
2015-03-23 07:57:13 authname_defined = ENABLED
2015-03-23 07:57:13 authname = 'SHA1'
2015-03-23 07:57:13 prng_hash = 'SHA1'
2015-03-23 07:57:13 prng_nonce_secret_len = 16
2015-03-23 07:57:13 keysize = 0
2015-03-23 07:57:13 engine = DISABLED
2015-03-23 07:57:13 replay = ENABLED
2015-03-23 07:57:13 mute_replay_warnings = ENABLED
2015-03-23 07:57:13 replay_window = 64
2015-03-23 07:57:13 replay_time = 15
2015-03-23 07:57:13 packet_id_file = '[UNDEF]'
2015-03-23 07:57:13 use_iv = ENABLED
2015-03-23 07:57:13 test_crypto = DISABLED
2015-03-23 07:57:13 tls_server = DISABLED
2015-03-23 07:57:13 tls_client = ENABLED
2015-03-23 07:57:13 key_method = 2
2015-03-23 07:57:13 ca_file = '[[INLINE]]'
2015-03-23 07:57:13 ca_path = '[UNDEF]'
2015-03-23 07:57:13 dh_file = '[UNDEF]'
2015-03-23 07:57:13 cert_file = '[[INLINE]]'
2015-03-23 07:57:13 "priv_key_file" = EXTERNAL_PRIVATE_KEY
2015-03-23 07:57:13 pkcs12_file = '[UNDEF]'
2015-03-23 07:57:13 cipher_list = '[UNDEF]'
2015-03-23 07:57:13 tls_verify = '[UNDEF]'
2015-03-23 07:57:13 tls_export_cert = '[UNDEF]'
2015-03-23 07:57:13 verify_x509_type = 0
2015-03-23 07:57:13 verify_x509_name = '[UNDEF]'
2015-03-23 07:57:13 crl_file = '[UNDEF]'
2015-03-23 07:57:13 ns_cert_type = 1
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_ku(i) = 0
2015-03-23 07:57:13 remote_cert_eku = '[UNDEF]'
2015-03-23 07:57:13 ssl_flags = 0
2015-03-23 07:57:13 tls_timeout = 2
2015-03-23 07:57:13 renegotiate_bytes = 0
2015-03-23 07:57:13 renegotiate_packets = 0
2015-03-23 07:57:13 renegotiate_seconds = 3600
2015-03-23 07:57:13 handshake_window = 60
2015-03-23 07:57:13 transition_window = 3600
2015-03-23 07:57:13 single_session = DISABLED
2015-03-23 07:57:13 push_peer_info = DISABLED
2015-03-23 07:57:13 tls_exit = DISABLED
2015-03-23 07:57:13 tls_auth_file = '[[INLINE]]'
2015-03-23 07:57:13 client = ENABLED
2015-03-23 07:57:13 pull = ENABLED
2015-03-23 07:57:13 auth_user_pass_file = '[UNDEF]'
2015-03-23 07:57:13 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_629-4c6f7f0d16e1a6b3] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 24 2015
2015-03-23 07:57:13 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07
2015-03-23 07:57:13 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-03-23 07:57:13 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:13 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:13 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:13 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:13 LZO compression initializing
2015-03-23 07:57:13 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:13 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:13 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:13 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:13 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:13 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:13 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:13 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:13 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:13 Protecting socket fd 4
2015-03-23 07:57:13 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:13 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:13 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:14 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:14 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:14 MANAGEMENT: >STATE:1427115434,RECONNECTING,init_instance,,
2015-03-23 07:57:17 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:17 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:17 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:17 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:17 LZO compression initializing
2015-03-23 07:57:17 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:17 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:17 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:17 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:17 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:17 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:17 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:17 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:17 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:17 MANAGEMENT: >STATE:1427115437,TCP_CONNECT,,,
2015-03-23 07:57:17 Protecting socket fd 4
2015-03-23 07:57:17 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:17 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:17 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:18 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:18 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:18 MANAGEMENT: >STATE:1427115438,RECONNECTING,init_instance,,
2015-03-23 07:57:21 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:21 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:21 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:21 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:21 LZO compression initializing
2015-03-23 07:57:21 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:21 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:21 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:21 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:21 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:21 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:21 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:21 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:21 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:21 MANAGEMENT: >STATE:1427115441,TCP_CONNECT,,,
2015-03-23 07:57:21 Protecting socket fd 4
2015-03-23 07:57:21 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:21 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:21 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:23 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:23 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:23 MANAGEMENT: >STATE:1427115443,RECONNECTING,init_instance,,
2015-03-23 07:57:26 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:26 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:26 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:26 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:26 LZO compression initializing
2015-03-23 07:57:26 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:26 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:26 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:26 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:26 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:26 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:26 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:26 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:26 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:26 MANAGEMENT: >STATE:1427115446,TCP_CONNECT,,,
2015-03-23 07:57:26 Protecting socket fd 4
2015-03-23 07:57:26 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:26 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:26 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:27 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:27 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:27 MANAGEMENT: >STATE:1427115447,RECONNECTING,init_instance,,
2015-03-23 07:57:30 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:30 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:30 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:30 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:30 LZO compression initializing
2015-03-23 07:57:30 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:30 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:30 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:30 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:30 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:30 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:30 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:30 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:30 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:30 MANAGEMENT: >STATE:1427115450,TCP_CONNECT,,,
2015-03-23 07:57:30 Protecting socket fd 4
2015-03-23 07:57:30 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:30 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:30 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:31 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:31 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:31 MANAGEMENT: >STATE:1427115451,RECONNECTING,init_instance,,
2015-03-23 07:57:34 MGMT: Got unrecognized command>FATAL:All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 07:57:34 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:34 MANAGEMENT: Client disconnected
2015-03-23 07:57:34 All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 07:57:34 Exiting due to fatal error
2015-03-23 07:57:34 Process exited with exit value 1
(Last edited by JW0914 on 23 Mar 2015, 15:14)
The following repo from the software section is not working:
The following repo from the software section is not working:
Kaloz wrote:tusc wrote:My router locked up after half a day of use on the 3.18.9 image provided by Kaloz. Back to 4.0-rc4 for me until the marvell changes gets integrated into trunk.
Weird, there should be about no differences between the two when it comes to platform code.
@tusc,
I've found a patch that might fix your issues - it didn't make it into the stable tree yet. I've uploaded a new image with it, please test.
(p.s.: I've also fixed up usb3 support in that image)
@kaloz
I will try. Since I'm using the wrt1900ac as my primary router now I won't have access to the serial console so if it hangs I won't have debugging info available.
Mind sharing info on that patch? Thanks.
[
@kalozI will try. Since I'm using the wrt1900ac as my primary router now I won't have access to the serial console so if it hangs I won't have debugging info available.
Mind sharing info on that patch? Thanks.
alirz wrote:The following repo from the software section is not working:
@Kaloz
I had seen the forum thread before. So does that mean that the old packages, even the existing old packages, are not available anymore till someone starts maintaining them?
Kaloz wrote:alirz wrote:The following repo from the software section is not working:
@Kaloz
I had seen the forum thread before. So does that mean that the old packages, even the existing old packages, are not available anymore till someone starts maintaining them?
They're available if you compile them yourself.
hi,
just an update for everybody interested:
currently i'm testing kaloz latest image (23/03). i updated via luci, with "keep settings" unchecked.
wifi:
i just did the basic wifi setup, meaning i changed the ssid, chose wpa2-psk and force aes. thats it.
wifi speeds are alright, i can reach 60mbps. with my r7000 and dd-wrt, i reach full 200mbps, though...
still, it is a big improvement over the last driver (5 apple devices, all working)...
dhcp:
i noticed that my devices do not recognise changes to the network (e.g. new subnet). had to unplugged a switch and plug it back in. now all devices have correct ips. i'm quite new to openwrt, maybe this is not a bug with dd-wrt new addresses seem to get broadcasted...
stability:
router looked up once during config. but seems very stable and luci is very responsive.
two things im curious about...
what is the boards thoughts on java-openjdk-1.7.0 on this machine... is this something that there is a feed for somewhere?
I am thinking of running OFBiz from apache on this unit as pivot overlay is now working for me
also the thing that nixes the trunk builds for me is the lack of a working iptables string matching function, has this been looked at yet... it has failed to work since AA which is why i am running McWRT
i would add a string matching iptables rule from ssh so i dont know if this is restricted to shell added iptables rules
Sorry, posts 3751 to 3750 are missing from our archive.
