Topic: Netgear R8000 and OpenVPN

The content of this topic has been archived between 8 Apr 2018 and 18 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 2

Post #1

Squalo

22 Oct 2017, 19:47

Hi to all, I have a big problem: for days I’m trying to configure the router with nordVPN (I’ve already done it on raspberry pi 3 and on wr841nd). It works when i restart OpenVPN service but only for a few seconds!!.

I tried 4 different versions:
-openwrt-15.05.1-bcm53xx-netgear-r8000-squashfs.chk (vpn doesn’t start)
-lede-17.01.2-bcm53xx-netgear-r8000-squashfs.chk
-lede-17.01.3-bcm53xx-netgear-r8000-squashfs.chk
-lede-17.01.4-bcm53xx-netgear-r8000-squashfs.chk
On all versions i can connect to VPN but after few second the connection goes in stuck! Everytime i restart the service it work for some seconds!

WHAT I DO (SOURCE:https://nordvpn.com/it/tutorials/openwrt/openvpn)
On fresh firmware i do:

opkg update
opkg install openvpn-openssl
opkg install ip-full
opkg install luci-app-openvpn
/etc/init.d/openvpn enable

uci set openvpn.nordvpn=openvpn
uci set openvpn.nordvpn.enabled=‘1’
uci set openvpn.nordvpn.config=’/etc/openvpn/it14.nordvpn.com.udp1194.ovpn’
uci commit openvpn

uci set network.nordvpntun=interface
uci set network.nordvpntun.proto='none’
uci set network.nordvpntun.ifname='tun0’
uci commit network

uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall’
uci set firewall.@zone[-1].input='REJECT’
uci set firewall.@zone[-1].output='ACCEPT’
uci set firewall.@zone[-1].forward='REJECT’
uci set firewall.@zone[-1].masq='1’
uci set firewall.@zone[-1].mtu_fix='1’
uci add_list firewall.@zone[-1].network='nordvpntun’
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan’
uci set firewall.@forwarding[-1].dest='vpnfirewall’
uci commit firewall

uci set network.wan.peerdns='0’
uci del network.wan.dns
uci add_list network.wan.dns='162.242.211.137’
uci add_list network.wan.dns='78.46.223.24’
uci commit

After i put ovpn file in openvpn folder and reboot router!
I tried some servers (ovpn file) always with the same results.
Someone can help me?? Thanks a lot

Post #2

ulmwind

22 Oct 2017, 22:29

Thank you for using my manual. Have you copied crt and key files? What can you see in log? Add

'verb 5'

to OpenVPN config and see log:

logread -e openvpn

(Last edited by ulmwind on 22 Oct 2017, 22:32)

Post #3

tmo26

22 Oct 2017, 23:41

Post #4

Squalo

22 Oct 2017, 23:53

ulmwind wrote:

Thank you for using my manual. Have you copied crt and key files? What can you see in log? Add
'verb 5'
to OpenVPN config and see log:
logread -e openvpn

Hi ulmwind! I use ovpn file not crt or ta (from https://nordvpn.com/api/files/zip)! I think the problem is not in the VPN connection because, if I stop and restart the openvpn service, the connection is established and it works for a few seconds (i can barely complete a speedtest).

This is my full log: https://pastebin.com/syxiALYD
This is logread -e openvpn:

Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Oct 22 21:02:42 2017 daemon.warn openvpn(nordvpn)[1113]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: UDP link local: (not bound)
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:02:42 2017 daemon.err openvpn(nordvpn)[1113]: write UDP: Network unreachable (code=101)
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: Network unreachable, restarting
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: SIGUSR1[soft,network-unreachable] received, process restarting
Sun Oct 22 21:02:42 2017 daemon.notice openvpn(nordvpn)[1113]: Restart pause, 5 second(s)
Sun Oct 22 21:03:56 2017 daemon.warn openvpn(nordvpn)[1113]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 21:03:56 2017 daemon.notice openvpn(nordvpn)[1113]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:03:56 2017 daemon.notice openvpn(nordvpn)[1113]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 21:03:56 2017 daemon.notice openvpn(nordvpn)[1113]: UDP link local: (not bound)
Sun Oct 22 21:03:56 2017 daemon.notice openvpn(nordvpn)[1113]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: TLS: Initial packet from [AF_INET]158.58.172.183:1194, sid=8012c1a3 33801c01
Sun Oct 22 21:03:57 2017 daemon.warn openvpn(nordvpn)[1113]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: VERIFY KU OK
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: Validating certificate extended key usage
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: VERIFY EKU OK
Sun Oct 22 21:03:57 2017 daemon.notice openvpn(nordvpn)[1113]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:03:58 2017 daemon.notice openvpn(nordvpn)[1113]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 22 21:03:58 2017 daemon.notice openvpn(nordvpn)[1113]: [it14.nordvpn.com] Peer Connection Initiated with [AF_INET]158.58.172.183:1194
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: SENT CONTROL [it14.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.147 255.255.255.0,peer-id 57,cipher AES-256-GCM'
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: route options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: route-related options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: peer-id set
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: OPTIONS IMPORT: data channel crypto options modified
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: TUN/TAP device tun0 opened
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: TUN/TAP TX queue length set to 100
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/ifconfig tun0 10.8.8.147 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route add -net 158.58.172.183 netmask 255.255.255.255 gw 192.168.178.1
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:03:59 2017 daemon.notice openvpn(nordvpn)[1113]: Initialization Sequence Completed
Sun Oct 22 21:05:19 2017 daemon.err openvpn(nordvpn)[1113]: event_wait : Interrupted system call (code=4)
Sun Oct 22 21:05:19 2017 daemon.notice openvpn(nordvpn)[1113]: SIGTERM received, sending exit notification to peer
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route del -net 158.58.172.183 netmask 255.255.255.255
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: Closing TUN/TAP interface
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: /sbin/ifconfig tun0 0.0.0.0
Sun Oct 22 21:05:22 2017 daemon.notice openvpn(nordvpn)[1113]: SIGTERM[soft,exit-with-notification] received, process exiting
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Oct 22 21:05:27 2017 daemon.warn openvpn(nordvpn)[2235]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: UDP link local: (not bound)
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: TLS: Initial packet from [AF_INET]158.58.172.183:1194, sid=a42bb173 5a884c10
Sun Oct 22 21:05:27 2017 daemon.warn openvpn(nordvpn)[2235]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: VERIFY KU OK
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: Validating certificate extended key usage
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: VERIFY EKU OK
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 22 21:05:27 2017 daemon.notice openvpn(nordvpn)[2235]: [it14.nordvpn.com] Peer Connection Initiated with [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:28 2017 daemon.err openvpn(nordvpn)[2235]: event_wait : Interrupted system call (code=4)
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: SIGTERM received, sending exit notification to peer
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: SENT CONTROL [it14.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.147 255.255.255.0,peer-id 23,cipher AES-256-GCM'
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: route options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: route-related options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: peer-id set
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: OPTIONS IMPORT: data channel crypto options modified
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: TUN/TAP device tun0 opened
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: TUN/TAP TX queue length set to 100
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/ifconfig tun0 10.8.8.147 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route add -net 158.58.172.183 netmask 255.255.255.255 gw 192.168.178.1
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:05:28 2017 daemon.notice openvpn(nordvpn)[2235]: Initialization Sequence Completed
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route del -net 158.58.172.183 netmask 255.255.255.255
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: Closing TUN/TAP interface
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: /sbin/ifconfig tun0 0.0.0.0
Sun Oct 22 21:05:31 2017 daemon.notice openvpn(nordvpn)[2235]: SIGTERM[soft,exit-with-notification] received, process exiting
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Oct 22 21:05:36 2017 daemon.warn openvpn(nordvpn)[2552]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: UDP link local: (not bound)
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: TLS: Initial packet from [AF_INET]158.58.172.183:1194, sid=f2392b36 3ffd5ac2
Sun Oct 22 21:05:36 2017 daemon.warn openvpn(nordvpn)[2552]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: VERIFY KU OK
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: Validating certificate extended key usage
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: VERIFY EKU OK
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 22 21:05:36 2017 daemon.notice openvpn(nordvpn)[2552]: [it14.nordvpn.com] Peer Connection Initiated with [AF_INET]158.58.172.183:1194
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: SENT CONTROL [it14.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.147 255.255.255.0,peer-id 23,cipher AES-256-GCM'
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: route options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: route-related options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: peer-id set
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: OPTIONS IMPORT: data channel crypto options modified
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: TUN/TAP device tun0 opened
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: TUN/TAP TX queue length set to 100
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/ifconfig tun0 10.8.8.147 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route add -net 158.58.172.183 netmask 255.255.255.255 gw 192.168.178.1
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:05:38 2017 daemon.notice openvpn(nordvpn)[2552]: Initialization Sequence Completed
Sun Oct 22 21:05:51 2017 daemon.err openvpn(nordvpn)[2552]: event_wait : Interrupted system call (code=4)
Sun Oct 22 21:05:51 2017 daemon.notice openvpn(nordvpn)[2552]: SIGTERM received, sending exit notification to peer
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route del -net 158.58.172.183 netmask 255.255.255.255
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: Closing TUN/TAP interface
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: /sbin/ifconfig tun0 0.0.0.0
Sun Oct 22 21:05:54 2017 daemon.notice openvpn(nordvpn)[2552]: SIGTERM[soft,exit-with-notification] received, process exiting
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Oct 22 21:07:08 2017 daemon.warn openvpn(nordvpn)[3632]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: UDP link local: (not bound)
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: TLS: Initial packet from [AF_INET]158.58.172.183:1194, sid=c638f9e5 9f72f50c
Sun Oct 22 21:07:08 2017 daemon.warn openvpn(nordvpn)[3632]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: VERIFY KU OK
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: Validating certificate extended key usage
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: VERIFY EKU OK
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 22 21:07:08 2017 daemon.notice openvpn(nordvpn)[3632]: [it14.nordvpn.com] Peer Connection Initiated with [AF_INET]158.58.172.183:1194
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: SENT CONTROL [it14.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.147 255.255.255.0,peer-id 7,cipher AES-256-GCM'
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: route options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: route-related options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: peer-id set
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: OPTIONS IMPORT: data channel crypto options modified
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: TUN/TAP device tun0 opened
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: TUN/TAP TX queue length set to 100
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 22 21:07:09 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/ifconfig tun0 10.8.8.147 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 22 21:07:10 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route add -net 158.58.172.183 netmask 255.255.255.255 gw 192.168.178.1
Sun Oct 22 21:07:10 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:07:10 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 21:07:10 2017 daemon.notice openvpn(nordvpn)[3632]: Initialization Sequence Completed
Sun Oct 22 21:10:53 2017 daemon.err openvpn(nordvpn)[3632]: event_wait : Interrupted system call (code=4)
Sun Oct 22 21:10:53 2017 daemon.notice openvpn(nordvpn)[3632]: SIGTERM received, sending exit notification to peer
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route del -net 158.58.172.183 netmask 255.255.255.255
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: Closing TUN/TAP interface
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: /sbin/ifconfig tun0 0.0.0.0
Sun Oct 22 21:10:56 2017 daemon.notice openvpn(nordvpn)[3632]: SIGTERM[soft,exit-with-notification] received, process exiting
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Oct 22 22:45:36 2017 daemon.warn openvpn(nordvpn)[4484]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: TCP/UDP: Preserving recently used remote address: [AF_INET]158.58.172.183:1194
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: UDP link local: (not bound)
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: UDP link remote: [AF_INET]158.58.172.183:1194
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: TLS: Initial packet from [AF_INET]158.58.172.183:1194, sid=fe5d0e78 9d1bd9f5
Sun Oct 22 22:45:36 2017 daemon.warn openvpn(nordvpn)[4484]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: VERIFY KU OK
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: Validating certificate extended key usage
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: VERIFY EKU OK
Sun Oct 22 22:45:36 2017 daemon.notice openvpn(nordvpn)[4484]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=it14.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Sun Oct 22 22:45:37 2017 daemon.notice openvpn(nordvpn)[4484]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 22 22:45:37 2017 daemon.notice openvpn(nordvpn)[4484]: [it14.nordvpn.com] Peer Connection Initiated with [AF_INET]158.58.172.183:1194
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: SENT CONTROL [it14.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.147 255.255.255.0,peer-id 20,cipher AES-256-GCM'
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: Socket Buffers: R=[163840->327680] S=[163840->327680]
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: route options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: route-related options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: peer-id set
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: adjusting link_mtu to 1657
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: OPTIONS IMPORT: data channel crypto options modified
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: TUN/TAP device tun0 opened
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: TUN/TAP TX queue length set to 100
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: /sbin/ifconfig tun0 10.8.8.147 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: /sbin/route add -net 158.58.172.183 netmask 255.255.255.255 gw 192.168.178.1
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Sun Oct 22 22:45:38 2017 daemon.notice openvpn(nordvpn)[4484]: Initialization Sequence Completed

tmo26 wrote:

See also https://forum.lede-project.org/t/netgea … envpn/7801

It's a my post!

(Last edited by Squalo on 22 Oct 2017, 23:55)

Post #5

ulmwind

23 Oct 2017, 07:25

I've searched error message, they write, that it is problem with latency of local gateway. Initially try to use TCP instead of UDP and see result.

What protocol do you use to connect to your ISP?

(Last edited by ulmwind on 23 Oct 2017, 07:27)

Post #6

Squalo

23 Oct 2017, 14:37

i tried some servers and both protocols (UDP and TCP) with same results!

Sorry for my ignorance, where i can see ISP protocol?
I have a fritzbox 7490 connected with ISP, you mean if i try to change it, all can work?

Post #7

ulmwind

23 Oct 2017, 15:36

No, you can't change it. But we can to try to adjust parameters of latency, if any presents. In network settings. What is output of ifconfig? Also you can try to decrease parameters like tun-mtu, tun-mtu-extra in OpenVPN config.

Post #8

Squalo

24 Oct 2017, 01:07

ulmwind wrote:

No, you can't change it. But we can to try to adjust parameters of latency, if any presents. In network settings. What is output of ifconfig? Also you can try to decrease parameters like tun-mtu, tun-mtu-extra in OpenVPN config.

Sorry, i mean if i try to change WAN or WWAN connection It might work?
Unfortunately I don't know how decrase parameters Can you help me? Thanks a lot!
This is my ifconfig;

br-lan    Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: xxxxxxxxxxxxx Scope:Global
          inet6 addr: xxxxxxxxxxxxx Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1037 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:355178 (346.8 KiB)  TX bytes:25483 (24.8 KiB)

eth0      Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          inet6 addr: xxxxxxxxxxxxx Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1124 errors:0 dropped:0 overruns:0 frame:0
          TX packets:215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:444505 (434.0 KiB)  TX bytes:32921 (32.1 KiB)
          Interrupt:23

eth0.1    Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1037 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:355178 (346.8 KiB)  TX bytes:25483 (24.8 KiB)

eth0.2    Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          inet6 addr: xxxxxxxxxxxxx Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:5012 (4.8 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:656 (656.0 B)  TX bytes:656 (656.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                                                                                                                                                             -00
          inet addr:10.8.8.32  P-t-P:10.8.8.32  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:19103 (18.6 KiB)

wlan0     Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          inet6 addr: xxxxxxxxxxxxx Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:726 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:330647 (322.8 KiB)

wlan2     Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
          inet addr:192.168.178.73  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: xxxxxxxxxxxxx Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:104 errors:0 dropped:0 overruns:0 frame:0
          TX packets:215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15941 (15.5 KiB)  TX bytes:32229 (31.4 KiB)

Post #9

ulmwind

24 Oct 2017, 09:05

OK, I suppose, it is standard DHCP. Sorry, what is content of /etc/config/network, specific for WAN-connection?
So I suggest to try to adjust parameters like tun-mtu, tun-mtu-extra. What is your configuration file for NordVPN (I have rather outdated files). Add mtu-test to it, run and see result.

Post #10

Squalo

24 Oct 2017, 11:31

This is my wan config:

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'
    option peerdns '0'
    list dns '162.242.211.137'
    list dns '78.46.223.24'

This is a ovpn file (I cut the certificates):

client
dev tun
proto udp
remote 158.58.172.183 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
verb 5
mtu-test

explicit-exit-notify 3

remote-cert-tls server

#mute 10000
auth-user-pass file

comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

I add mtu-test to it but nothing has changed!

(Last edited by Squalo on 24 Oct 2017, 11:51)

Post #11

ulmwind

24 Oct 2017, 14:27

I've added mtu-test to config, and after that result appears in the log:

NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1445] remote->local=[1557,1445]
NOTE: This connection is unable to accommodate a UDP packet size of 1557. Consider using --fragment or --mssfix options as a workaround.

See output of

logread -e openvpn

some minutes later after establishing connection.
Try to vary MTU-specific options:

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

Try following combinations:
1.

tun-mtu 1200
tun-mtu-extra 32
mssfix 1150

tun-mtu 1500
fragment 1200
mssfix

(Last edited by ulmwind on 24 Oct 2017, 15:38)

Post #12

Squalo

24 Oct 2017, 15:40

Thanks Thanks Thanks a lot for help.

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

Log : https://pastebin.com/bzuAxkD2

tun-mtu 1200
tun-mtu-extra 32
mssfix 1150

Log : https://pastebin.com/ynw72eY1

tun-mtu 1500
fragment 1200
mssfix

Log : https://pastebin.com/9n4y7qVX

Obviously it doesn't work with any combination

(Last edited by Squalo on 24 Oct 2017, 15:40)

Post #13

ulmwind

24 Oct 2017, 16:00

OK, "0" combination is your combination.

daemon.notice openvpn(nordvpn)[1112]: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
daemon.notice openvpn(nordvpn)[1112]: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1257,1257] remote->local=[1257,1257]

daemon.notice openvpn(nordvpn)[1111]: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
daemon.notice openvpn(nordvpn)[1111]: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1457] remote->local=[1554,1554]
daemon.notice openvpn(nordvpn)[1111]: NOTE: This connection is unable to accommodate a UDP packet size of 1557. Consider using --fragment or --mssfix options as a workaround.

Everything works fine. It is interesting, that error

daemon.notice openvpn(nordvpn)[1112]: Network unreachable, restarting
daemon.notice openvpn(nordvpn)[1112]: SIGUSR1[soft,network-unreachable] received, process restarting

takes place before establishing connection.
So is the error reproduced in all 3 cases above? It occurs before establishing connection in all cases, however, does it repeat during connection?

(Last edited by ulmwind on 24 Oct 2017, 16:01)

Post #14

Squalo

24 Oct 2017, 16:07

ulmwind wrote:

OK, "0" combination is your combination.

daemon.notice openvpn(nordvpn)[1112]: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
daemon.notice openvpn(nordvpn)[1112]: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1257,1257] remote->local=[1257,1257]

daemon.notice openvpn(nordvpn)[1111]: NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
daemon.notice openvpn(nordvpn)[1111]: NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1457] remote->local=[1554,1554]
daemon.notice openvpn(nordvpn)[1111]: NOTE: This connection is unable to accommodate a UDP packet size of 1557. Consider using --fragment or --mssfix options as a workaround.

Everything works fine. It is interesting, that error

daemon.notice openvpn(nordvpn)[1112]: Network unreachable, restarting
daemon.notice openvpn(nordvpn)[1112]: SIGUSR1[soft,network-unreachable] received, process restarting

takes place before establishing connection.
So is the error reproduced in all 3 cases above? It occurs before establishing connection in all cases, however, does it repeat during connection?

Sorry i don't understand very well! I must repost logs when it is connected? For all 3 combinations?

Post #15

ulmwind

24 Oct 2017, 16:12

As far as I understood, in "0" case, which is your default one, you encounter loosing of connection and reestablishing it every minute. See, whether it is reproduced in 1 and 2 cases. You've provided output, so we've seen results of test-mtu.

Post #16

Squalo

24 Oct 2017, 16:33

ulmwind wrote:

As far as I understood, in "0" case, which is your default one, you encounter loosing of connection and reestablishing it every minute. See, whether it is reproduced in 1 and 2 cases. You've provided output, so we've seen results of test-mtu.

In case "2" and "1" router doesn't establish connection with vpn
In case "0", as I said, it connects for a few seconds ONLY . Re-establishs connection only if I MANUALLY restart the openvpn service but not automatically.
If i don't restart manually, chrome go in stuck with ERR_CONNECTION_TIMED_OUT and the terminal stops ping any address. if you want to see, we can use teamviewer

(Last edited by Squalo on 24 Oct 2017, 16:40)

Post #17

ulmwind

24 Oct 2017, 19:54

Squalo wrote:

In case "2" and "1" router doesn't establish connection with vpn

It is very strange, because in ALL logs I see the string:

Initialization Sequence Completed

It means, that connection is established successfully.
So, have you tried "1" with following config?

client
dev tun
proto udp
remote 158.58.172.183 1194
resolv-retry infinite
remote-random
nobind
# tun-specific section
tun-mtu 1200
tun-mtu-extra 32
mssfix 1150
# end of tun-specific section
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
verb 5
explicit-exit-notify 3
remote-cert-tls server
#mute 10000
auth-user-pass file
comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

(Last edited by ulmwind on 24 Oct 2017, 19:55)

Post #18

Squalo

25 Oct 2017, 01:40

Exactly, i use ovpn file as you posted but after openvpn restart i can't connect to any website!
While with:

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

I can see that i'm on different ip but after some seconds it goes in stuck . I don't know what to do.it's all weird

Post #19

ulmwind

25 Oct 2017, 10:05

I've tested tun-specific settings with another vpn-service, connection is established in all cases, but works (I can browse Internet) only in "0", "1" cases (btw case "2" I saw as example in native OpenVPN manual). It is strange, that It doesn't work in your case. OK, could you perform the final test?

tun-mtu 1400
tun-mtu-extra 32
mssfix 1350

(Last edited by ulmwind on 25 Oct 2017, 10:06)

Post #20

Squalo

25 Oct 2017, 14:47

ulmwind wrote:

I've tested tun-specific settings with another vpn-service, connection is established in all cases, but works (I can browse Internet) only in "0", "1" cases (btw case "2" I saw as example in native OpenVPN manual). It is strange, that It doesn't work in your case. OK, could you perform the final test?
tun-mtu 1400
tun-mtu-extra 32
mssfix 1350

I'm sorry: in case 0 and in case 1 it work as i said... (i'm wrong because sometimes I don't have time to open an internet page that it goes in stuck)
Also in the last case, "3", it work only for some seconds! i don't understand WHYYYY .
I bought this router specifically for this and it doesn't work.
Can I try more? Thanks

(Last edited by Squalo on 25 Oct 2017, 14:48)

Post #21

ulmwind

25 Oct 2017, 15:21

OK. So there is no difference in "0" and "1", connection is terminated after some seconds, yes?

It is rather strange. Do you have PC (preferably Linux) to try to reproduce the same issue?

Post #22

Squalo

25 Oct 2017, 16:53

ulmwind wrote:

OK. So there is no difference in "0" and "1", connection is terminated after some seconds, yes?
It is rather strange. Do you have PC (preferably Linux) to try to reproduce the same issue?

No there aren't any difference between 1 and 0. Every times are the same results (except with fragment)
I know that it's strange but i had just correctly set up a raspberry pi 3 and wr841nd with lede and openvpn with same procedure (your guide on nordvpn). If i set up a pc with linux, what can change? Thanks

Post #23

ulmwind

26 Oct 2017, 08:41

Yes, it seems, that your ISP blocks connection. We can test it. Next week I'll run OpenVPN server, and we'll test it. What is your e-mail?

Post #24

Squalo

26 Oct 2017, 16:27

ulmwind wrote:

Yes, it seems, that your ISP blocks connection. We can test it. Next week I'll run OpenVPN server, and we'll test it. What is your e-mail?

I don't think that the ISP is blocking the connection (with the raspberry and the wr841nd works). I've also tried using WWAN with the hotspot of the iphone.
I also tried configuring dd-wrt and tomato. But unfortunately I am not even able to configure WWAN

(Last edited by Squalo on 17 Jan 2018, 22:27)

Post #25

ulmwind

26 Oct 2017, 17:34

OK, so I don't understand, on RPi and wr841nd it works, so the issue is specific ONLY for Netgear?

Page 1 of 2