1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ASUS RT-N16 Tomato OpenVPN config help please

Discussion in 'Tomato Firmware' started by EvilAaron, Jun 7, 2012.

  1. EvilAaron

    EvilAaron Serious Server Member

    Running Toastman Tomato VPN build "Tomato Firmware v1.28.7498 MIPSR2-Toastman-RT K26 USB VPN"

    I have OpenVPN configured in tomato and when I start it and look on the AirVPN details site it shows me connected green etc refer to "connected" pic attached. Problem being DNS lookups fail anywhere I try to go other then airvpn.org. I can browse by IP address so here I am trying to figure out what I am doing wrong. AirVPN support thinks Tomato OpenVPN isnt supporting their server dhcp DNS push, but are unable to say what I am doing wrong as they "only support DD-WRT"

    Posted for help in the AirVPN forum cause I know other users have it working on Tomato but nobody is biting. Hoping to figure out what I am doing wrong before my trial time runs out and I can't try new settings anymore. Don't want to pay if I can't run it on router and am stuck with client on one machine.

    Here is a link showing my settings for all the tabs of OpenVPN in my Tomato config and me connected at airvpn.org details page

    [​IMG] [​IMG] [​IMG] [​IMG] [​IMG]

    Here is logs from router when I start the OpenVPN client, I am hoping someone can point me in the right direction. Been messing with this for couple days. Can provide more info screenshots if it helps.

    Code:
     Jun  6 11:39:10 unknown user.info kernel: tun: Universal TUN/TAP device driver, 1.6
    Jun  6 11:39:10 unknown user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Jun  6 11:39:10 unknown daemon.notice openvpn[10810]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 22 2012
    Jun  6 11:39:10 unknown daemon.warn openvpn[10810]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Jun  6 11:39:10 unknown daemon.warn openvpn[10810]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun  6 11:39:10 unknown daemon.notice openvpn[10810]: LZO compression initialized
    Jun  6 11:39:10 unknown daemon.notice openvpn[10810]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Jun  6 11:39:10 unknown daemon.notice openvpn[10810]: Socket Buffers: R=[114688->131072] S=[114688->131072]
    Jun  6 11:39:10 unknown daemon.notice openvpn[10810]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Jun  6 11:39:10 unknown daemon.notice openvpn[10818]: UDPv4 link local: [undef]
    Jun  6 11:39:10 unknown daemon.notice openvpn[10818]: UDPv4 link remote: 69.163.36.66:443
    Jun  6 11:39:10 unknown daemon.notice openvpn[10818]: TLS: Initial packet from 69.163.36.66:443, sid=48392ccb 68c57b26
    Jun  6 11:39:11 unknown daemon.notice openvpn[10818]: VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org
    Jun  6 11:39:11 unknown daemon.notice openvpn[10818]: VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Jun  6 11:39:13 unknown daemon.notice openvpn[10818]: [server] Peer Connection Initiated with 69.163.36.66:443
    Jun  6 11:39:14 unknown daemon.err openvpn[10818]: event_wait : Interrupted system call (code=4)
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: OpenVPN STATISTICS
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: Updated,Wed Jun  6 11:39:14 2012
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: TUN/TAP read bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: TUN/TAP write bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: TCP/UDP read bytes,6517
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: TCP/UDP write bytes,4884
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: Auth read bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: pre-compress bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: post-compress bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: pre-decompress bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: post-decompress bytes,0
    Jun  6 11:39:14 unknown daemon.notice openvpn[10818]: END
    Jun  6 11:39:16 unknown daemon.notice openvpn[10818]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.18.102 10.4.18.101'
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: OPTIONS IMPORT: timers and/or timeouts modified
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: OPTIONS IMPORT: LZO parms modified
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: OPTIONS IMPORT: --ifconfig/up options modified
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: OPTIONS IMPORT: route options modified
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: TUN/TAP device tun12 opened
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: TUN/TAP TX queue length set to 100
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: /sbin/ifconfig tun12 10.4.18.102 pointopoint 10.4.18.101 mtu 1500
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: updown.sh tun12 1500 1558 10.4.18.102 10.4.18.101 init
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10775]: exiting on receipt of SIGTERM
    Jun  6 11:39:18 unknown user.debug init[1]: 182: pptp peerdns disabled
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: started, version 2.59 cachesize 1500
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n DHCP TFTP no-conntrack no-IDN
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: asynchronous logging enabled, queue limit is 5 messages
    Jun  6 11:39:18 unknown daemon.info dnsmasq-dhcp[10850]: DHCP, IP range 192.168.1.100 -- 192.168.1.124, lease time 1d
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: reading /etc/resolv.dnsmasq
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: using nameserver 208.67.222.222#53
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: using nameserver 8.8.8.8#53
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: using nameserver 10.4.0.1#53
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: using nameserver 10.4.0.1#53
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: read /etc/hosts - 2 addresses
    Jun  6 11:39:18 unknown daemon.info dnsmasq[10850]: read /etc/dnsmasq/hosts/hosts - 21 addresses
    Jun  6 11:39:18 unknown daemon.info dnsmasq-dhcp[10850]: read /etc/dnsmasq/dhcp/dhcp-hosts
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: /sbin/route add -net 69.163.36.66 netmask 255.255.255.255 gw 96.54.88.1
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.18.101
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.18.101
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.18.101
    Jun  6 11:39:18 unknown daemon.notice openvpn[10818]: Initialization Sequence Completed
    Jun  6 11:39:52 unknown daemon.notice openvpn[10818]: Replay-window backtrack occurred [1] 
     
  2. gfunkdave

    gfunkdave LI Guru Member

    Well, it looks like you're using a combination of OpenDNS, Google DNS, and a private DNS server. Perhaps your router is only trying the private one?

    Question: Did they tell you to use Strict DNS? Try it with Exclusive. Did they tell you to use the Extra HMAC authorization?

    Your Client Certificate should only include the lines beginning with ---BEGIN CERTIFICATE--- and ending with ---END CERTIFICATE--. Though, it does seem to be connecting without it.
     

Share This Page