• Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Temat: OpenVPN na OpenWRT wr740n

Cześć,
na routerze tp-link wr740n chciałem skonfigurować clienta openvpn. Wrzuciłem firmware OpenWrt Attitude Adjustment 12.09 / LuCI 0.11.1 Release (0.11.1) z pakietem openVPN 2.2.2-2. Robiłem wszystko
https://morfikov.github.io/post/jak-sko … UEQML8Xi8Q
ale nie dziala - nie chce się połączyć z serverem.
Pozdrawiam

2 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Więc pokaż co zrobiłeś. Bo to że robiłeś wg instrukcji kompletnie nic nie znaczy. Kompletne pliki konfiguracyje, logi z połączenia, wszystkie pliki które zmodyfikowałeś.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

3 Odpowiedź przez kofec

  • kofec
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2011-01-05
  • Posty: 243

Odp: OpenVPN na OpenWRT wr740n

Może powinieneś spróbować coś świeższego ze względów bezpieczeństwa
https://forum.openwrt.org/t/update-lede … ions/20638

4 Odpowiedź przez 9tysiecy

  • Zarejestrowany: 2018-01-30
  • Posty: 724

Odp: OpenVPN na OpenWRT wr740n

Fajnie tylko czemu wydanie sprzed 6 lat?

5 Odpowiedź przez M8R-r5l59d (edytowany przez M8R-r5l59d 2019-04-04 15:53:05)

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

Dobrze więc wrzuciłem nowszy system z tego linku wyżej. W logach zwracany jest błąd błąd
Options error: If you use one of --cert or --key, you must use them both
Use --help for more information.

ten rozwiązałem ale coś innego mu nie pasuje
Thu Apr  4 14:49:37 2019 us=9118 OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Apr  4 14:49:37 2019 us=9511 library versions: mbed TLS 2.7.5, LZO 2.10
Thu Apr  4 14:49:37 2019 us=12180 tls_ctx_load_priv_file:395: PK - Invalid key tag or value
Thu Apr  4 14:49:37 2019 us=12599 Cannot load private key file /etc/luci-uploads/cbid.openvpn.wind.key
Thu Apr  4 14:49:37 2019 us=13034 Error: private key password verification failed
Thu Apr  4 14:49:37 2019 us=13389 Exiting due to fatal error

6 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Cannot load private key file /etc/luci-uploads/cbid.openvpn.wind.key

Nie masz takiego pliku, nie masz takiego pliku w tym katalogu lub to co mu wrzuciłeś nie jest kluczem.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

7 Odpowiedź przez M8R-r5l59d (edytowany przez M8R-r5l59d 2019-04-04 16:12:02)

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

w teorii istnieje

root@LEDE:~# cat /etc/luci-uploads/cbid.openvpn.wind.key
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
root@LEDE:~#

zamiast kropek jest klucz

8 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Ja bym powiedział że to problem z mbedtls jest. Tyle że na 740 normalnie wersji z openssl nie zainstalujesz.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

9 Odpowiedź przez M8R-r5l59d

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

głupi błąd zrobiłem, zamiast wybrać tls_auth do podlinkowania klucza używałem opcji key. Router połączył się z vpnem ale nie zmienia ip
var/log/openvpn.log

Thu Apr  4 18:28:08 2019 us=233464 OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Apr  4 18:28:08 2019 us=233859 library versions: mbed TLS 2.7.5, LZO 2.10
Thu Apr  4 18:28:08 2019 us=277405 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr  4 18:28:08 2019 us=278132 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr  4 18:28:08 2019 us=278696 LZO compression initializing
Thu Apr  4 18:28:08 2019 us=281363 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Apr  4 18:28:08 2019 us=287824 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Apr  4 18:28:08 2019 us=288588 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,ciphe
Thu Apr  4 18:28:08 2019 us=288975 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp
Thu Apr  4 18:28:08 2019 us=289426 TCP/UDP: Preserving recently used remote address: [AF_INET]185.244.214.35:443
Thu Apr  4 18:28:08 2019 us=300012 Socket Buffers: R=[163840->163840] S=[163840->163840]
Thu Apr  4 18:28:08 2019 us=300483 UDP link local: (not bound)
Thu Apr  4 18:28:08 2019 us=300917 UDP link remote: [AF_INET]185.244.214.35:443

a to konfiguracja
https://drive.google.com/open?id=1ynKEf … 8K6gvBlzSK

10 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Konfig pokaż a nie screnshoty z luci...

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

11 Odpowiedź przez M8R-r5l59d

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

root@LEDE:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd4f:d8d3:b6ba::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0'

config interface 'VPN'
        option proto 'none'
        option ifname 'tun0'
        option auto '1'
        option delegate '0'
        option type 'bridge'
root@LEDE:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config zone
        option name 'VPN_FW'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'VPN'
        option input 'REJECT'
        option forward 'REJECT'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'VPN_FW'
        option src 'lan'

config forwarding
        option dest 'wan'
        option src 'lan'

12 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Konfig openvpn

route -n
ifconfig
logread (cały)

Brak zmiany IP po prostu oznacza tyle że albo vpn nie działa albo nie przesyła ci trasy domyślnej - wtedy to kwestia konfiguracji serwera.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

13 Odpowiedź przez M8R-r5l59d (edytowany przez M8R-r5l59d 2019-04-05 01:24:08)

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

/var/log/openvpn.log

Fri Apr  5 00:06:19 2019 OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr  5 00:06:19 2019 library versions: mbed TLS 2.7.5, LZO 2.10
Fri Apr  5 00:06:19 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Apr  5 00:06:19 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Apr  5 00:06:20 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.244.214.35:443
Fri Apr  5 00:06:20 2019 UDP link local: (not bound)
Fri Apr  5 00:06:20 2019 UDP link remote: [AF_INET]185.244.214.35:443
Fri Apr  5 00:06:21 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Apr  5 00:06:21 2019 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Fri Apr  5 00:06:21 2019 Validating certificate key usage
Fri Apr  5 00:06:21 2019 VERIFY KU OK
Fri Apr  5 00:06:21 2019 Validating certificate extended key usage
Fri Apr  5 00:06:21 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr  5 00:06:21 2019 VERIFY EKU OK
Fri Apr  5 00:06:21 2019 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Fri Apr  5 00:06:22 2019 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 4096 bit key
Fri Apr  5 00:06:22 2019 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]185.244.214.35:443
Fri Apr  5 00:11:11 2019 [Windscribe Node Server 4096] Inactivity timeout (--ping-restart), restarting
Fri Apr  5 00:11:11 2019 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr  5 00:11:16 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.133.8.164:443
Fri Apr  5 00:11:16 2019 UDP link local: (not bound)
Fri Apr  5 00:11:16 2019 UDP link remote: [AF_INET]5.133.8.164:443
Fri Apr  5 00:11:16 2019 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
Fri Apr  5 00:11:16 2019 Validating certificate key usage
Fri Apr  5 00:11:16 2019 VERIFY KU OK
Fri Apr  5 00:11:16 2019 Validating certificate extended key usage
Fri Apr  5 00:11:16 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr  5 00:11:16 2019 VERIFY EKU OK
Fri Apr  5 00:11:16 2019 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
Fri Apr  5 00:11:17 2019 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 4096 bit key
Fri Apr  5 00:11:17 2019 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]5.133.8.164:443
Fri Apr  5 00:11:18 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr  5 00:11:18 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr  5 00:11:18 2019 TUN/TAP device tun0 opened
Fri Apr  5 00:11:18 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr  5 00:11:18 2019 /sbin/ifconfig tun0 10.110.190.3 netmask 255.255.254.0 mtu 1500 broadcast 10.110.191.255
Fri Apr  5 00:11:18 2019 Initialization Sequence Completed
Fri Apr  5 02:14:16 2019 [Windscribe Node Server 4096] Inactivity timeout (--ping-restart), restarting
Fri Apr  5 02:14:16 2019 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr  5 02:14:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]5.133.8.164:443
Fri Apr  5 02:14:21 2019 UDP link local: (not bound)
Fri Apr  5 02:14:21 2019 UDP link remote: [AF_INET]5.133.8.164:443
Fri Apr  5 02:15:21 2019 [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Apr  5 02:15:21 2019 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr  5 02:15:31 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:15:36 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:15:36 2019 Could not determine IPv4/IPv6 protocol
Fri Apr  5 02:15:36 2019 SIGUSR1[soft,init_instance] received, process restarting
Fri Apr  5 02:15:46 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:15:51 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:15:51 2019 Could not determine IPv4/IPv6 protocol
Fri Apr  5 02:15:51 2019 SIGUSR1[soft,init_instance] received, process restarting
Fri Apr  5 02:16:01 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:16:06 2019 RESOLVE: Cannot resolve host address: pl.windscribe.com:443 (Try again)
Fri Apr  5 02:16:06 2019 Could not determine IPv4/IPv6 protocol
Fri Apr  5 02:16:06 2019 SIGUSR1[soft,init_instance] received, process restarting

syslog

Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: 8021ad
Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: 8021q
Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: macvlan
Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: bridge
Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: Network device
Fri Apr  5 02:06:06 2019 user.notice : Added device handler type: tunnel
Fri Apr  5 02:06:07 2019 daemon.notice procd: /etc/init.d/network: 'radio0' is disabled
Fri Apr  5 02:06:07 2019 daemon.notice procd: /etc/init.d/network: 'radio0' is disabled
Fri Apr  5 02:06:10 2019 authpriv.info dropbear[783]: Not backgrounding
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'lan' is enabled
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'lan' is setting up now
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'lan' is now up
Fri Apr  5 02:06:14 2019 daemon.notice procd: /etc/rc.d/S50uhttpd: 4+0 records in
Fri Apr  5 02:06:14 2019 daemon.notice procd: /etc/rc.d/S50uhttpd: 4+0 records out
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'loopback' is enabled
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'loopback' is setting up now
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'loopback' is now up
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'wan' is enabled
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'wan6' is enabled
Fri Apr  5 02:06:14 2019 daemon.info odhcpd[747]: Raising SIGUSR1 due to address change on br-lan
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Network device 'lo' link is up
Fri Apr  5 02:06:14 2019 daemon.notice netifd: Interface 'loopback' has link connectivity 
Fri Apr  5 02:06:15 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:06:15 2019 daemon.notice odhcpd[747]: Failed to send to ff02::1%br-lan (Address not available)
Fri Apr  5 02:06:15 2019 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Apr  5 02:06:16 2019 daemon.notice netifd: Network device 'eth0' link is up
Fri Apr  5 02:06:16 2019 daemon.notice netifd: bridge 'br-lan' link is up
Fri Apr  5 02:06:16 2019 daemon.notice netifd: Interface 'lan' has link connectivity 
Fri Apr  5 02:06:16 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:06:16 2019 daemon.notice odhcpd[747]: Failed to send to fe80::1118:6438:cc57:4918%br-lan (Address not available)
Fri Apr  5 02:06:17 2019 daemon.notice netifd: Network device 'eth1' link is up
Fri Apr  5 02:06:17 2019 daemon.notice netifd: Interface 'wan' has link connectivity 
Fri Apr  5 02:06:17 2019 daemon.notice netifd: Interface 'wan' is setting up now
Fri Apr  5 02:06:17 2019 daemon.notice netifd: Interface 'wan6' has link connectivity 
Fri Apr  5 02:06:17 2019 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Apr  5 02:06:17 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:17 2019 daemon.warn odhcpd[747]: DHCPV6 SOLICIT IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: ok fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:06:17 2019 daemon.notice odhcpd[747]: Failed to send to fe80::1118:6438:cc57:4918%br-lan (Address not available)
Fri Apr  5 02:06:17 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:06:17 2019 daemon.notice odhcpd[747]: Failed to send to ff02::1%br-lan (Address not available)
Fri Apr  5 02:06:17 2019 daemon.notice netifd: wan (1077): udhcpc: started, v1.25.1
Fri Apr  5 02:06:19 2019 daemon.notice netifd: wan (1077): udhcpc: sending discover
Fri Apr  5 02:06:19 2019 daemon.notice netifd: wan (1077): udhcpc: sending select for 192.168.1.19
Fri Apr  5 02:06:19 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:19 2019 daemon.warn odhcpd[747]: DHCPV6 SOLICIT IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: ok fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:06:19 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:19 2019 daemon.warn odhcpd[747]: DHCPV6 REQUEST IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: ok fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:06:19 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led WAN
Fri Apr  5 02:06:19 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN1
Fri Apr  5 02:06:20 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN2
Fri Apr  5 02:06:20 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN3
Fri Apr  5 02:06:20 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN4
Fri Apr  5 02:06:20 2019 daemon.notice procd: /etc/rc.d/S96led: setting up led WLAN
Fri Apr  5 02:06:20 2019 daemon.notice netifd: wan (1077): udhcpc: lease of 192.168.1.19 obtained, lease time 3600
Fri Apr  5 02:06:20 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:06:20 2019 daemon.notice netifd: Interface 'wan' is now up
Fri Apr  5 02:06:21 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:21 2019 daemon.warn odhcpd[747]: DHCPV6 CONFIRM IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: not on-link fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:06:21 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:21 2019 daemon.warn odhcpd[747]: DHCPV6 SOLICIT IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: ok fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:06:21 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:06:22 2019 daemon.info procd: - init complete -
Fri Apr  5 02:06:22 2019 daemon.notice odhcpd[747]: Got DHCPv6 request
Fri Apr  5 02:06:22 2019 daemon.warn odhcpd[747]: DHCPV6 REQUEST IA_NA from 0001000123a30641d8cb8aebe685 on br-lan: ok fdcc:6bb4:eace::9e4/128 
Fri Apr  5 02:11:07 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: started, version 2.78 cachesize 150
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: DNS service limited to local subnets
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq-dhcp[1311]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: using local addresses only for domain lan
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: reading /tmp/resolv.conf.auto
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: using local addresses only for domain lan
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: using nameserver 194.204.152.34#53
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: using nameserver 194.204.159.1#53
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: read /etc/hosts - 4 addresses
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: read /tmp/hosts/odhcpd - 1 addresses
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq[1311]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Fri Apr  5 02:11:07 2019 daemon.info dnsmasq-dhcp[1311]: read /etc/ethers - 0 addresses
Fri Apr  5 02:11:08 2019 daemon.info dnsmasq-dhcp[1311]: DHCPREQUEST(br-lan) 192.168.1.185 d8:cb:8a:eb:e6:85 
Fri Apr  5 02:11:08 2019 daemon.info dnsmasq-dhcp[1311]: DHCPACK(br-lan) 192.168.1.185 d8:cb:8a:eb:e6:85 MSI
Fri Apr  5 02:11:10 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth1)
Fri Apr  5 02:11:10 2019 daemon.err dnsmasq[1311]: failed to send packet: Operation not permitted
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1311]: exiting on receipt of SIGTERM
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: started, version 2.78 cachesize 150
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: DNS service limited to local subnets
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq-dhcp[1536]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: using local addresses only for domain lan
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: reading /tmp/resolv.conf.auto
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: using local addresses only for domain lan
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: using nameserver 194.204.152.34#53
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: using nameserver 194.204.159.1#53
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: read /etc/hosts - 4 addresses
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: read /tmp/hosts/odhcpd - 1 addresses
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq-dhcp[1536]: read /etc/ethers - 0 addresses
Fri Apr  5 02:11:12 2019 daemon.info dnsmasq[1536]: exiting on receipt of SIGTERM
Fri Apr  5 02:11:13 2019 user.notice ddns-scripts[1549]: myddns_ipv4: PID '1549' started at 2019-04-05 00:11
Fri Apr  5 02:11:13 2019 user.warn ddns-scripts[1549]: myddns_ipv4: Service section disabled! - TERMINATE
Fri Apr  5 02:11:14 2019 user.warn ddns-scripts[1549]: myddns_ipv4: PID '1549' exit WITH ERROR '1' at 2019-04-05 00:11
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: started, version 2.78 cachesize 150
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: DNS service limited to local subnets
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq-dhcp[1698]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: using local addresses only for domain lan
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: reading /tmp/resolv.conf.auto
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: using local addresses only for domain lan
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: using nameserver 194.204.152.34#53
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: using nameserver 194.204.159.1#53
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: read /etc/hosts - 4 addresses
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: read /tmp/hosts/odhcpd - 1 addresses
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq[1698]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Fri Apr  5 02:11:16 2019 daemon.info dnsmasq-dhcp[1698]: read /etc/ethers - 0 addresses
Fri Apr  5 02:11:16 2019 user.info adblock-[3.4.3]: adblock is currently disabled, please set adb_enabled to '1' to use this service
Fri Apr  5 02:11:18 2019 daemon.notice netifd: Interface 'VPN' is enabled
Fri Apr  5 02:11:18 2019 daemon.notice netifd: Network device 'tun0' link is up
Fri Apr  5 02:11:18 2019 daemon.notice netifd: Interface 'VPN' has link connectivity 
Fri Apr  5 02:11:18 2019 daemon.notice netifd: Interface 'VPN' is setting up now
Fri Apr  5 02:11:18 2019 daemon.notice netifd: Interface 'VPN' is now up
Fri Apr  5 02:11:18 2019 user.notice firewall: Reloading firewall due to ifup of VPN (tun0)
Fri Apr  5 02:11:19 2019 daemon.info odhcpd[747]: Using a RA lifetime of 0 seconds on br-lan
Fri Apr  5 02:12:22 2019 authpriv.info dropbear[2633]: Child connection from 192.168.1.185:58486
Fri Apr  5 02:13:02 2019 authpriv.warn dropbear[2633]: Bad password attempt for 'root' from 192.168.1.185:58486
Fri Apr  5 02:13:30 2019 authpriv.notice dropbear[2633]: Password auth succeeded for 'root' from 192.168.1.185:58486

ifconfig

br-lan    Link encap:Ethernet  HWaddr F8:1A:67:DF:EA:E1
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::fa1a:67ff:fedf:eae1/64 Scope:Link
          inet6 addr: fdcc:6bb4:eace::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5764 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:617614 (603.1 KiB)  TX bytes:1123249 (1.0 MiB)

eth0      Link encap:Ethernet  HWaddr F8:1A:67:DF:EA:E1
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5764 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:698310 (681.9 KiB)  TX bytes:1123249 (1.0 MiB)
          Interrupt:5

eth1      Link encap:Ethernet  HWaddr F8:1A:67:DF:EA:E3
          inet addr:192.168.1.19  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::fa1a:67ff:fedf:eae3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1045 errors:0 dropped:0 overruns:0 frame:0
          TX packets:655 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:380147 (371.2 KiB)  TX bytes:147673 (144.2 KiB)
          Interrupt:4

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1905 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1905 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:280421 (273.8 KiB)  TX bytes:280421 (273.8 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.110.190.3  P-t-P:10.110.190.3  Mask:255.255.254.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2199 errors:0 dropped:1651 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:224521 (219.2 KiB)

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.110.190.1    128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
5.133.8.164     192.168.1.1     255.255.255.255 UGH   0      0        0 br-lan
10.110.190.0    0.0.0.0         255.255.254.0   U     0      0        0 tun0
128.0.0.0       10.110.190.1    128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1

config

config openvpn 'wind'
        option client '1'
        option nobind '1'
        option auth_user_pass '/etc/openvpn/userpass.txt'
        option auth 'SHA512'
        option comp_lzo 'yes'
        option remote_cert_tls 'server'
        option persist_key '1'
        option persist_tun '1'
        option ca '/etc/luci-uploads/cbid.openvpn.windscribe.ca'
        option mute_replay_warnings '1'
        option resolv_retry 'infinite'
        option log '/var/log/openvpn.log'
        option log_append '/var/log/openvpn.log'
        list remote 'pl.windscribe.com 443'
        option tls_auth '/etc/luci-uploads/cbid.openvpn.wind.key'
        option dev 'tun'
        option key_direction '1'
        option verb '2'
        option enabled '1'
        option reneg_sec '3600'
        option cipher 'AES-256-GCM'

pliki
/etc/luci-uploads/cbid.openvpn.wind.key
/etc/luci-uploads/cbid.openvpn.windscribe.ca
/etc/openvpn/userpass.txt
sprawdziłem i są okej

14 Odpowiedź przez M8R-r5l59d

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

Wydaje mi się ze to może być problem z dns
Znalazłem coś takiego

FIX to use DNS provided by OpenVPN server:

cat<<'EOF' > /etc/openvpn/updns #!/bin/sh mv /tmp/resolv.conf.auto /tmp/resolv.conf.auto.hold echo $foreign_option_1 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >/tmp/resolv.conf.auto echo $foreign_option_2 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto echo $foreign_option_3 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto EOF cat<<'EOF' > /etc/openvpn/downdns #!/bin/sh mv /tmp/resolv.conf.auto.hold /tmp/resolv.conf.auto EOF

add execution permission to both files:

chmod 755 /etc/openvpn/updns chmod 755 /etc/openvpn/downdns

You should have now two new files (check for it):

ls -l /etc/openvpn/*dns
All Ready!
Since we modified firewall we need to run

/etc/init.d/firewall reload
Since we added a new interface we need to restart network daemon (you will lost connectivity for a moment)

/etc/init.d/network restart

15 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Sztucznie wpisane dnsów do systemu. W route masz trasę domyślną przez vpn, więc jak ci "nie zmienia ip"?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

16 Odpowiedź przez M8R-r5l59d (edytowany przez M8R-r5l59d 2019-04-05 08:53:03)

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

tzn na początku ip pozostawało takie samo. Teraz zauważyłem że po uruchomieniu wywala błąd dns w systemie. Ręczne wpisanie dns vpna nic nie daje, 8.8.8.8 w cmd tez nie mogę zpingować

na vpnie teraz zauważyłem linijke
DNS Settings (Advanced)
Some devices like some consumer routers do not accept server pushed DNS settings. If this is the case, configure your DNS manually to 10.255.255.1
Keep in mind, this is an internal IPs, and will not work when you're not connected to Windscribe.

w network/interfaces vpn (tun0) cały czas RX: 0 B (0 Pkts.) a tylko TX rośnie

17 Odpowiedź przez Gr4nd0

  • Gr4nd0
  • Użytkownik
  • Nieaktywny
  • Skąd: Swarzędz
  • Zarejestrowany: 2016-10-06
  • Posty: 276

Odp: OpenVPN na OpenWRT wr740n

Jeżeli masz problem z DNS to przetestuj czy działa nslookup

# nslookup google.pl 8.8.8.8

Jeżeli zadziała to sprawdź jako drugi parametr IP twojego DNS
Jeśli nie działa to znaczy, że coś blokuje

GUI jest przereklamowane

ASUS WL-500gP v2, TP-Link TL-MR3420 v2, TP-Link TL-WR1043ND v3, TP-Link TL-WDR4300 v1, D-Link DWR-921 C3,
Netgear R6220

18 Odpowiedź przez M8R-r5l59d

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

nslookup google.pl

Server:  LEDE.lan
Address:  fdcc:6bb4:eace::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to LEDE.lan timed-out

19 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 115,846

Odp: OpenVPN na OpenWRT wr740n

Czemu gadasz po ipv6?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

20 Odpowiedź przez M8R-r5l59d

  • Skąd: internety
  • Zarejestrowany: 2012-01-13
  • Posty: 64

Odp: OpenVPN na OpenWRT wr740n

Już to zmieniłem ale nadal nie działa