Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Help with DD-WRT

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: Help with DD-WRT

Re: Help with DD-WRT

Post by Guest » Mon Jul 03, 2017 4:43 am

Not sure which build you're using, but the kong build has been a bit buggy for several months- A blank status screen (or "wait" message) on the first attempt to turn on vpn, doesn't necessarily mean a bad config. Going back to service/vpn and hitting apply may fix things.

Another new thing that got screwed up in the last couple months is what appears to be an inconsistent race condition in startup- turn on logging and check for openvpn messages about user.conf or whatever you named you token/pass file, not existing. -if that's the case, you can fix by turning off the vpn, saving, rebooting, wait for full load, then turn the vpn back on. I think what's happening is that openvpn is running and asking for the user/pass file, before the start-up script actually creates it.

There's surely a way to make dd-wrt delay the openvpn startup- haven't taken the time to look into it myself.

Re: Help with DD-WRT

Post by cryptobob » Sat Jul 01, 2017 11:03 pm

Try switching LZO compression to disabled and using this in the config:

resolv-retry infinite
explicit-exit-notify 3
mssfix 1400
nobind
comp-lzo
down-pre
reneg-sec 0
hand-window 17
verb 4
mute 3
auth-user-pass /tmp/user.conf
ns-cert-type server
auth SHA512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2


Along with your choice of node, eg:

remote-random
remote linux-useast.cryptostorm.net 443 udp
remote linux-useast.cryptostorm.nu 443 udp
remote linux-useast.cryptostorm.org 443 udp
remote linux-useast.cstorm.pw 443 udp


You could also try checking your token. If you see "has reached maximum number of sessions" you might want to grab another day/week token to check against, as I had a valid token working in the widget but not in dd-wrt.

Also, I would enter the DNS for your chosen node in all 3 DNS fields in the DNS settings and in your NIC settings if using windows with this router to avoid DNS leaks (Test with ipleak.net, or wtfismyip.com first to confirm you are using the VPN if you are paranoid)

This setup is currently working for me right now with the latest dd-wrt install for my router. If all else fails try a hard reset and reinstall the firmware and do another hard reset before changing settings. That has worked for me before also.

I will rescan through your settings and let you know if I spot anything else.

Re: Help with DD-WRT

Post by uz-uz-uz » Fri May 12, 2017 4:46 am

get ready for a lot of time wasted an no support.
or let me / us know how you did it.
I've had working configs stop working for no reason, spending hours after hours trying to figure out why.
after hoping to fix something by updating to the latest ddwrt i got the same empty status window that you got. that was using the exact same config, by the way.
sorry to be so discouraging...
Maybe there are no official config settings here, maybe I never found them or maybe CS don't care about ddwrt. I don't know, but it's a shame, since running CS on a router would just make so much sense...
Let's hope somebody throws out some official support for ddwrt one day - or presents a better alternative for a router-based logon.

Help with DD-WRT

Post by ddwrt-noob » Tue May 02, 2017 9:50 am

Hello!

I have an old Linksys WRT54Gv2 router running the latest beta of DD-WRT (build 31899, 4/24/2017). I'm trying to set this up as a dedicated VPN router. I have an ethernet cord connected to the Linksys' WAN port, running to a LAN port on my primary router. I changed the Router IP setting to put devices connected to the Linksys on a different subnet, but I'm not sure if this is correct or if there are also other settings I need to change for this setup.

I followed the DD-WRT howto (viewtopic.php?f=69&t=4298&hilit=dd+wrt) and am not having any luck connecting. When I visit the OpenVPN status page, everything is blank. Did I miss something? Or have some settings changed since this article was written?

Also, how do I know if I'm using the correct firewall settings?

Screenshots are attached, I'd appreciate any help! Thanks! :D
Attachments
Firefox_Screenshot_2017-05-02T04-44-37.292Z.png
Firefox_Screenshot_2017-05-02T04-44-17.244Z.png
Firefox_Screenshot_2017-05-02T04-43-57.124Z.png
Firefox_Screenshot_2017-05-02T04-43-20.160Z.png

Top

Nothing to display.

Login