Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Help with DD-WRT

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
ddwrt-noob

Help with DD-WRT

Postby ddwrt-noob » Tue May 02, 2017 9:50 am

Hello!

I have an old Linksys WRT54Gv2 router running the latest beta of DD-WRT (build 31899, 4/24/2017). I'm trying to set this up as a dedicated VPN router. I have an ethernet cord connected to the Linksys' WAN port, running to a LAN port on my primary router. I changed the Router IP setting to put devices connected to the Linksys on a different subnet, but I'm not sure if this is correct or if there are also other settings I need to change for this setup.

I followed the DD-WRT howto (viewtopic.php?f=69&t=4298&hilit=dd+wrt) and am not having any luck connecting. When I visit the OpenVPN status page, everything is blank. Did I miss something? Or have some settings changed since this article was written?

Also, how do I know if I'm using the correct firewall settings?

Screenshots are attached, I'd appreciate any help! Thanks! :D
Attachments
Firefox_Screenshot_2017-05-02T04-44-37.292Z.png
Firefox_Screenshot_2017-05-02T04-44-17.244Z.png
Firefox_Screenshot_2017-05-02T04-43-57.124Z.png
Firefox_Screenshot_2017-05-02T04-43-20.160Z.png


uz-uz-uz
Posts: 8
Joined: Sun Feb 15, 2015 4:23 pm

Re: Help with DD-WRT

Postby uz-uz-uz » Fri May 12, 2017 4:46 am

get ready for a lot of time wasted an no support.
or let me / us know how you did it.
I've had working configs stop working for no reason, spending hours after hours trying to figure out why.
after hoping to fix something by updating to the latest ddwrt i got the same empty status window that you got. that was using the exact same config, by the way.
sorry to be so discouraging...
Maybe there are no official config settings here, maybe I never found them or maybe CS don't care about ddwrt. I don't know, but it's a shame, since running CS on a router would just make so much sense...
Let's hope somebody throws out some official support for ddwrt one day - or presents a better alternative for a router-based logon.


Topic Author
cryptobob

Re: Help with DD-WRT

Postby cryptobob » Sat Jul 01, 2017 11:03 pm

Try switching LZO compression to disabled and using this in the config:

resolv-retry infinite
explicit-exit-notify 3
mssfix 1400
nobind
comp-lzo
down-pre
reneg-sec 0
hand-window 17
verb 4
mute 3
auth-user-pass /tmp/user.conf
ns-cert-type server
auth SHA512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2


Along with your choice of node, eg:

remote-random
remote linux-useast.cryptostorm.net 443 udp
remote linux-useast.cryptostorm.nu 443 udp
remote linux-useast.cryptostorm.org 443 udp
remote linux-useast.cstorm.pw 443 udp


You could also try checking your token. If you see "has reached maximum number of sessions" you might want to grab another day/week token to check against, as I had a valid token working in the widget but not in dd-wrt.

Also, I would enter the DNS for your chosen node in all 3 DNS fields in the DNS settings and in your NIC settings if using windows with this router to avoid DNS leaks (Test with ipleak.net, or wtfismyip.com first to confirm you are using the VPN if you are paranoid)

This setup is currently working for me right now with the latest dd-wrt install for my router. If all else fails try a hard reset and reinstall the firmware and do another hard reset before changing settings. That has worked for me before also.

I will rescan through your settings and let you know if I spot anything else.


Topic Author
Guest

Re: Help with DD-WRT

Postby Guest » Mon Jul 03, 2017 4:43 am

Not sure which build you're using, but the kong build has been a bit buggy for several months- A blank status screen (or "wait" message) on the first attempt to turn on vpn, doesn't necessarily mean a bad config. Going back to service/vpn and hitting apply may fix things.

Another new thing that got screwed up in the last couple months is what appears to be an inconsistent race condition in startup- turn on logging and check for openvpn messages about user.conf or whatever you named you token/pass file, not existing. -if that's the case, you can fix by turning off the vpn, saving, rebooting, wait for full load, then turn the vpn back on. I think what's happening is that openvpn is running and asking for the user/pass file, before the start-up script actually creates it.

There's surely a way to make dd-wrt delay the openvpn startup- haven't taken the time to look into it myself.


Return to “member support & tech assistance”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 31 guests

cron

Login