Previous Thread
hi we have lost of problems to setup OPENVPN with arethusa provider or other, the GUI of your mod as change a lot ..... could we have some help ?
What's new kong?
Asus RT-N16 - 17670 kingkong 10/27/11, OTRW, 2x 2TB USBHDD My Wiki - http://www.techinfodepot.info
January 5, 2012 1:58 PM
January 5, 2012 2:25 PM
updated: January 5, 2012 2:39 PM
Have a look at this:
http://www.vpnaddict.com/Firmware-DD-WRT/dd-wrt-et-arethusa?tmpl=component&ty...
http://fr.eannu.com/arethusa.html
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
January 5, 2012 4:24 PM
@patmtp35,
the changes in openvpn come from the latest dd-wrt changes.
Since I don't use openvpn I cannot help you with this.
January 5, 2012 4:32 PM
nice haddoc find a way to have it works !
http://bb.s6n.org/viewtopic.php?id=495
January 5, 2012 8:33 PM
So is there a list of changes or is it just the changes in the dd-wrt timeline?
Asus RT-N16 - 17670 kingkong 10/27/11, OTRW, 2x 2TB USBHDD My Wiki - http://www.techinfodepot.info
January 6, 2012 7:59 AM
Je ne parle pas francais... can someone translare the instructions to english or explain what you were missing?
January 6, 2012 8:11 AM
nothing is missing , just that gui change a lot all wiki and tuto are old, so i found something working now
January 6, 2012 9:10 AM
@patmtp35
Maybe I did not ask clearly... Can you please share with us a step by step (What goes where in the Router's OpenVPN Web GUI. Or did you bypass the gui all together and did it using scripts.
Think of helping someone that is stuck like you were so they don't have to suffer :).
January 6, 2012 9:52 AM
no pb i did it by script as with gui it's to complicate and not compatible...
as i'm fench will try to explain it , i used a french howto to do it by script
1=> enable JFFS2 => restart
in command shell copy this script replacing LOGIN / PASSWORd and Pasting CERTIFICATE replace server by the one you wants.
sleep 30
echo "LOGIN
PASSWORD" > /jffs/user.conf
sleep 10
echo "client
dev tun
proto udp
remote p2p.tunsrv.s6n.net 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
mute-replay-warnings
ca /jffs/ca.crt
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
mute 20
auth-user-pass /jffs/user.conf
redirect-gateway def1 bypass-dhcp" > /jffs/config.ovpn
sleep 10
echo "-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----" > /jffs/ca.crt
3=> save start
4=> PAste this rules in command shell:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
5=> save firewall
6=> restart and way 4 minutes it create files
7=> return in command shell , edit Start and delete all
8=> in command shell PASTE:
sleep 30
/usr/sbin/openvpn --config /jffs/config.ovpn --auth-user-pass /jffs/user.conf &
9=> save start
10=> enable Clent OPENVPN but DON'T FIL ANYTHING !!
11=> restart routeur and that ok !!!!
Just have a look at your public IP
For me it's working fine but connection is very slow....
January 6, 2012 10:03 AM
next step i'll try to make 2 conf and with a crontab to use 1 server or an other in function of time.
January 7, 2012 4:47 PM
updated: January 7, 2012 5:03 PM
i do this cron tab to schedule my vpn qnd it works
24 23 * * * root /usr/sbin/openvpn --config /jffs/config.ovpn --auth-user-pass /jffs/user.conf &
00 5 * * * root /usr/sbin/killall openvpn
January 8, 2012 5:54 PM
First impressions about kingkong r18050:
Site survey is broken. Show no results.
Best regards,
January 9, 2012 1:15 PM
This also happens on your builds.
http://svn.dd-wrt.com:8000/ticket/2360#
Unfortunately I have to put 100 RTN16s in production next week and I was planning to use your build. However, a really crappy cablemodem ISP in Nicaragua is giving users 10.206.x.x addresses which breaks the NAT funcionality. Willing to pay for a solution. Need professional support. Thanks in advance.
January 9, 2012 2:02 PM
Wow... sounds like you have a winning network planning team at that ISP huh.
Why in the world would they want to give out private addresses? oh right, I forgot because they are not a real ISP.. lol.
Like that you and I can get an OC3 from a major carrier, oversubscribe the hell out of it, offer customers our own cable modem and create a Private "distribution" Network... except that our customers will not be able to have private networks. Listen, that is probably why you are making money so stay sane and forget what you learned on those Cisco books...lol
January 9, 2012 2:13 PM
@zoomlink, that ISP sucks hairy balls. No doubt about it.
Now regarding "customers will not be able to have private networks", I don't know about that. Just use any dd-wrt router and set up 192.168.x.x and you got your private network right there.
My problem is that dd-wrt has broken NAT fuctionality since 17201 and I need a fix for this specific problem ASAP
January 11, 2012 1:09 AM
Does this fix you NAT problem? You will need to change 192.168.0.0 to match your subnet.
iptables -t nat -I POSTROUTING -j SNAT -s 192.168.0.0/24 --to-source `nvram get wan_ipaddr`
Geoff..
January 13, 2012 12:08 AM
updated: January 13, 2012 12:08 AM
@Kong,
I downloaded this file but got a different MD5. The one in your Xecksums says:
b6f3fc9c46c5a5641135ba7a9ff9dae4 usb-ftp-samba3-vpn-nv32k-broadcom.bin
But I got E9ECC70226BAD921A0FB289D5E8C1292. I noted that this file was updated on Jan 10, instead of Jan 4 like the rest. Was this modified afterward?
Thanks.
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
January 13, 2012 6:38 AM
Yes this build is updated with a possible fix for nat routing: http://svn.dd-wrt.com:8000/ticket/2360
I'm waiting for feedback if it fixes the issue, once I have positive feedback I'll upload all updated builds.
January 13, 2012 7:16 PM
@Kong... I saw that it worked... just the Axelm suggested a different iptables command but bottom line it worked.
When you do your next release, can you please include versions that have the old drivers from the 15000 series?
January 13, 2012 8:22 PM
@Kong,
I see. In that case, would you mind add a note to either the md5 file or somewhere else? Otherwise it might confuses people. Thanks.
January 14, 2012 7:58 PM
updated: January 14, 2012 8:04 PM
Hello,
I've noticed something different in the way QoS works. I've set up my QoS to limit the upload and download of all IP addresses (192.168.1.0/24) to 300kbps upload and 1500 kbps download. The actual ISP upload and download is twice that limit. Under MAC Priority, I would add MAC addresses of a few machines with the Exempt priority. This setup used to allow the exempt machines to bypass the QoS upload and download limits, but now those exempt machines are also affected by the QoS upload and download limits. I wonder if there is updated documentation regarding the QoS changes, because I've been using the dd-wrt wiki on QoS ( http://www.dd-wrt.com/wiki/index.php/Quality_of_Service ) as a reference.
January 17, 2012 8:20 PM
@Kong
I loaded 18050 on my friend's router.
My friend is away on holiday. There is NOBODY using his home network, yet when I hit 'dmesg' I keep getting this very annoying messages:
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
Along with these (which I want to get rid of from the kernel messages - pls let me know how I can get rid of these messages)
[DROP INVALID WAN] : IN=vlan2 OUT= MAC=bc:ae:c5:c2:fe:0b:00:18:01:72:f9:b5:08:00:45:00:00:34 SRC=204.1.136.122 DST=192.168.1.10 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=29700 DF PROTO=TCP SPT=80 DPT=3584 SEQ=287442916 ACK=2976382906 WINDOW=617 RES=0x00 ACK FIN URGP=0 OPT (0101080A604CB5AC00054835)
[DROP INVALID WAN] : IN=vlan2 OUT= MAC=bc:ae:c5:c2:fe:0b:00:18:01:72:f9:b5:08:00:45:00:00:34 SRC=204.1.136.122 DST=192.168.1.10 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=31569 DF PROTO=TCP SPT=80 DPT=3587 SEQ=287760212 ACK=2740784245 WINDOW=550 RES=0x00 ACK FIN URGP=0 OPT (0101080A604CFE13000548FC)
[DROP INVALID WAN] : IN=vlan2 OUT= MAC=bc:ae:c5:c2:fe:0b:00:18:01:72:f9:b5:08:00:45:00:00:28 SRC=66.135.204.11 DST=192.168.1.10 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52292 PROTO=TCP SPT=80 DPT=3597 SEQ=751915936 ACK=526030878 WINDOW=9300 RES=0x00 RST URGP=0
I did a 30/30/30 when I went from 18010 to 18050.
I have since done:
nvram erase
nvram commit
/sbin/reboot
I have OTRW 'S00autorestore' script that takes the last backup (done yesterday) and re-populates the nvram variables.
January 18, 2012 1:59 AM
Does increasing the maximum number of connections resolve the "nf_conntrack: table full, dropping packet." errors?
nvram set ip_conntrack_max=16384
nvram commit reboot
Geoff..
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
January 18, 2012 5:31 AM
@zoomlink,
just lower the TCP Timeout setting under Administration->Management, a regular home user doesn't need 3600s, 360s should be enough
Add Your Reply
Sponsored Links
Copyright © 2012
Capable Networks LLC.. All Rights Reserved.
RSS |
Privacy Policy |
Advertise With Us |
Terms of Use |
About Us |
Contact Us |
Site Map
Our Capable Community Network:
DVR playground |
Explore3DTV |
MediaSmart Home |
MotoDash |
My Open Router |
Pogoplugged |
DijitCommunity |
Robo Community |
Sansa Community |
TechLore |
TiVo Community |
TouchSmartDevZone
MyOpenRouter.com is not affiliated with NETGEAR®. NETGEAR is a registered trademark of NETGEAR, Inc. in the United States and/or other countries. Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). © 2011 NETGEAR, Inc. All rights reserved.
