Nighthawk [DD-WRT (Kong)] OpenVPN Client (PIA)

148 posts / 0 new
Last post
kamaaina
kamaaina's picture
Nighthawk [DD-WRT (Kong)] OpenVPN Client (PIA)

I am running an OpenVPN client connection on the R7000 flashed with build 23490. I am connecting to PrivateInternetAccess (PIA). This has worked fine for about 6 months before on two other routers, namely an older Linksys E3000 and an Asus RT-N66U, both flashed with Tomato (Shibby).

I got the R7000 for more horsepower running the VPN connection to get better encrypted speeds, which is the case. However, it seems now I am dropping the whole Internet connection every now and then. I had the router on a daily reboot schedule and it still froze the Internet connection, not everyday, but 3-4 out of a week. Given the VPN worked fine before I assume some config issues on my end or maybe some OpenVPN problems with the firmware. 

I used this hack script as a startup script command without touching the OpenVPN config at all, and it works but seems to crash the router internet connection. 

I finally managed to find a proper DD-WRT OpenVPN configuration working.

The important part for newbies like me? There are "" missing and your need to enter your settings in between. the rest as instructed.

    echo "enteryourusernamehere" >> /tmp/password.txt
    echo "enteryourpasswordhere" >> /tmp/password.txt
    /usr/bin/killall openvpn
    /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon

The connection works again but has only been running for about an hour so far. We'll see if this stops the WAN connection drops. 

Subhra
Subhra's picture
Thanks for sharing your

Thanks for sharing your experience. There is a tutorial  How to Set Up a VPN On NETGEAR R6300 with OpenVPN and DD-WRT, I guess this should work with R7000 also.

roadcarver
roadcarver's picture
The DD-WRT OpenVPN

The DD-WRT OpenVPN recommended setup from PIA didn't work for me, but a hacked script worked.

Any idea if the firewall settings needs to be there for the OpenVPN service to work? Looking at the script it has the firewall settings. Maybe that's why it didn't work for me.

While using the hacked script for OpenVPN/PIA, I noticed that overnight, my devices lost internet connectivity. I had to reboot my router. I'm using this firmware from Kong - http://www.desipro.de/ddwrt/K3-AC-Arm/r23884/dd-wrt.v24-K3_AC_ARM_STD_OL...

kamaaina
kamaaina's picture
I am still having trouble

I am still having trouble with connection drops using the OpenVPN client. It's not stable. Every 12-72h the connection freezes and a restart is needed. I tried iVPN provider as well but same problem. It used to work stable on my old tomato router. I switched back to R7000 stock firmware but realized there is no VPN client, just server settings. So back to Kong version 770. Have an RT-AC68U coming that I will try and see if I get it to work there.

roadcarver
roadcarver's picture
Backup your config, and do a

Backup your config, and do a 30-30-30 reset? When your connection drops, can you still access your router via the web interface?

kamaaina
kamaaina's picture
Yes, I did 30/30/30. and yes,

Yes, I did 30/30/30. and yes, I can still access the router web interface. Just all external traffic gets "halted".

roadcarver
roadcarver's picture
I'm trying to figure out if

I'm trying to figure out if the dropped internet connectivity that I experienced overnight was the same. In your windows (assuming Win7) network icon on the system tray, do you see a triangle with an exclamation mark?

This is what I saw this morning.

kamaaina
kamaaina's picture
Mostly Macs in the household,

Mostly Macs in the household, but I do recall having seen the triangle. When you mouse over though it does not say network down, it says "no internet connection" if I recall correctly. E.g., I can still access the router from that machine, and probably print on the LAN printer, so routing internally works. I have not tried that though. I tried 3 different setups/configs with PIA so far and one with iVPN. Same issue with the R7000 for all of them. Wonder what a good log might be to fetch to help troubleshooting or what else we could do/test to help get to the root cause of this.

roadcarver
roadcarver's picture
After about 11 hrs, my

After about 11 hrs, my internet connectivity was gone again as well, but I was still able to access the web browser.

I saved my setup, and did a new one following this guide http://www.myopenrouter.com/article/46341/How-to-Set-Up-a-VPN-On-NETGEAR... which works on the R7000. I'll let you know tomorrow on the status.

Only changes that I did from that guide (other than VPN server, credentials) were:
DNS1 8.8.8.8
DNS2 8.8.4.4

roadcarver
roadcarver's picture
So far so good for me - with

So far so good for me - with the guide that I shared from another post, I haven't lost internet connectivity. It's been 36 hrs so far.

kamaaina
kamaaina's picture
That's promising. I won't

That's promising. I won't have time to tinker with it again before the weekend but will do then. Which version/build are you on? 770?

roadcarver
roadcarver's picture
This version - http://www
DougRoberson
DougRoberson's picture
I've got the same build

I've got the same build running on my R7000, same VPN service, set up using the same guide, same periodic lockups. I did set the auto-reboot in Keep Alive. Also, I am back to using OpenDNS now, after having the same lockups using Google DNS.

roadcarver
roadcarver's picture
Thanks for chiming in - If

Thanks for chiming in - If you can recall, what was the longest period that you were able to get VPN client service running on the router before a reboot?

DougRoberson
DougRoberson's picture
It ran for roughly 15

It ran for roughly 15 uninterrupted hours between Monday morning and Monday night. Current up time is 9:05 (due to auto reboot at 5 am Eastern).

DougRoberson
DougRoberson's picture
I should also point out that

I should also point out that it will come down several times over the next few evenings as I work on different things.

roadcarver
roadcarver's picture
I just checked the status of

I just checked the status of my router - actually it's been up for 2 days 31min.

kamaaina
kamaaina's picture
Alright then, let's see how

Alright then, let's see how far we get with my new connection then. This is probably the 4th attempt.

Started fresh: 30/30/30, flashed with latest version (23900), and did 30/30/30 again. Then new setup from scratch. I used the Google DNS servers as well this time, not the OpenDNS. Connection works, Friday afternoon now, let's see if we are still online on Monday... ;-) 

The REALLY good news is that since I was scouting the web again I figured out how to overclock the R7000, so now it's running at 1400 Mhz, and a test at http://testmy.net/db/ogLlfkE.Tbw2WJx says I can get almost >40 Mbit through the VPN download. I am trilled. http://www.speedtest.net/my-result/3448174641 CPU temperatures so far around 60 degrees. This would be an amazing speed through the VPN connection and almost full speed.

kamaaina
kamaaina's picture
My connection keeps freezing.

My connection keeps freezing. 3rd restart in about 24h. DD-WRT console can be reached but no external traffic gets throughâ?¦ Here is some log stuff I found, maybe that helps find the error:

Serverlog Clientlog 20140419 22:31:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:31:18 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:31:18 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:31:18 I UDPv4 link local: [undef]
20140419 22:31:18 I UDPv4 link remote: [AF_INET]50.23.115.73:1194
20140419 22:32:18 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:32:18 N TLS Error: TLS handshake failed
20140419 22:32:18 I SIGUSR1[soft tls-error] received process restarting
20140419 22:32:18 Restart pause 2 second(s)
20140419 22:32:20 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:32:20 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:32:20 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:32:20 I UDPv4 link local: [undef]
20140419 22:32:20 I UDPv4 link remote: [AF_INET]50.23.115.94:1194
20140419 22:33:20 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:33:20 N TLS Error: TLS handshake failed
20140419 22:33:20 I SIGUSR1[soft tls-error] received process restarting
20140419 22:33:20 Restart pause 2 second(s)
20140419 22:33:22 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:33:22 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:33:22 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:33:22 I UDPv4 link local: [undef]
20140419 22:33:22 I UDPv4 link remote: [AF_INET]50.23.115.120:1194
20140419 22:34:22 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:34:22 N TLS Error: TLS handshake failed
20140419 22:34:22 I SIGUSR1[soft tls-error] received process restarting
20140419 22:34:22 Restart pause 2 second(s)
20140419 22:34:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:34:24 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:34:24 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:34:24 I UDPv4 link local: [undef]
20140419 22:34:24 I UDPv4 link remote: [AF_INET]50.23.113.213:1194
20140419 22:35:24 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:35:24 N TLS Error: TLS handshake failed
20140419 22:35:24 I SIGUSR1[soft tls-error] received process restarting
20140419 22:35:24 Restart pause 2 second(s)
20140419 22:35:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:35:26 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:35:26 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:35:26 I UDPv4 link local: [undef]
20140419 22:35:26 I UDPv4 link remote: [AF_INET]198.23.103.126:1194
20140419 22:36:27 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:36:27 N TLS Error: TLS handshake failed
20140419 22:36:27 I SIGUSR1[soft tls-error] received process restarting
20140419 22:36:27 Restart pause 2 second(s)
20140419 22:36:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:36:29 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:36:29 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:36:29 I UDPv4 link local: [undef]
20140419 22:36:29 I UDPv4 link remote: [AF_INET]50.23.113.213:1194
20140419 22:37:29 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:37:29 N TLS Error: TLS handshake failed
20140419 22:37:29 I SIGUSR1[soft tls-error] received process restarting
20140419 22:37:29 Restart pause 2 second(s)
20140419 22:37:31 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:37:31 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:37:31 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:37:31 I UDPv4 link local: [undef]
20140419 22:37:31 I UDPv4 link remote: [AF_INET]50.23.115.104:1194
20140419 22:38:31 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:38:31 N TLS Error: TLS handshake failed
20140419 22:38:31 I SIGUSR1[soft tls-error] received process restarting
20140419 22:38:31 Restart pause 2 second(s)
20140419 22:38:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:38:33 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:38:33 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:38:33 I UDPv4 link local: [undef]
20140419 22:38:33 I UDPv4 link remote: [AF_INET]50.23.113.229:1194
20140419 22:39:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140419 22:39:33 N TLS Error: TLS handshake failed
20140419 22:39:33 I SIGUSR1[soft tls-error] received process restarting
20140419 22:39:33 Restart pause 2 second(s)
20140419 22:39:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20140419 22:39:35 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20140419 22:39:35 Socket Buffers: R=[180224->131072] S=[180224->131072]
20140419 22:39:35 I UDPv4 link local: [undef]
20140419 22:39:35 I UDPv4 link remote: [AF_INET]50.23.115.124:1194
20140419 22:39:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:39:47 D MANAGEMENT: CMD 'state'
20140419 22:39:47 MANAGEMENT: Client disconnected
20140419 22:39:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:39:47 D MANAGEMENT: CMD 'state'
20140419 22:39:47 MANAGEMENT: Client disconnected
20140419 22:39:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:39:47 D MANAGEMENT: CMD 'state'
20140419 22:39:47 MANAGEMENT: Client disconnected
20140419 22:39:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:39:47 D MANAGEMENT: CMD 'log 500'
20140419 22:39:47 MANAGEMENT: Client disconnected
20140419 22:40:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:40:31 D MANAGEMENT: CMD 'state'
20140419 22:40:31 MANAGEMENT: Client disconnected
20140419 22:40:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:40:31 D MANAGEMENT: CMD 'state'
20140419 22:40:31 MANAGEMENT: Client disconnected
20140419 22:40:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:40:31 D MANAGEMENT: CMD 'state'
20140419 22:40:31 MANAGEMENT: Client disconnected
20140419 22:40:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140419 22:40:31 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Sky1111
Sky1111's picture
Hello everyone - I am new to

Hello everyone - I am new to R7000/Kong's builds. I am coming from ASUS Merlin and Padavan firmwares.

First of all, thank you Kong for what you do for the community - if it not your work, I won't buying R7000 :)

Regarding the subject matter - Kong, did you manage to reproduce the Internet disconnect issue while on PIA?

si-uk
si-uk's picture
I agree with Sky1111. Kongs

I agree with Sky1111. Kongs builds are the reason I bought the R7000.

I'm also experiencing drops in VPN using PIA with the settings above. A reboot of the Netgear resolves this for a short period of time then it happens, when I try and view the STATus->OpenVPN log its blank (like part of the page is missing). I'm using PIA DNS with OpenDNS as a 3rd entry.

Firmware: DD-WRT v24-sp2 (04/16/14) kongac

DougRoberson
DougRoberson's picture
I get the same behavior on

I get the same behavior on the Nighthawk I use for VPN with PIA. I have the "Keep Alive" function set to reboot the router every 6 hours but still get random lockups that require a reset. Other than that, KONG AC runs like a champ on both of my routers.

Peter Redmer
Peter Redmer's picture
Hi all,

Hi all,

I am having this issue as well. I figured it was Private Internet Access, and not necessarily the router.

Sometimes, we would go several days without a reboot, and sometimes, several reboots in one day.

For now (and for science, of course) I'm trying shibby's new Tomato build for the R7000 that was just released.

http://www.myopenrouter.com/forum/thread/56505/Tomato-for-Netgear-Nighth...

I will be sure to post the downloads, my review, and how it works with the VPN!

DougRoberson
DougRoberson's picture
Thanks, Peter!

Thanks, Peter!

Sky1111
Sky1111's picture
I am not convinced if this is

I am not convinced if this is PIA problem. I used PIA for months with PC client, and PC client never got disconnected (as long as WAN connection was up).

Observation: DHCP Release/DHCP Renew restores connectivity without need to reboot.

kamaaina
kamaaina's picture
I still think it's the router

I still think it's the router/firmware. I tried the VPN connection with iVPN.net and I had the same disconnect problem on the R7000. iVPN seems to be much slower, could be because of the better encryption. iVPN offers 7 days money back if you want to try.

Then I wanted to try Tomato on the R7000 now that Shibby put a version out but I might have killed the box accidentally while flashing. So, currently w/o a working R7000. I will reconfigure PIA on an ASUS 68U over the weekend (running Tomato) and see if that is stable again as it used to be on the E3000. 

Loved the Kong build otherwise and the router is strong, will need to see if I can magically revive it. 

roadcarver
roadcarver's picture
I'm still getting internet

I'm still getting internet disconnect issue but it is not as frequent. However, a router reboot is not required when I get this issue. I am still able to get into the router setup page, services, VPN, OpenVPN client and I just disable, and then re-enable.

I then get the internet connectivity back.

Hope this helps with the resolution.

DougRoberson
DougRoberson's picture
I had 4 disconnects yesterday

I had 4 disconnects yesterday, so I decided to turn on the WDS/Connection Watchdog feature, set the interval to 300 seconds, and I've yet to notice a disconnect since.

Yes, I know that I'm still getting disconnects. However, my wife doesn't notice them, and perception is key.

I still may switch to the Tomato firmware next weekend, but, if I'm not getting any flak for disconnects, then I can focus on more important projects, instead :)

Kong
Kong's picture
DougRoberson said: I had 4

DougRoberson said: I had 4 disconnects yesterday, so I decided to turn on the WDS/Connection Watchdog feature, set the interval to 300 seconds, and I've yet to notice a disconnect since. Yes, I know that I'm still getting disconnects. However, my wife doesn't notice them, and perception is key. I still may switch to the Tomato firmware next weekend, but, if I'm not getting any flak for disconnects, then I can focus on more important projects, instead :)

Did you already upgrade to latest 24030 build, if you still see diconnects, you can send me the contents of the syslog, e.g.:

 

cat /var/log/messages > /tmp/syslog.txt

 

and then copy it via WinSCP, or dump the log to you mounted usb disk.

Maybe it contains a reason for the disconnects.

DougRoberson
DougRoberson's picture
Hi Kong!

Hi Kong!

I'm not running 24030 because I am stupid. I am still running 23900.

I'll get it installed tonight, turn off the Watchdog function, and let you know if I get any disconnects.

The way everyone is jumping on Tomato, I figured there hadn't been any patches.

Thanks!

kamaaina
kamaaina's picture
Kong is super active, always

Kong is super active, always worth taking a look and see if there is something new before any new config tests or changes. There is a new version almost every two weeks.

Pages