Rehabilitation, underground utilities, sewer installation and repair
American Sewer and Utilities has consistently demonstrated excellence in the design and construction of a myriad of projects encompassing underground utilities, site development, leach fields, pump stations, landscaping, sanitary sewer, and municipal & residential rehabilitation. Our distinguished team comprises seasoned professionals and skilled artisans, dedicated to providing superior construction consultation and management servicesRecent comments
- After the initial Kong Mod 12 months 18 hours ago
- Working the EXACT same 12 months 21 hours ago
- While the "5 Easy Steps" 1 year 6 days ago
- R8000P would be grate to see. 1 year 1 week ago
- Have a R8000 but ordered a 1 year 1 week ago
I've installed 24030M and disabled the Keep Alive functions. I'll keep track of the disconnects.
I've got some information to share.
First, Kong asked if I was running the current build - I was running build 23900, which was multiple versions behind. I updated to the then-current build of 24030 and I'm now on 24045M (which is the current version as of the past few days).
He was then kind enough to review a couple of logs and found the problem - daemon.notice openvpn[1607]: [Private Internet Access] Inactivity timeout (--ping-restart), restarting.
He pointed me to this article for configuration help:
http://www.sparklabs.com/support/error_inactivity_timeout_ping_restart/
I contacted PIA support for assistance with ping settings and was told that they've made recent changes to their PPTP/L2TP/SOCKS5 setup, which requires some users to generate new username/password combinations.
That didn't aply to my question, so I asked for clarification. Tech asked for screen caps of my router settings, then sent back a link with instructions for a different configuration. Here is the link:
https://www.privateinternetaccess.com/forum/index.php?p=/discussion/345/...
I backed up my router configuration. Next, I modified the script linked to on the page above with my username, password, and server of choice. Then I rebooted the router.
Everything is up and running now, no DNS leaks, speed test returns results close to my full capacity (non-VPN).
I'll follow up in a couple of days to let everyone know if I have a significant number of disconnects or service issues.
Took less than an hour for the first disconnect. Not resolved.
Hi Doug, thanks for sharing. My R7000 has been running 5 days and 2h now with Tomato and PIA w/o a problem. So, the OpenVPN client seems to be fine on the Tomato version again, same as for the old E3000.
@ Peter, you were among the first to flash to Tomato, you should be running almost 10 days by now with PIA. Any update on your side?
My 2nd AC56U that I had bricked came back from Asus RMA so I will put the latest Kong build on it and try to connect it to iVPN again. Let's see if I keep getting disconnected there we well.
How can I help to pinpoint to the cause? cat /var/log/messages > /tmp/syslog.txt
Sorry about the newbe question, but how do I get this into shareable format so I can attach this here or otherwise share it? Can I save this on a USB drive or have it mailed somewhere automatically? Thx.
Thanks, Kamaaina!
I just bricked one of my r7000s. I flashed to tomato and was overclocking it using Putty and forgot to change the RAM speed. I have no idea what I was thinking. I'm making a serial cable today, but I've got no idea if I'll be able to recover it. Bleh.
Sorry to hear that, what speed did you try? When you just enter cpu speed isn't that safer as it leaves men clock untouched? I thought that was the more conservative approach.
I used:
nvram set clkfreq=1400,800
nvram commit && reboot
Supposedly this sets the CPU to 1400 and memory to 800. CPU indicates this speed, mem I cannot verify.
Take a look at these posts. Maybe it can help.
http://www.myopenrouter.com/article/52395/How-to-Debrick-or-Recover-NETG...
http://forum1.netgear.com/showthread.php?t=88562
Sorry, I should have posted. I've already de-bricked it. I'm back on the latest DD-WRT on that one, but I haven't taken it home to plug back into the network yet.
I see. Well, you recovered, that's what counts.
I think so, too :-)
BTW, PIA tech support decided a password reset was just the fix for me (out of the blue). Hooray.
Just a follow up for everyone - within 15 minutes of getting the router set back up, I had my first VPN disconnect. obviously, this is not due to authentication.
Tomorrow, I'll give Tomato another try. This time, I'll hopefully avoid bricking the router along the way.
You have config errors, different problem than the others e.g. Doug, you also overclocked the unit to a value that is likely to cause errors, especially crypto functions won't work well.
Kong, just for clarification for Kamaaina and the rest of us, what is the top frequency you recommend for overclocking?
Also, Private Internet Access has bumped my report up to Tier II. I'll share any significant news.
Edit: I notified PIA of the possibility that I've also overclocked my unit too far (1400,800) and asked if they'd like for me to reset it to stock for now.
Maximum stable freq is 1200, 1400 boots but fails in my cpu and mem tests.
I have seen people report that they can do 1400 on the 800Mhz asus units, this is complete bullshit, booting and running it for a while in idle is no tests, you need to run tools like memcheck etc. on the router, just as you would do on your regular pc.
In my experience on a PC if you can over clock 10-15% that's already pretty good. The Asus 68U booted and ran/idled at 1200 but connection hung up sometimes, at 1000 felt more stable. That's already a 25% gain though. I did not do any tests, just perception and looked at the temp. On the R7000, it's running 1400 on my unit so far, which is quite amazing, but again, no tests, just regular traffic. I don't put much load on the machine. 20% increase would be more a value to expect that would make sense. I had to restart due to some config changes yesterday but before did 5+ days of PIA w/ Tomato, that is at 1400. CPU seems to say around 12% load, as I did some file synching over night, but that's about it. No real power test.
Thanks Kong. I had tried 3 different ways to configure this I had found on the web and all had similar issues, but as you pointed out, some might not have been correct. I will see if I can get the second Asus AC56U I have configured this weekend and give it another shot.
Kong, you officially kick ass. I've set my clock speed back to stock for now and will see if I continue to have problems.
If I do not see a lot of drops, I'll experiment with 1200 and see if the performance to hassle ration is worth it.
Hi Kong,
Can you please kindly share the instructions to run those tests? Thanks :)
Update:
24 hours with no disconnects. I averaged 3-5 per 24 hours when overclocked.
I had mine stable w/ Tomato for 5+ days but then redid config settings and started fresh. I switched VPN provider to iVPN and after 2+ days now had a disconnect. I wasn't around and my wife just restarted the box but I assume the VPN got hung. I was still running at 1400 Mhz. I toned it down to 1200 now. I assume given iVPN uses stronger encryption (higher calc need) the higher clock speed could have interfered. I recall from the PC that the over clocked CPU at the limit could handle office apps but would stall with calc intense apps like Prime or flight simulator.
I haven't had time yet to set up the AC56U with DD-WRT and PIA in parallel but will tackle that on Wed.
I'm at 60 hours with no disconnects. This weekend, I may bump it up to 1200, but I may not. I like a stable platform.
Hi Doug, I'm getting disconnects every 48 hours or with my Router, I'm not over clocking.
Are you using the hacked script linked in the original post?
No, I'm using the script from the link below - the suggestion to do this came from Matthew K. at PIA tech support:
Edit - the link didn't come out right. Take 3!
https://www.privateinternetaccess.com/forum/index.php?p=/discussion/345/...
I give up on the link, but the address is right as of the third posting.
Thanks. I remember seeing this as well. I'll give it a shot one more time with the latest FW from Kong.
Now I remember, when I used this, it didn't work. I think what I did wrong was enable OpenVPN client in addition to the server. I was hoping to enable and disable VPN by using the services/VPN radio button. I guess for the sake of stability, it may trump convenience :)
I'll report the status in a few days.
Additionally, this is what I have configured. It would disconnect between 24-36 hours, and I simply turn off and back on OpenVPN client under services.
Server IP name: us-florida.privateinternetaccess.com
Port 1194
Tunnel device: TUN
Tunnel protocol: UDP
Encryption Cypher: Blowfish CBC
Hash algorithm: SHA1
Advanced Options: Enabled
TLS Cipher: None
LZO compression: Disabled
NAT: Enable
Tunnel MTU setting: 1500
Tnnel UDP MSS-Fix: Disabled
Additional config:
comp-lzo yes
auth-user-pass /tmp/password.txt
persist-key
persist-tun
tls-client
remote-cert-tls server
CA Cert:
-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----
Under administration, for commands:
Startup:
echo enter_your_username >> /tmp/password.txt
echo enter_your_password >> /tmp/password.txt
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --comp-lzo yes --route-up /tmp/openvpncl/route-up.sh --down-pre
/tmp/openvpncl/route-down.sh --daemon
Firewall:
iptables -N VPN
iptables -F VPN
iptables -I INPUT -i tun0 -j VPN
iptables -I FORWARD -i tun0 -j VPN
iptables -A VPN -i tun0 -o br0 -j ACCEPT
iptables -I POSTROUTING -t nat -o tun0 -j RETURN
Please don't be insulted by me asking this - I am just pointing this out due to many, many years in the IT field, seeing all kinds of crazy things.... you did change the parts that say "enter_your_username" and "enter_your_password," right?
I'm sure you did, but I've come across plenty of people who've just ignored things like that.
LOL - ya. I only put that "enter_your_username" as I was copying and pasting my config from my router setup.
My setup works but it suffers the drop connection after 24-36 hours. It will drop once during that time frame.
I did some minor tweaks this evening in the additional config section. Let's see if it drops connection in 24-36 hrs.
OK, I am back in the game as well. Different hardware (RT-AC56U), but same ARM firmware 24045. Router left on stock speed, nothing else configured. PIA configured. I am trying their "official" approach:
https://www.privateinternetaccess.com/pages/client-support/#ddwrt_openvpn
I basically now have 2 VPN routers running in parallel behind a third router that acts as a GW router (with the SIP adapters connected as well)
1) AC56U with Merlin as gateway to ISP with others behind. Plain connection, no QoS or anything.
2) R7000 w/ Tomato and OpenVPN client (iVPN configured)
3) AC56U with Kong build 24045 and OpenVPN client (PIA configured)
All routers use OpenDNS.
Nice! Let us know if you see any significant performance differences!
I'm running dual R7000s, with the VPN router running downstream from the main router. In the next week or so, I'm supposed to switch over to Comcast business class.
We're getting have 5 static IPs, so I'll connect each router to a specific port on the new gateway. It is time for my network to grow up a little, but I'm going to miss having my own hardware (DOCSIS 3 Motorola Surfboard).
Pages