Hi. After updating to 5.1.9 I’ve got my share of problems as described in two other posts I’ve made. I’m sure they are related but I really need some fixes here. I have a script that creates a VPN tunnel when the Router is booted. It worked flawlessly as long as I was at version 3. Now I can’t get an IP-address from DHCP. I get errors in my script saying it can’t resolve the address in there so I’m stuck with a Router that has lost it’s functionality and I’m not able to use my tunnel as before. Is someone looking on this? Thanks.
Provide more info about your configuration
What do you need to know? Basic setup not many changes only IP-address range to 172.17.1.x otherwise standard.
Maybe start by posting this script.
Hi
I honestly do not believe that the “script” ovpn-file is the problem. My guess is that the DHCP server in the Turris box is broken and that leads to these other problems!
The address that can’t be resolved, can be resolved with the host command from my computer. I couldn’t find the host command in the router!
I’ve sanitized the file for user specific data.
I also include the results of running the file below the file.
Thanks
----------------------- begin ovpn-file ----------------------------------------
Automatically generated OpenVPN client config file
Generated on Wed Aug 15 10:12:38 2018 by openvpncluster01
Default Cipher
cipher AES-256-CBC
Note: this config file contains inline private keys
and therefore should be kept confidential!
Note: this configuration is user-locked to the username below
OVPN_ACCESS_SERVER_USERNAME=myusername
Define the profile name of this particular configuration file
OVPN_ACCESS_SERVER_PROFILE=myusername@xx.yyy.dk/AUTOLOGIN
OVPN_ACCESS_SERVER_AUTOLOGIN=1
OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
OVPN_ACCESS_SERVER_WSHOST=xxx.yyy.dk:443
OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=0
OVPN_ACCESS_SERVER_ORGANIZATION=COMPANY.dk
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 443 tcp
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 1194 udp
remote xx.yyy.dk 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
NOTE: LZO commands are pushed by the Access Server at connect time.
NOTE: The below line doesn’t disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
------------------------------------------ end opvn-file --------------------------------------------------------
--------------------------------------------start connection log ----------------------------------------------
Tue Feb 23 17:50:54 2021 OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Feb 23 17:50:54 2021 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Tue Feb 23 17:50:54 2021 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Tue Feb 23 17:50:54 2021 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Tue Feb 23 17:50:54 2021 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Tue Feb 23 17:50:59 2021 RESOLVE: Cannot resolve host address: xxx.yyy.dk:1194 (Try again)
Tue Feb 23 17:51:01 2021 Socket Buffers: R=[163840->200000] S=[163840->200000]
Tue Feb 23 17:51:01 2021 UDP link local: (not bound)
Tue Feb 23 17:51:01 2021 UDP link remote: [AF_INET]xxx.yyy.96.18:1194
Tue Feb 23 17:51:01 2021 TLS: Initial packet from [AF_INET]xxx.yyy.96.18:1194, sid=6cbd3138 7578a538
Tue Feb 23 17:51:01 2021 VERIFY OK: depth=1, CN=OpenVPN CA
Tue Feb 23 17:51:01 2021 VERIFY OK: nsCertType=SERVER
Tue Feb 23 17:51:01 2021 VERIFY OK: depth=0, CN=OpenVPN Server
Tue Feb 23 17:51:01 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Feb 23 17:51:01 2021 [OpenVPN Server] Peer Connection Initiated with [AF_INET]xxx.yyy.96.18:1194
Tue Feb 23 17:51:02 2021 SENT CONTROL [OpenVPN Server]: ‘PUSH_REQUEST’ (status=1)
Tue Feb 23 17:51:07 2021 SENT CONTROL [OpenVPN Server]: ‘PUSH_REQUEST’ (status=1)
Tue Feb 23 17:51:08 2021 PUSH: Received control message: ‘PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 10,ping-restart 60,compress stub-v2,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway zzz.qqq.232.1,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,dhcp-option DOMAIN xxxxxvpn.dk,dhcp-option ADAPTER_DOMAIN_SUFFIX xxxxxvpn.dk,register-dns,block-ipv6,ifconfig zzz.qqq.232.132 255.255.254.0,peer-id 5,auth-tokenSESS_ID,cipher AES-256-GCM’
Tue Feb 23 17:51:08 2021 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.7)
Tue Feb 23 17:51:08 2021 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.7)
Tue Feb 23 17:51:08 2021 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.7)
Tue Feb 23 17:51:08 2021 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.4.7)
Tue Feb 23 17:51:08 2021 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.7)
Tue Feb 23 17:51:08 2021 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: compression parms modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: route options modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: route-related options modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: peer-id set
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Feb 23 17:51:08 2021 OPTIONS IMPORT: data channel crypto options modified
Tue Feb 23 17:51:08 2021 Data Channel: using negotiated cipher ‘AES-256-GCM’
Tue Feb 23 17:51:08 2021 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Feb 23 17:51:08 2021 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key
Tue Feb 23 17:51:08 2021 TUN/TAP device tun0 opened
Tue Feb 23 17:51:08 2021 TUN/TAP TX queue length set to 100
Tue Feb 23 17:51:08 2021 /sbin/ifconfig tun0 zzz.qqq.232.132 netmask 255.255.254.0 mtu 1500 broadcast zzz.qqq.233.255
Tue Feb 23 17:51:13 2021 /sbin/route add -net xxx.yyy.96.18 netmask 255.255.255.255 gw 109.228.160.1
Tue Feb 23 17:51:13 2021 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw zzz.qqq.232.1
Tue Feb 23 17:51:13 2021 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw zzz.qqq.232.1
Tue Feb 23 17:51:13 2021 Initialization Sequence Completed
Tue Feb 23 17:51:42 2021 event_wait : Interrupted system call (code=4)
Tue Feb 23 17:51:42 2021 SIGTERM received, sending exit notification to peer
Tue Feb 23 17:51:43 2021 /sbin/route del -net xxx.yyy.96.18 netmask 255.255.255.255
Tue Feb 23 17:51:43 2021 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Tue Feb 23 17:51:43 2021 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Tue Feb 23 17:51:43 2021 Closing TUN/TAP interface
Tue Feb 23 17:51:43 2021 /sbin/ifconfig tun0 0.0.0.0
Tue Feb 23 17:51:43 2021 SIGTERM[soft,exit-with-notification] received, process exiting
This post is a mess. Please ommit CERTs and try to do some formatting so one can simply read what is there
I’ve removed the certs. Cannot change the parts of the text that’s bold. Have tried but not able to. Hope you feel you can read it better now?
…
does ’nslookup xxx.yyy.dk’ resolves to your public ip?
Yes Sir!
I made a rollback to before I updated and now everything works. As I wrote it’s not the VPN but the DHCP/DNS function in 5.1.9 that needs looking at.
Thanks 