MON@H Rasta
Occasional Visitor
Well, there are pretty much prints in my log file (VPN reconnections, DNS-lists updates etc.), so at least I want to relocate it to reduce usage of nvram that has a limited read/write cycles, I guess
I don't know what "prints in my log file" means, but writing to nvram isn't an issue (unless you're doing something usual that's spamming the syslog) because everything is buffered in memory and only occasionally committed. This has been discussed many times.Well, there are pretty much prints in my log file (VPN reconnections, DNS-lists updates etc.), so at least I want to relocate it to reduce usage of nvram that has a limited read/write cycles, I guess
Check the IP address your client is trying to connect to. Go to https://canyouseeme.org/ Does the IP address shown there match the WAN IP shown on the router (Network Map > Internet status)?I am having trouble connecting the VPN server from a remote network.
RT-N66U firmware version V44EA
I have enabled both PPTP VPN server and OpenVPN server... both seems to be running on the router.
Local connection (windows built in VPN for PPTP and OpenVPN connect for OpenVPN) both connects... no problems.
But when I try to connect from a remote network neither one connects. There is nothing on the log about connection attempts.
What can I do from here? How can I troubleshoot? Any idea on how to get either PPTP or Openvpn server to run?
Thanks for the great firmware.
Check the IP address your client is trying to connect to. Go to https://canyouseeme.org/ Does the IP address shown there match the WAN IP shown on the router (Network Map > Internet status)?
Are you sure about the IP address and that you don't have double NAT? It's just that I've never seen a situation where connection attempts didn't show up in the syslog. Or have you changed the logging level to suppress them? Do the successful (local) connections show in the syslog?Yes. I have tried with both with wan IP address of the router plus DDNS of the router. Server address is ok. PPTP on windows even asks for username and password upon newly created connected, but does not connect. The weird thing is that there is nothing on the router's log about any VPN connection attempt.
Are you sure about the IP address and that you don't have double NAT? It's just that I've never seen a situation where connection attempts didn't show up in the syslog. Or have you changed the logging level to suppress them? Do the successful (local) connections show in the syslog?
This contradicts the answers you gave previously.I just noticed that my router's WAN IP id different from the ones that shows on "what is my ip". Maybe this is causing problems. Again any suggestion is appreciated.
Not necessarily.This contradicts the answers you gave previously.
That probably means, that your internet connection is not reachable from the outside. Try to contact your ISP about it.Again any suggestion is appreciated.
Not necessarily.
That probably means, that your internet connection is not reachable from the outside. Try to contact your ISP about it.
If it get fixed but your IP on WAN is still not your internet IP, that could mean that you won't be able to use the DDNS Feature in this Firmware, because, if I remember correct, it is not capable of doing an external IP-lookup.Still not solved but in progress.
Yes it does contradict what he had said. I explicitly asked him twice if his router's WAN IP address matched his publicly seen IP address and twice he said it did. Now he's saying they're different.Not necessarily.
Disabling JFFS scripts in the GUI is certainly an option, but it’s overkill. Entware can be removed by:Is there another way to undo all the tools I installed via SSH.... ?! If I for example disable jffs and scripting will that work?
/jffs/scripts/post-mount
or just delete the /jffs/scripts/post-mount
script if nothing else is using it. Same for unmount and services-stop scripts.rm /tmp/opt
Works fine for me. Post a link to your syslog for us to look at.Does anyone have the same problem?
Is there an IP subnet conflict between the network you are connecting FROM and your LAN subnet? Are they both 192.168.1.0/24?Since the latest update I have the problem that the option "Push LAN to clients" seems not longer to work. I can connect to the RT-N66U without any problem but I can't connect or ping any devices in my LAN.
Oct 9 23:46:14 rc_service: httpd 1042:notify_rc start_vpnserver2
Oct 9 23:46:14 kernel: device tun22 entered promiscuous mode
Oct 9 23:46:17 openvpn[2207]: OpenVPN 2.4.9 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 12 2020
Oct 9 23:46:17 openvpn[2207]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.09
Oct 9 23:46:17 openvpn[2209]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Oct 9 23:46:17 openvpn[2209]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 9 23:46:17 openvpn[2209]: Diffie-Hellman initialized with 2048 bit key
Oct 9 23:46:17 openvpn[2209]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 9 23:46:17 openvpn[2209]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 9 23:46:17 openvpn[2209]: TUN/TAP device tun22 opened
Oct 9 23:46:17 openvpn[2209]: TUN/TAP TX queue length set to 1000
Oct 9 23:46:17 openvpn[2209]: /usr/sbin/ip link set dev tun22 up mtu 1500
Oct 9 23:46:17 openvpn[2209]: /usr/sbin/ip addr add dev tun22 10.8.1.1/24 broadcast 10.8.1.255
Oct 9 23:46:17 openvpn[2209]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 9 23:46:17 openvpn[2209]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Oct 9 23:46:17 openvpn[2209]: UDPv4 link local (bound): [AF_INET]xx.xx.xx.xx:1194
Oct 9 23:46:17 openvpn[2209]: UDPv4 link remote: [AF_UNSPEC]
Oct 9 23:46:17 openvpn[2209]: MULTI: multi_init called, r=256 v=256
Oct 9 23:46:17 openvpn[2209]: IFCONFIG POOL: base=10.8.1.2 size=252, ipv6=0
Oct 9 23:46:17 openvpn[2209]: Initialization Sequence Completed
Oct 9 23:46:52 openvpn[2209]: yy.yy.yy.yy:58127 TLS: Initial packet from [AF_INET]yy.yy.yy.yy:58127, sid=83341d68 35fbcaec
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_VER=2.4.6
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_PLAT=win
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_PROTO=2
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_NCP=2
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZ4=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZ4v2=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_LZO=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_COMP_STUB=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_COMP_STUBv2=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 peer info: IV_TCPNL=1
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 TLS: Username/Password authentication succeeded for username 'mustermann'
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Oct 9 23:46:53 openvpn[2209]: yy.yy.yy.yy:58127 [client] Peer Connection Initiated with [AF_INET]yy.yy.yy.yy:58127
Oct 9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI_sva: pool returned IPv4=10.8.1.2, IPv6=(Not enabled)
Oct 9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI: Learn: 10.8.1.2 -> client/yy.yy.yy.yy:58127
Oct 9 23:46:53 openvpn[2209]: client/yy.yy.yy.yy:58127 MULTI: primary virtual IP for client/yy.yy.yy.yy:58127: 10.8.1.2
Oct 9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 PUSH: Received control message: 'PUSH_REQUEST'
Oct 9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.1.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.1.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Oct 9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Data Channel: using negotiated cipher 'AES-128-GCM'
Oct 9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 9 23:46:54 openvpn[2209]: client/yy.yy.yy.yy:58127 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!