IPVanish OpenVPN RT-N66U

[far2wired]

Firmware 3.0.0.4.270.26 (Merlin build)

VPN service - IPVanish http://www.ipvanish.com/

I followed DD-WRT instructions on their website - http://www.ipvanish.com/vpn-setup.php


See attachments for router settings.

The VPN appears to be restarting following the error
Apr 14 20:08:02 openvpn[2168]: ERROR: Linux route add command failed: external program exited with error status: 1
(highlighted below in red)

Full Log -
Apr 14 20:07:40 notify_rc : start_vpnclient1
Apr 14 20:07:40 openvpn[2162]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 17 2013
Apr 14 20:07:40 openvpn[2162]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Apr 14 20:07:40 openvpn[2162]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 20:07:40 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 14 20:07:40 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 14 20:07:40 openvpn[2162]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Apr 14 20:07:41 openvpn[2168]: Attempting to establish TCP connection with [AF_INET]81.171.97.3:443 [nonblock]
Apr 14 20:07:42 openvpn[2168]: TCP connection established with [AF_INET]81.171.97.3:443
Apr 14 20:07:42 openvpn[2168]: TCPv4_CLIENT link local: [undef]
Apr 14 20:07:42 openvpn[2168]: TCPv4_CLIENT link remote: [AF_INET]81.171.97.3:443
Apr 14 20:07:42 openvpn[2168]: TLS: Initial packet from [AF_INET]81.171.97.3:443, sid=09b6c0a7 9066c5c9
Apr 14 20:07:42 openvpn[2168]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 20:07:52 openvpn[2168]: VERIFY OK: depth=1, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
Apr 14 20:07:52 openvpn[2168]: VERIFY X509NAME OK: C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=lon-a02.ipvanish.com, emailAddress=support@ipvanish.com
Apr 14 20:07:52 openvpn[2168]: VERIFY OK: depth=0, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=lon-a02.ipvanish.com, emailAddress=support@ipvanish.com
Apr 14 20:07:59 openvpn[2168]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 14 20:07:59 openvpn[2168]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 20:07:59 openvpn[2168]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 14 20:07:59 openvpn[2168]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 20:07:59 openvpn[2168]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 14 20:07:59 openvpn[2168]: [lon-a02.ipvanish.com] Peer Connection Initiated with [AF_INET]81.171.97.3:443
Apr 14 20:08:01 openvpn[2168]: SENT CONTROL [lon-a02.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Apr 14 20:08:02 openvpn[2168]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 81.171.97.3,dhcp-option DNS 8.8.8.8,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.24.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.24.239 255.255.248.0'
Apr 14 20:08:02 openvpn[2168]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: explicit-exit-notify (2.3.0)
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Apr 14 20:08:02 openvpn[2168]: Socket Buffers: R=[131072->229376] S=[131072->131072]
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: route options modified
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: route-related options modified
Apr 14 20:08:02 openvpn[2168]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 20:08:02 openvpn[2168]: TUN/TAP device tun11 opened
Apr 14 20:08:02 openvpn[2168]: updown.sh tun11 1500 1560 172.20.24.239 255.255.248.0 init
Apr 14 20:08:02 notify_rc : updateresolv
Apr 14 20:08:02 dnsmasq[505]: read /etc/hosts - 3 addresses
Apr 14 20:08:02 dnsmasq[505]: read /etc/hosts.dnsmasq - 0 addresses
Apr 14 20:08:02 dnsmasq-dhcp[505]: read /etc/ethers - 2 addresses
Apr 14 20:08:02 dnsmasq[505]: using nameserver 8.8.8.8#53
Apr 14 20:08:02 dnsmasq[505]: using nameserver 81.171.97.3#53
Apr 14 20:08:02 openvpn[2168]: /sbin/route add -net 81.171.97.3 netmask 255.255.255.255 gw 46.64.40.1
Apr 14 20:08:02 openvpn[2168]: ERROR: Linux route add command failed: external program exited with error status: 1
Apr 14 20:08:02 openvpn[2168]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Apr 14 20:08:02 openvpn[2168]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Apr 14 20:08:02 openvpn[2168]: Initialization Sequence Completed
Apr 14 20:08:03 openvpn[2168]: Connection reset, restarting [0]
Apr 14 20:08:03 openvpn[2168]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 14 20:08:03 openvpn[2168]: Restart pause, 5 second(s)

I've been stumbling around for hours, trying different settings and I now accept defeat. Anyone able to help?

 

[janosek]

Start by removing everything in the custom configuration section

 

[far2wired]

Ok, I've removed the custom config entries, the ERROR has gone but still restarting?

Apr 15 06:28:17 notify_rc : start_vpnclient1
Apr 15 06:28:17 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 15 06:28:17 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 15 06:28:17 openvpn[4138]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 17 2013
Apr 15 06:28:17 openvpn[4138]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 15 06:28:17 openvpn[4138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 15 06:28:17 openvpn[4138]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Apr 15 06:28:18 openvpn[4146]: Attempting to establish TCP connection with [AF_INET]81.171.97.3:443 [nonblock]
Apr 15 06:28:19 openvpn[4146]: TCP connection established with [AF_INET]81.171.97.3:443
Apr 15 06:28:19 openvpn[4146]: TCPv4_CLIENT link local: [undef]
Apr 15 06:28:19 openvpn[4146]: TCPv4_CLIENT link remote: [AF_INET]81.171.97.3:443
Apr 15 06:28:19 openvpn[4146]: TLS: Initial packet from [AF_INET]81.171.97.3:443, sid=9265f4b5 7a2dd3c9
Apr 15 06:28:19 openvpn[4146]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 15 06:28:19 openvpn[4146]: VERIFY OK: depth=1, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
Apr 15 06:28:19 openvpn[4146]: VERIFY OK: depth=0, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=lon-a02.ipvanish.com, emailAddress=support@ipvanish.com
Apr 15 06:28:20 openvpn[4146]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 15 06:28:20 openvpn[4146]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 06:28:20 openvpn[4146]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 15 06:28:20 openvpn[4146]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 06:28:20 openvpn[4146]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 15 06:28:20 openvpn[4146]: [lon-a02.ipvanish.com] Peer Connection Initiated with [AF_INET]81.171.97.3:443
Apr 15 06:28:22 openvpn[4146]: SENT CONTROL [lon-a02.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Apr 15 06:28:22 openvpn[4146]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 81.171.97.3,dhcp-option DNS 8.8.8.8,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.24.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.24.239 255.255.248.0'
Apr 15 06:28:22 openvpn[4146]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: explicit-exit-notify (2.3.0)
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Apr 15 06:28:22 openvpn[4146]: Socket Buffers: R=[131072->229376] S=[131072->131072]
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: route options modified
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: route-related options modified
Apr 15 06:28:22 openvpn[4146]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 15 06:28:22 openvpn[4146]: TUN/TAP device tun11 opened
Apr 15 06:28:22 openvpn[4146]: updown.sh tun11 1500 1560 172.20.24.239 255.255.248.0 init
Apr 15 06:28:23 notify_rc : updateresolv
Apr 15 06:28:23 dnsmasq[505]: read /etc/hosts - 3 addresses
Apr 15 06:28:23 dnsmasq[505]: read /etc/hosts.dnsmasq - 0 addresses
Apr 15 06:28:23 dnsmasq-dhcp[505]: read /etc/ethers - 2 addresses
Apr 15 06:28:23 dnsmasq[505]: using nameserver 8.8.8.8#53
Apr 15 06:28:23 dnsmasq[505]: using nameserver 81.171.97.3#53
Apr 15 06:28:23 openvpn[4146]: /sbin/route add -net 81.171.97.3 netmask 255.255.255.255 gw 46.64.40.1
Apr 15 06:28:23 openvpn[4146]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Apr 15 06:28:23 openvpn[4146]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.20.24.1
Apr 15 06:28:23 openvpn[4146]: Initialization Sequence Completed
Apr 15 06:28:25 openvpn[4146]: Connection reset, restarting [0]
Apr 15 06:28:25 openvpn[4146]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 15 06:28:25 openvpn[4146]: Restart pause, 5 second(s)

I have a post on the IPVanish forum and response is -

From what I can tell, your version of OpenVPN is not 2.1.x or 2.2.x - and some people using the new 2.3.x versions are having trouble with the old syntax in the configurations. My recommendation would be to downgrade your DD-WRT install to something else.

What version of OpenVPN is in the firmware? Is it possible to flash an earlier version with OpenVPN 2.2.x in it?

 

[janosek]

Hello,

RMerlin updated OpenVPN to 2.3.0 in version 3.0.0.4.270.24. You will have to flash to a pre 3.0.0.4.270.24 to get a lower version of OpenVPN.

 

[far2wired]

Flashed 3.0.0.4.266.23b

Tried starting OpenVPN client STILL no dice!

Apr 15 17:42:49 notify_rc : start_vpnclient1
Apr 15 17:42:49 openvpn[645]: OpenVPN 2.2.2 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 31 2012
Apr 15 17:42:49 openvpn[645]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Apr 15 17:42:49 openvpn[645]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 15 17:42:49 openvpn[645]: NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 15 17:42:49 openvpn[645]: LZO compression initialized
Apr 15 17:42:49 openvpn[645]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Apr 15 17:42:49 openvpn[645]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Apr 15 17:42:49 openvpn[645]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 15 17:42:49 openvpn[651]: Attempting to establish TCP connection with 81.171.97.3:443 [nonblock]
Apr 15 17:42:50 openvpn[651]: TCP connection established with 81.171.97.3:443
Apr 15 17:42:50 openvpn[651]: TCPv4_CLIENT link local: [undef]
Apr 15 17:42:50 openvpn[651]: TCPv4_CLIENT link remote: 81.171.97.3:443
Apr 15 17:42:50 openvpn[651]: TLS: Initial packet from 81.171.97.3:443, sid=8ff04613 4946191d
Apr 15 17:42:50 openvpn[651]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 15 17:42:51 openvpn[651]: VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
Apr 15 17:42:51 openvpn[651]: VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lon-a02.ipvanish.com/emailAddress=support@ipvanish.com
Apr 15 17:42:51 openvpn[651]: VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lon-a02.ipvanish.com/emailAddress=support@ipvanish.com
Apr 15 17:42:52 openvpn[651]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 15 17:42:52 openvpn[651]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 17:42:52 openvpn[651]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 15 17:42:52 openvpn[651]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 15 17:42:52 openvpn[651]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 15 17:42:52 openvpn[651]: [lon-a02.ipvanish.com] Peer Connection Initiated with 81.171.97.3:443
Apr 15 17:42:55 openvpn[651]: SENT CONTROL [lon-a02.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Apr 15 17:42:55 openvpn[651]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 81.171.97.3,dhcp-option DNS 8.8.8.8,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.24.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.24.239 255.255.248.0'
Apr 15 17:42:55 openvpn[651]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: explicit-exit-notify (2.2.2)
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Apr 15 17:42:55 openvpn[651]: Socket Buffers: R=[131072->229376] S=[131072->131072]
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: route options modified
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: route-related options modified
Apr 15 17:42:55 openvpn[651]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 15 17:42:55 openvpn[651]: TUN/TAP device tun11 opened
Apr 15 17:42:55 openvpn[651]: updown.sh tun11 1500 1560 172.20.24.239 255.255.248.0 init
Apr 15 17:42:55 openvpn[651]: WARNING: Failed running command (--up/--down): could not execute external program
Apr 15 17:42:55 openvpn[651]: Exiting

 

[janosek]

Check your certificate. There may be some strange characters or line breaks.

 

[far2wired]

I've copied the certificate from the IPVanish website again, its in "Client 1" "Certificate Authority". No carriage return at the end of the key.

-----BEGIN CERTIFICATE-----
MIIErTCCA5WgAwIBAgIJAMYKzSS8uPKDMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCRkwxFDASBgNVBAcTC1dpbnRlciBQYXJrMREwDwYD
VQQKEwhJUFZhbmlzaDEVMBMGA1UECxMMSVBWYW5pc2ggVlBOMRQwEgYDVQQDEwtJ
UFZhbmlzaCBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBpcHZhbmlzaC5jb20w
HhcNMTIwMTExMTkzMjIwWhcNMTcwMTEwMTkzMjIwWjCBlTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkZMMRQwEgYDVQQHEwtXaW50ZXIgUGFyazERMA8GA1UEChMISVBW
YW5pc2gxFTATBgNVBAsTDElQVmFuaXNoIFZQTjEUMBIGA1UEAxMLSVBWYW5pc2gg
Q0ExIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAaXB2YW5pc2guY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9DBWNr/IKOuY3TmDP5x7vYZR0DGxLbX
U8TyAzBbjUtFFMbhxlHiXVQrZHmgzih94x7BgXM7tWpmMKYVb+gNaqMdWE680Qm3
nOwmhy/dulXDkEHAwD05i/iTx4ZaUdtV2vsKBxRg1vdC4AEiwD7bqV4HOi13xcG9
71aQ55Mj1KeCdA0aNvpat1LWx2jjWxsfI8s2Lv5Fkoi1HO1+vTnnaEsJZrBgAkLX
pItqP29Lik3/OBIvkBIxlKrhiVPixE5qNiD+eSPirsmROvsyIonoJtuY4Dw5K6pc
NlKyYiwo1IOFYU3YxffwFJk+bSW4WVBhsdf5dGxq/uOHmuz5gdwxCwIDAQABo4H9
MIH6MB0GA1UdDgQWBBRL/RQliR3nwXCD1/afERwlThnurjCBygYDVR0jBIHCMIG/
gBRL/RQliR3nwXCD1/afERwlThnurqGBm6SBmDCBlTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAkZMMRQwEgYDVQQHEwtXaW50ZXIgUGFyazERMA8GA1UEChMISVBWYW5p
c2gxFTATBgNVBAsTDElQVmFuaXNoIFZQTjEUMBIGA1UEAxMLSVBWYW5pc2ggQ0Ex
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAaXB2YW5pc2guY29tggkAxgrNJLy48oMw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAho5ynpvtXISz3neqGXpL
BBlOM35pd1ZSNHLCb2yHQwAjZbfYqfX2MDs9ytH4Cf1OfaVqwe777QyyIC2XR2QK
kw4c2hCT8wPzWhmkLx8Q+jnKdOKkdz+L8+Ji9/vjtaFOcYjMDalI6CbjBiuMFWhB
IzOaYljmA2UeQCVIz9aW80BC8+sLQ6oeWVnFjx7zqK1gbbc2bNuy3slOMdyoEj2m
hkxfiffuHKV+GQoR7tFIr3M7KFFwYgkXeyLh1Pc0rZu7dGe4fUAbR1okB1DgelBd
n6rWTZ8XcNzT/YngtH4bXB9DM7pKWpDWc94va4hFrGgaOxjE861TdoDqHaMO9bW+
Pg==
-----END CERTIFICATE-----

No other keys entered, no mention of a static key needed, do I need one?

I've tried removing the "script-security 3 system" from the custom config, the client loops now trying to start -

Apr 16 19:01:01 openvpn[629]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Apr 16 19:01:01 openvpn[629]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 16 19:01:01 openvpn[629]: Re-using SSL/TLS context
Apr 16 19:01:01 openvpn[629]: LZO compression initialized
Apr 16 19:01:01 openvpn[629]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Apr 16 19:01:01 openvpn[629]: Socket Buffers: R=[87380->229376] S=[16384->131072]
Apr 16 19:01:01 openvpn[629]: TCP/UDP: Preserving recently used remote address: 81.171.97.3:443
Apr 16 19:01:01 openvpn[629]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 16 19:01:01 openvpn[629]: Attempting to establish TCP connection with 81.171.97.3:443 [nonblock]
Apr 16 19:01:02 openvpn[629]: TCP connection established with 81.171.97.3:443
Apr 16 19:01:02 openvpn[629]: TCPv4_CLIENT link local: [undef]
Apr 16 19:01:02 openvpn[629]: TCPv4_CLIENT link remote: 81.171.97.3:443
Apr 16 19:01:02 openvpn[629]: TLS: Initial packet from 81.171.97.3:443, sid=694fe657 a9548fbe
Apr 16 19:01:03 openvpn[629]: VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
Apr 16 19:01:03 openvpn[629]: VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lon-a02.ipvanish.com/emailAddress=support@ipvanish.com
Apr 16 19:01:03 openvpn[629]: VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lon-a02.ipvanish.com/emailAddress=support@ipvanish.com
Apr 16 19:01:06 openvpn[629]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 16 19:01:06 openvpn[629]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 16 19:01:06 openvpn[629]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Apr 16 19:01:06 openvpn[629]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 16 19:01:06 openvpn[629]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 16 19:01:06 openvpn[629]: [lon-a02.ipvanish.com] Peer Connection Initiated with 81.171.97.3:443
Apr 16 19:01:07 openvpn[629]: Connection reset, restarting [0]
Apr 16 19:01:07 openvpn[629]: TCP/UDP: Closing socket
Apr 16 19:01:07 openvpn[629]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 16 19:01:07 openvpn[629]: Restart pause, 5 second(s)

???

 

[janosek]

try a software openvpn client and see if you can connect. Just keep messing around d with settings. Try a factory reset as well and set everything up from scratch

 

[far2wired]

I installed the IPVanish client on my PC. Checked the server I was using I could actually connect to and all worked as expected. Disconnected and went back to settings on router.

In Custom Configuration I removed "script-security 3 system", VPN continually restarting.

Then added "auth SHA256" and bingo, VPN is up and running!

Final Advanced Settings as attached.

Now a final check is to flash with latest firmware and put in all those settings again...

 

[far2wired]

That was surprisingly painless. I updated to latest firmware - 3.0.0.4.270.26b asked for a manual reboot of the router and up came the VPN

So to conclude, and hopefully this will help someone using IPVanish and openVPN, the custom configuration settings should be

persist-remote-ip
auth SHA256
keysize 256
tls-remote <server of choice>

ignore what is on their website...

 

[janosek]

good stuff!

 

[christopher2]

I know this thread is a few years old but I'm having the same issues as far2wired was having and I have tried literally everything including all the steps he has shown, I'm wondering if it's a bit outdated and I'm stuck with what I have?

Using the same router ASUS RT N66u with Merlin wrt software and am trying to get Ip vanish to work.
Anyone with any ideas?