OpenVPN broke in 3.0.0.4.270.25

[netmik3]

Is it just me? Tested my openvpn client 1 right before upgrading to test speed. It shows connected after upgrading but no internet access. Tried setting Redirect Internet traffic to yes eventhough I don't think it does anything, maybe if it was fixed but same thing. Nothing else changed.

Not a big deal. I don't use it often. But anyone else in the same boat?

Mar  2 00:11:45 notify_rc : start_vpnclient1
Mar  2 00:11:45 kernel: tun: Universal TUN/TAP device driver, 1.6
Mar  2 00:11:45 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar  2 00:11:45 radvd[1285]: attempting to reread config file
Mar  2 00:11:45 radvd[1285]: resuming normal operation
Mar  2 00:11:45 openvpn[3586]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  2 2013
Mar  2 00:11:45 openvpn[3586]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mar  2 00:11:45 openvpn[3586]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar  2 00:11:45 openvpn[3586]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Mar  2 00:11:45 openvpn[3586]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  2 00:11:45 openvpn[3586]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  2 00:11:45 openvpn[3586]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Mar  2 00:11:45 openvpn[3589]: UDPv4 link local: [undef]
Mar  2 00:11:45 openvpn[3589]: UDPv4 link remote: [AF_INET]x.x.x.x:1194
Mar  2 00:11:45 openvpn[3589]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=5a5b9f6e e0412e98
Mar  2 00:11:45 openvpn[3589]: VERIFY OK: depth=1, CN=OpenVPN CA
Mar  2 00:11:45 openvpn[3589]: VERIFY OK: depth=0, CN=OpenVPN Server
Mar  2 00:11:46 openvpn[3589]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar  2 00:11:46 openvpn[3589]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  2 00:11:46 openvpn[3589]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar  2 00:11:46 openvpn[3589]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  2 00:11:46 openvpn[3589]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mar  2 00:11:46 openvpn[3589]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Mar  2 00:11:48 openvpn[3589]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Mar  2 00:11:48 openvpn[3589]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo no,ifconfig 5.5.169.120 255.255.0.0'
Mar  2 00:11:48 openvpn[3589]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: explicit-exit-notify (2.3.0)
Mar  2 00:11:48 openvpn[3589]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.0)
Mar  2 00:11:48 openvpn[3589]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.0)
Mar  2 00:11:48 openvpn[3589]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.0)
Mar  2 00:11:48 openvpn[3589]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.3.0)
Mar  2 00:11:48 openvpn[3589]: OPTIONS IMPORT: timers and/or timeouts modified
Mar  2 00:11:48 openvpn[3589]: OPTIONS IMPORT: LZO parms modified
Mar  2 00:11:48 openvpn[3589]: OPTIONS IMPORT: --ifconfig/up options modified
Mar  2 00:11:48 openvpn[3589]: OPTIONS IMPORT: route options modified
Mar  2 00:11:48 openvpn[3589]: TUN/TAP device tun11 opened
Mar  2 00:11:48 openvpn[3589]: TUN/TAP TX queue length set to 100
Mar  2 00:11:48 openvpn[3589]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar  2 00:11:48 openvpn[3589]: /sbin/ifconfig tun11 5.5.169.120 netmask 255.255.0.0 mtu 1500 broadcast 5.5.255.255
Mar  2 00:11:48 radvd[1285]: attempting to reread config file
Mar  2 00:11:48 radvd[1285]: resuming normal operation
Mar  2 00:11:53 openvpn[3589]: /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 72.130.64.1
Mar  2 00:11:53 openvpn[3589]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Mar  2 00:11:53 openvpn[3589]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Mar  2 00:11:53 openvpn[3589]: Initialization Sequence Completed
Mar  2 00:12:22 notify_rc : stop_vpnclient1
Mar  2 00:12:22 openvpn[3589]: event_wait : Interrupted system call (code=4)
Mar  2 00:12:22 openvpn[3589]: /sbin/route del -net x.x.x.x netmask 255.255.255.255
Mar  2 00:12:22 openvpn[3589]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Mar  2 00:12:22 openvpn[3589]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Mar  2 00:12:22 openvpn[3589]: Closing TUN/TAP interface
Mar  2 00:12:22 openvpn[3589]: /sbin/ifconfig tun11 0.0.0.0
Mar  2 00:12:22 openvpn[3589]: SIGTERM[hard,] received, process exiting
Mar  2 00:12:22 radvd[1285]: attempting to reread config file
Mar  2 00:12:22 radvd[1285]: resuming normal operation
Mar  2 00:12:22 radvd[1285]: attempting to reread config file
Mar  2 00:12:22 radvd[1285]: resuming normal operation
Mar  2 00:12:22 radvd[1285]: attempting to reread config file
Mar  2 00:12:22 radvd[1285]: resuming normal operation
Mar  2 00:12:22 radvd[1285]: attempting to reread config file
Mar  2 00:12:22 radvd[1285]: resuming normal operation

 

[RMerlin]

Server is working fine, I connect to it almost every day from work.

I haven't re-tested the client lately, but doubt that any change in 270.25 could have broken it if it was working in 270.24 - the only change for OpenVPN was that it's compiled with additional optimization switches enabled.

Based on what I can see in the log you posted, something told your OpenVPN client to terminate about 30 secs after it was started:

Mar  2 00:12:22 notify_rc : stop_vpnclient1

 

[janosek]

I have the same issue. after 2 hours of trying to get it to work, I downgraded to .24 and it instantly worked. let me know what you need.


I use private internet access

 

[netmik3]

The killing was me to get the logs of on then off. Otherwise it keeps showing connected and even updates packet numbers.

 

[RMerlin]

I have no problem connecting my RT-N66U client to a remote OpenVPN server running on a DD-WRT router here. You will need to provide me with more details about your setup.

Enable more verbose OpenVPN logging first:

nvram set vpn_loglevel=10
nvram commit

Then try again connecting with your client.

 

[RMerlin]

I found a free OpenVPN service which allowed me to actually test routing. The problem is related to the fix for the firewall_2 failure - having a default policy of DROP in the FORWARD table prevents the OpenVPN tunnel from routing.

You can fix this by changing the default policy of that table in a firewall-start script:

#!/bin/sh
iptables -P FORWARD ACCEPT

I'll have to see if it can be easily fixed, if not I will simply revert the fix, as in theory it should be pretty hard to exploit.

 

[netmik3]

25b fixed it