Ok I understand that. This config I have used for years and working fine. They have always have it that way. No strange in my config.Something seem really broken with that provider or your setup. They push a hostname instead of an IP as the gateway. Hostnames cannot be combined with a prefix (since they aren't IPs), and your connection flats out fail to connect with the prefix, while it generates that error message if there's no prefix.
daemon ovpn-client1
client
dev tun11
txqueuelen 1000
proto udp
remote pool-1.prd.se.sthlm.ovpn.com 1194
remote pool-1.prd.se.sthlm.ovpn.com 1195
remote pool-2.prd.se.sthlm.ovpn.com 1194
remote pool-2.prd.se.sthlm.ovpn.com 1195
nobind
persist-key
persist-tun
compress
data-ciphers CHACHA20-POLY1305
tls-auth static.key 1
ca ca.crt
auth-user-pass auth
up 'ovpn-up 1 client'
down 'ovpn-down 1 client'
script-security 2
route-delay 2
route-up vpnrouting.sh
route-pre-down vpnrouting.sh
verb 3
status-version 2
status status 5
# Custom Configuration
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
pull-filter ignore 'dhcp-option DNS 192.165.9.158'
pull
remote-random
server-poll-timeout 6
resolv-retry infinite
remote-cert-tls server
mute-replay-warnings
replay-window 256
# auth-nocache
reneg-sec 0
fast-io
log /tmp/vpnclient-1.log
PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60,persist-key,redirect-gateway def1,explicit-exit-notify 2,route-gateway 10.128.0.1,topology subnet,compress ,dhcp-option DNS 46.227.67.134,dhcp-option DNS 192.165.9.158,ifconfig 10.128.1.163 255.255.252.0,peer-id 11,cipher CHACHA20-POLY1305'
"${script_type}" "${common_name}" "${trusted_ip}" "${trusted_port}"Which environment variable are you trying to acesss?
Not at then moment as I have reverted back to 386_2_6. Maby someone can test that?Can you add a "logger" call to see if the script gets called at all?
Maybe i should cheekily add YazFi to that pageWill the VPN Director replace also the scripting for "How to setup WLAN SSID for VPN routing"?
In case somebody tried this setup already, I would appreciate feedback...
Anyway, I will try it out myself over the weekend (when my wife is out of home).
In English pleaseNord VPN nie działa po instalacji wersji beta. Wygląda na to, że jest połączony, ale mam stan niezabezpieczony. Jakich ustawień, aby wszystko było w porządku.View attachment 34471
As people have suggested already: don't put a wide ranging rule on OVPN1 and a more specific rule on OVPN5. This will not work, the first rule will be applied first.
Don't use conflicting rules either. If two rules can affect a client, and the two rules have different DNS behaviour, then the end result as to which DNS gets used is unpredictable, as the DNS redirections are not prioritized. I might try to see it could be prioritized, but no guarantee that it will be doable.
You know this is a early beta... and completely new function.NView attachment 34472ord vpn doesn't work after beta installation. It seems to show that it is connected, but I have an unprotected status. What settings to use to make everything right.
it didn't do anythingYou know this is a early beta... and completely new function.
But try to set accept DNS to exclusiv and restart client.
Did you read first post?it didn't do anything
thanks, it worksto nic nie zrobiło
Not sure which empty description you are referring to, but rules have to be IP-based, as it's implemented through a routing table.Is it possible to point the director with the description of the device? Or is this empty on purpose for rule descriptions you make?
It's possible that your issues are caused by this script, as it might not be compatible with the new VPN implementation. I suspect your error messages and the problems with routes containing a prefix were generated by that script and not by the firmware, which would explain why those messages don't exist in the firmware code itself.all script get triggered from my openvpn-event script from @john9527
No, and the displayed order may also change at any time as the list is sorted by interface on the web interface, to visually show the order in which rules are applied. Within an OVPN instance the order is irrelevant, since all rules will target the same routing table.Is there a way to re-order the rules? looking at screenshots posted here it looks like I would need to delete rules to re-order them?
can I take it from this major function/addition/change update beta having most of the issues crossed off this (your, lead dev's) list, 386.3 release is imminent?Known issues:
DNS Exclusive mode doesn't work(Code wasn't updated to VPN Director, fixed)- Routing fails to work with providers that push a hostname as gateway address instead of an IP (Possibly fixed, will need to be tested)
VPN routing failing if DNS Mode is set to "Disable"(up-handler was skipping route configuration, fixed)- After making changes to rules, Exclusive DNS rules aren't refreshed (for now you need to restart a client to refresh these rules, this will be implemented in a future build)
I don't think so, I only use mentioned environmentvariables and don't do any manipulation to vpn-code.It's possible that your issues are caused by this script, as it might not be compatible with the new VPN implementation. I suspect your error messages and the problems with routes containing a prefix were generated by that script and not by the firmware, which would explain why those messages don't exist in the firmware code itself.
I'll take a look at the missing env variables, maybe they are missing when called from some events.
The drop down shows the device name but once clicked it will have the proper ip address. Makes sense. i was hoping that the description above that, the device name automatic could be filled. i understand that it can be edited with rules, etc. Maybe you could consider?Not sure which empty description you are referring to, but rules have to be IP-based, as it's implemented through a routing table.
No, we're still a long way from it, I haven`t even reached beta cycle yet.can I take it from this major function/addition/change update beta having most of the issues crossed off this (your, lead dev's) list, 386.3 release is imminent?
That would be counter-intuitive, people using a dropdown attached to a field wouldn't expect it to auto-fill another field that`s above it. And if you enter fields in a logical order (from top to bottom), users would typically have already filled the Desc field, and having this overwritten would be bad design. I have no plans to change the current behaviour.Maybe you could consider?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!