Posted: Sat Feb 20, 2021 10:58 Post subject: VPN Problem
Hallo Zusammen und schon mal vielen Dank im Voraus, für die Hilfe.
Ich habe mir einen Netgear R7800 Router gekauft und mit der Firmware DD-WRT v3.0-r44719 geflasht.
Habe mir dann VPN von Cyberghost zu gelegt und bin dort die Anleitung Schritt für Schritt durch gegangen.
Habe den VPN Client im DD WRT Router aktiviert, alles eingegeben und neu gestartet. Im Status zeigt er mir auch
CONNECTED SUCCESS an, was ja heißt mit VPN verunden.
Aber ich habe keine Internet Verbindung.
Ich habe an meinen Netgear Router meinen PC und meine Ps4 angeschlossen, für diese will ich nur die VPN Verbindung.
Sobald ich den VPN Client wieder deaktiviere, speichere und Anwende, habe ich sofort wieder eine Internet Verbindung.
Der Support von Cyberghost ist keine große Hilfe und es dauert ewig, bis mal ne Antwort kommt. Anscheinend wollen die die 45 Tage Geld zurück Garantie rum bekommen.
Also muss es ein kleiner Einstellungsfehler sein.
Bin kein Profi in Sachen VPN. Hoffe im Bild sind alle wichtigen Einstellungen zu sehen, die man braucht um mir zu helfen.
Unten ist noch der Status vom VPN.
Ich bedanke mich vielmals für alles.
LG Torsten
Status VPN:
StatusClient: CONNECTED SUCCESS
--------------------------------------------------------------------------------
Local Address: 10.203.3.210
Remote Address: 10.203.3.210
LogClientlog:
20210220 11:25:52 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20210220 11:25:52 W DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
20210220 11:25:52 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210220 11:25:52 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20210220 11:25:52 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20210220 11:25:52 Current Parameter Settings:
20210220 11:25:52 config = '/tmp/openvpncl/openvpn.conf'
20210220 11:25:52 mode = 0
20210220 11:25:52 NOTE: --mute triggered...
20210220 11:25:52 234 variation(s) on previous 3 message(s) suppressed by --mute
20210220 11:25:52 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020
20210220 11:25:52 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20210220 11:25:52 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210220 11:25:52 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210220 11:25:52 LZO compression initializing
20210220 11:25:52 Control Channel MTU parms [ L:1626 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20210220 11:25:52 Data Channel MTU parms [ L:1626 D:1450 EF:126 EB:407 ET:0 EL:3 ]
20210220 11:25:52 Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
20210220 11:25:52 Local Options String (VER=V4): 'V4 dev-type tun link-mtu 1574 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA256 keysize 256 key-method 2 tls-client'
20210220 11:25:52 Expected Remote Options String (VER=V4): 'V4 dev-type tun link-mtu 1574 tun-mtu 1500 proto UDPv4 comp-lzo mtu-dynamic cipher AES-256-CBC auth SHA256 keysize 256 key-method 2 tls-server'
20210220 11:25:52 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.38:443
20210220 11:25:52 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210220 11:25:52 I UDPv4 link local: (not bound)
20210220 11:25:52 I UDPv4 link remote: [AF_INET]37.120.217.38:443
20210220 11:25:52 TLS: Initial packet from [AF_INET]37.120.217.38:443 sid=f1f7a87c 768dfd8a
20210220 11:25:52 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20210220 11:25:52 VERIFY KU OK
20210220 11:25:52 Validating certificate extended key usage
20210220 11:25:52 ++ Certificate has EKU (str) TLS Web Server Authentication expects TLS Web Server Authentication
20210220 11:25:52 NOTE: --mute triggered...
20210220 11:25:52 2 variation(s) on previous 3 message(s) suppressed by --mute
20210220 11:25:52 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1574' remote='link-mtu 1549'
20210220 11:25:52 W WARNING: 'comp-lzo' is present in local config but missing in remote config local='comp-lzo'
20210220 11:25:52 W WARNING: 'mtu-dynamic' is present in local config but missing in remote config local='mtu-dynamic'
20210220 11:25:52 W WARNING: 'auth' is used inconsistently local='auth SHA256' remote='auth [null-digest]'
20210220 11:25:52 W WARNING: 'keysize' is used inconsistently local='keysize 256' remote='keysize 128'
20210220 11:25:52 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 4096 bit RSA
20210220 11:25:52 I [berlin-rack410.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]37.120.217.38:443
20210220 11:25:53 SENT CONTROL [berlin-rack410.nodes.gen4.ninja]: 'PUSH_REQUEST' (status=1)
20210220 11:25:53 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 route-ipv6 2000::/3 dhcp-option DNS 10.101.0.243 route-gateway 10.203.3.1 topology subnet ping 10 ping-restart 60 ifconfig 10.203.3.210 255.255.255.0 peer-id 20'
20210220 11:25:53 W WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
20210220 11:25:53 OPTIONS IMPORT: timers and/or timeouts modified
20210220 11:25:53 OPTIONS IMPORT: --ifconfig/up options modified
20210220 11:25:53 OPTIONS IMPORT: route options modified
20210220 11:25:53 NOTE: --mute triggered...
20210220 11:25:53 4 variation(s) on previous 3 message(s) suppressed by --mute
20210220 11:25:53 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20210220 11:25:53 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
20210220 11:25:53 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20210220 11:25:53 NOTE: --mute triggered...
20210220 11:25:53 1 variation(s) on previous 3 message(s) suppressed by --mute
20210220 11:25:53 net_route_v4_best_gw query: dst 0.0.0.0
20210220 11:25:53 net_route_v4_best_gw result: via 192.168.178.44 dev eth0
20210220 11:25:53 GDG6: remote_host_ipv6=n/a
20210220 11:25:53 net_route_v6_best_gw query: dst ::
20210220 11:25:53 W sitnl_send: rtnl: generic error (-95): Not supported
20210220 11:25:53 I TUN/TAP device tun1 opened
20210220 11:25:53 do_ifconfig ipv4=1 ipv6=0
20210220 11:25:53 I net_iface_mtu_set: mtu 1500 for tun1
20210220 11:25:53 I net_iface_up: set tun1 up
20210220 11:25:53 I net_addr_v4_add: 10.203.3.210/24 dev tun1
20210220 11:25:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:25:56 D MANAGEMENT: CMD 'state'
20210220 11:25:56 MANAGEMENT: Client disconnected
20210220 11:25:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:25:56 D MANAGEMENT: CMD 'state'
20210220 11:25:56 MANAGEMENT: Client disconnected
20210220 11:25:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:25:56 D MANAGEMENT: CMD 'state'
20210220 11:25:56 MANAGEMENT: Client disconnected
20210220 11:25:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:25:56 D MANAGEMENT: CMD 'status 2'
20210220 11:25:56 MANAGEMENT: Client disconnected
20210220 11:25:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:25:56 D MANAGEMENT: CMD 'log 500'
20210220 11:25:56 MANAGEMENT: Client disconnected
20210220 11:25:58 net_route_v4_add: 37.120.217.38/32 via 192.168.178.44 dev [NULL] table 0 metric -1
20210220 11:25:58 net_route_v4_add: 0.0.0.0/1 via 10.203.3.1 dev [NULL] table 0 metric -1
20210220 11:25:58 net_route_v4_add: 128.0.0.0/1 via 10.203.3.1 dev [NULL] table 0 metric -1
20210220 11:25:58 I WARNING: OpenVPN was configured to add an IPv6 route. However no IPv6 has been configured for tun1 therefore the route installation may fail or may not work as expected.
20210220 11:25:58 I add_route_ipv6(2000::/3 -> :: metric -1) dev tun1
20210220 11:25:58 net_route_v6_add: 2000::/3 via :: dev tun1 table 0 metric -1
20210220 11:25:58 W sitnl_send: rtnl: generic error (-95): Not supported
20210220 11:25:58 W ERROR: Linux IPv6 route can't be added
20210220 11:25:58 I Initialization Sequence Completed
20210220 11:26:03 N FRAG_IN error flags=0x2a187bf3: FRAG_TEST not implemented
20210220 11:26:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:26:06 D MANAGEMENT: CMD 'state'
20210220 11:26:06 MANAGEMENT: Client disconnected
20210220 11:26:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:26:06 D MANAGEMENT: CMD 'state'
20210220 11:26:06 MANAGEMENT: Client disconnected
20210220 11:26:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:26:06 D MANAGEMENT: CMD 'state'
20210220 11:26:06 MANAGEMENT: Client disconnected
20210220 11:26:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:26:06 D MANAGEMENT: CMD 'status 2'
20210220 11:26:06 MANAGEMENT: Client disconnected
20210220 11:26:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210220 11:26:06 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
Also bei mir wird bei Upgrade als letztes Build nur 44715 angezeigt. Diese hab ich ja drauf. Alles andere probiere ich gleich mal aus.
Was ich bei der Schritt für Schritt Erklärung nicht so verstehe, ist :
Bei der Verwendung von zwei Routern (einer im DSL-Modem, der andere der geflashte) konfiguriere bitte deinen DD-WRT-Router so, dass er sich mit dem Internet verbindet, sich aber gleichzeitig in einer anderen Netzwerkklasse befindet. Hierzu klicke in den DD-WRT-Einstellungen auf 'Setup' und 'Basic Setup', aktiviere die automatische Vergabe von IP-Adressen (DHCP) für das WAN und vergebe im Bereich 'Network Setup' eine feste lokale IP-Adresse für den DD-WRT-Router.
Habe nur die Router IP vom Netgear gewechselt. Alles andere habe ich so gelassen. Oder muss ich da noch eine IP Eintragen von meiner FritzBox ?
Log
Clientlog:
20210222 15:47:04 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20210222 15:47:04 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20210222 15:47:04 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20210222 15:47:04 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 17 2021
20210222 15:47:04 I library versions: OpenSSL 1.1.1i 8 Dec 2020 LZO 2.09
20210222 15:47:04 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20210222 15:47:04 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210222 15:47:04 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210222 15:47:05 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.38:443
20210222 15:47:05 Socket Buffers: R=[262144->262144] S=[262144->262144]
20210222 15:47:05 I UDPv4 link local: (not bound)
20210222 15:47:05 I UDPv4 link remote: [AF_INET]37.120.217.38:443
20210222 15:47:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:05 D MANAGEMENT: CMD 'state'
20210222 15:47:05 MANAGEMENT: Client disconnected
20210222 15:47:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:05 D MANAGEMENT: CMD 'state'
20210222 15:47:05 MANAGEMENT: Client disconnected
20210222 15:47:05 TLS: Initial packet from [AF_INET]37.120.217.38:443 sid=f3759105 d982662c
20210222 15:47:05 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20210222 15:47:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:05 D MANAGEMENT: CMD 'state'
20210222 15:47:05 MANAGEMENT: Client disconnected
20210222 15:47:05 VERIFY OK: depth=1 C=RO L=Bucharest O=CyberGhost S.A. CN=CyberGhost Root CA emailAddress=info@cyberghost.ro
20210222 15:47:05 VERIFY OK: depth=0 CN=berlin-rack410.nodes.gen4.ninja
20210222 15:47:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:05 D MANAGEMENT: CMD 'status 2'
20210222 15:47:05 MANAGEMENT: Client disconnected
20210222 15:47:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:05 D MANAGEMENT: CMD 'log 500'
20210222 15:47:05 MANAGEMENT: Client disconnected
20210222 15:47:05 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1569' remote='link-mtu 1549'
20210222 15:47:05 W WARNING: 'auth' is used inconsistently local='auth SHA256' remote='auth [null-digest]'
20210222 15:47:05 W WARNING: 'keysize' is used inconsistently local='keysize 256' remote='keysize 128'
20210222 15:47:05 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 4096 bit RSA
20210222 15:47:05 I [berlin-rack410.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]37.120.217.38:443
20210222 15:47:06 SENT CONTROL [berlin-rack410.nodes.gen4.ninja]: 'PUSH_REQUEST' (status=1)
20210222 15:47:06 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 route-ipv6 2000::/3 dhcp-option DNS 10.101.0.243 route-gateway 10.203.3.1 topology subnet ping 10 ping-restart 60 ifconfig 10.203.3.210 255.255.255.0 peer-id 50'
20210222 15:47:06 OPTIONS IMPORT: timers and/or timeouts modified
20210222 15:47:06 NOTE: --mute triggered...
20210222 15:47:06 6 variation(s) on previous 3 message(s) suppressed by --mute
20210222 15:47:06 N OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-GCM') to --data-ciphers (currently 'AES-256-CBC:AES-256-CBC:AES-256-CBC') if you want to connect to this server.
20210222 15:47:06 N ERROR: Failed to apply push options
20210222 15:47:06 N Failed to open tun/tap interface
20210222 15:47:06 I SIGUSR1[soft process-push-msg-failed] received process restarting
20210222 15:47:06 Restart pause 5 second(s)
20210222 15:47:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:08 D MANAGEMENT: CMD 'state'
20210222 15:47:08 MANAGEMENT: Client disconnected
20210222 15:47:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:08 D MANAGEMENT: CMD 'state'
20210222 15:47:08 MANAGEMENT: Client disconnected
20210222 15:47:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:08 D MANAGEMENT: CMD 'state'
20210222 15:47:08 MANAGEMENT: Client disconnected
20210222 15:47:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:08 D MANAGEMENT: CMD 'status 2'
20210222 15:47:08 MANAGEMENT: Client disconnected
20210222 15:47:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210222 15:47:08 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
Ist jeder VPN Anbieter so schwer zu konfigurieren ?
Ich meine wenn ich bei Additional Config nun doch das Eingetrag:
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
cipher AES-256-CBC
ncp-disable
auth SHA256
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
verb 4
Das kommt das bei Status mit einmal. Aber die Interverbindung ist direkt wieder unterbrochen.
State
Client: CONNECTED SUCCESS
Local Address: 10.203.23.106
Remote Address: 10.203.23.106