Router log file access?

[mikehd]

Hi all,

 

I'm troubleshooting a nightly VPN disconnect issue and am trying to locate any log files that might be archived on the router. Are these accessible to the user? I'm not suspecting an issue with the Netduma, but will need the log files to see if I'm getting a reboot etc that could cause the disconnect.

 

I realize I can view the VPN log at the time I notice the disconnect, but I'd like to view the router log file as well.

 

I'm on 1.03.6h firmware.

 

thanks,

 

Mike

[Netduma Jack]

Hi all,

 

I'm troubleshooting a nightly VPN disconnect issue and am trying to locate any log files that might be archived on the router. Are these accessible to the user? I'm not suspecting an issue with the Netduma, but will need the log files to see if I'm getting a reboot etc that could cause the disconnect.

 

I realize I can view the VPN log at the time I notice the disconnect, but I'd like to view the router log file as well.

 

I'm on 1.03.6h firmware.

 

thanks,

 

Mike

 

Hi Mike, welcome to the forum

 

Unfortunately there's no way to access the log files currently, though that will be a feature in DumaOS which we hope to release later this year. Do you receive an error message when you disconnect, and if so what does it state? Does it happen at the same time every night? It could potentially be the VPN provider switching the servers which isn't communicating well with the Netduma VPN.

[mikehd]

Here's a snip of the VPN log after this occurs:

Tue Sep 12 21:51:33 2017 [2136bcaeca1eddd771c929559cfff859] Inactivity timeout (--ping-restart), restarting
Tue Sep 12 21:51:33 2017 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 12 21:51:35 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 12 21:51:35 2017 UDPv4 link local: [undef]
Tue Sep 12 21:51:35 2017 UDPv4 link remote: [AF_INET]104.200.154.65:1198
Tue Sep 12 21:51:35 2017 ERROR: could not read Auth username from stdin
Tue Sep 12 21:51:35 2017 Exiting due to fatal error
Tue Sep 12 21:51:35 2017 /sbin/ifconfig tun0 0.0.0.0
Tue Sep 12 21:51:35 2017 /www/scripts/vpndown.sh 10666 tun0 1500 1558 10.25.10.6 10.25.10.5 init

I had VPN disabled on the router last night so can't speak to the time interval yet.

 

Thanks for the reply and the update on the OS work.

 

Mike

[Netduma Jack]

Here's a snip of the VPN log after this occurs:

Tue Sep 12 21:51:33 2017 [2136bcaeca1eddd771c929559cfff859] Inactivity timeout (--ping-restart), restarting
Tue Sep 12 21:51:33 2017 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 12 21:51:35 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 12 21:51:35 2017 UDPv4 link local: [undef]
Tue Sep 12 21:51:35 2017 UDPv4 link remote: [AF_INET]104.200.154.65:1198
Tue Sep 12 21:51:35 2017 ERROR: could not read Auth username from stdin
Tue Sep 12 21:51:35 2017 Exiting due to fatal error
Tue Sep 12 21:51:35 2017 /sbin/ifconfig tun0 0.0.0.0
Tue Sep 12 21:51:35 2017 /www/scripts/vpndown.sh 10666 tun0 1500 1558 10.25.10.6 10.25.10.5 init

I had VPN disabled on the router last night so can't speak to the time interval yet.

 

Thanks for the reply and the update on the OS work.

 

Mike

 

Do you have the config file which you could post here? I found someone else with that error message who removed the following lines and solved the issue:

 

auth-user-pass

dev-tun

ca ca.crt

cert client.crt

key client.key

 

Please let us know if that works.

[mikehd]

 

Do you have the config file which you could post here? I found someone else with that error message who removed the following lines and solved the issue:

 

auth-user-pass

dev-tun

ca ca.crt

cert client.crt

key client.key

 

Please let us know if that works.

 

 

Here's my config as input into the VPN menu for Netduma (certificate info not included):

client
dev tun
proto udp
remote us-seattle.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
auth-nocache

"auth-user-pass" looks to be the only exact match, I have "dev tun" not "dev-tun"

 

I'll delete "auth-user-pass" and investigate "dev tun" vs "dev-tun".

 

thanks again for the support

 

***

Update

 

I tried removing the "dev tun" first, then "dev tun" and "persist-tun" in separate connect attempts. Neither configs would connect.

I then removed "auth-user-pass" and it connects. Will leave up over night to see if it stays up.

Edited September 14, 2017 by mikehd

[mikehd]

Another disconnect last night after removing the "auth-user-pass" command from my VPN script. I've got a ticket opened with PIA (my VPN provideder) to see what's up from their end. Here's the full log file from start to end.

Thu Sep 14 18:33:00 2017 WARNING: file '/tmp/vpncred' is group or others accessible
Thu Sep 14 18:33:00 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Sep 14 18:33:02 2017 UDPv4 link local: [undef]
Thu Sep 14 18:33:02 2017 UDPv4 link remote: [AF_INET]104.200.154.21:1198
Thu Sep 14 18:33:32 2017 [a9a49a0e701746f1ea597b31f744db39] Peer Connection Initiated with [AF_INET]104.200.154.21:1198
Thu Sep 14 18:33:34 2017 TUN/TAP device tun0 opened
Thu Sep 14 18:33:34 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 14 18:33:34 2017 /sbin/ifconfig tun0 10.14.10.10 pointopoint 10.14.10.9 mtu 1500
Thu Sep 14 18:33:34 2017 /www/scripts/vpnup.sh 1853 tun0 1500 1558 10.14.10.10 10.14.10.9 init
Thu Sep 14 18:33:35 2017 Initialization Sequence Completed
Fri Sep 15 02:34:59 2017 [a9a49a0e701746f1ea597b31f744db39] Inactivity timeout (--ping-restart), restarting
Fri Sep 15 02:34:59 2017 SIGUSR1[soft,ping-restart] received, process restarting
Fri Sep 15 02:35:01 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Sep 15 02:35:01 2017 UDPv4 link local: [undef]
Fri Sep 15 02:35:01 2017 UDPv4 link remote: [AF_INET]104.200.154.83:1198
Fri Sep 15 02:35:01 2017 ERROR: could not read Auth username from stdin
Fri Sep 15 02:35:01 2017 Exiting due to fatal error
Fri Sep 15 02:35:01 2017 /sbin/ifconfig tun0 0.0.0.0
Fri Sep 15 02:35:01 2017 /www/scripts/vpndown.sh 1853 tun0 1500 1558 10.14.10.10 10.14.10.9 init

To me it looks like a maximum of 8 hour inactivity is allowed before they kill the tunnel. But why is the script not able to reconnect? Why the "could not read Auth username from stdin" error?

[Netduma Jack]

Another disconnect last night after removing the "auth-user-pass" command from my VPN script. I've got a ticket opened with PIA (my VPN provideder) to see what's up from their end. Here's the full log file from start to end.

Thu Sep 14 18:33:00 2017 WARNING: file '/tmp/vpncred' is group or others accessible
Thu Sep 14 18:33:00 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Sep 14 18:33:02 2017 UDPv4 link local: [undef]
Thu Sep 14 18:33:02 2017 UDPv4 link remote: [AF_INET]104.200.154.21:1198
Thu Sep 14 18:33:32 2017 [a9a49a0e701746f1ea597b31f744db39] Peer Connection Initiated with [AF_INET]104.200.154.21:1198
Thu Sep 14 18:33:34 2017 TUN/TAP device tun0 opened
Thu Sep 14 18:33:34 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 14 18:33:34 2017 /sbin/ifconfig tun0 10.14.10.10 pointopoint 10.14.10.9 mtu 1500
Thu Sep 14 18:33:34 2017 /www/scripts/vpnup.sh 1853 tun0 1500 1558 10.14.10.10 10.14.10.9 init
Thu Sep 14 18:33:35 2017 Initialization Sequence Completed
Fri Sep 15 02:34:59 2017 [a9a49a0e701746f1ea597b31f744db39] Inactivity timeout (--ping-restart), restarting
Fri Sep 15 02:34:59 2017 SIGUSR1[soft,ping-restart] received, process restarting
Fri Sep 15 02:35:01 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Sep 15 02:35:01 2017 UDPv4 link local: [undef]
Fri Sep 15 02:35:01 2017 UDPv4 link remote: [AF_INET]104.200.154.83:1198
Fri Sep 15 02:35:01 2017 ERROR: could not read Auth username from stdin
Fri Sep 15 02:35:01 2017 Exiting due to fatal error
Fri Sep 15 02:35:01 2017 /sbin/ifconfig tun0 0.0.0.0
Fri Sep 15 02:35:01 2017 /www/scripts/vpndown.sh 1853 tun0 1500 1558 10.14.10.10 10.14.10.9 init

To me it looks like a maximum of 8 hour inactivity is allowed before they kill the tunnel. But why is the script not able to reconnect? Why the "could not read Auth username from stdin" error?

 

I'm honestly unsure about why this would be the case - though Fraser is back from vacation on Monday and should have a bit more insight since he's dealt with VPN's more than me. Did you have any luck with the ticket you opened with your VPN provider?

[mikehd]

I'm honestly unsure about why this would be the case - though Fraser is back from vacation on Monday and should have a bit more insight since he's dealt with VPN's more than me. Did you have any luck with the ticket you opened with your VPN provider?

 

The only response so far was to ask me questions regarding OS, was I using their client, what country am I in... all stuff already provided. So no help yet.

 

My work around right now is to use the VPN client on the PCs that need the service rather than do the router implementation.

 

Thanks for the support!

[mikehd]

Ok, PIA is now claiming (after I pointed out the error in the log file) that

 

 

In the config file you are missing the path to password user name file

 

Which is shown in this error in the R1

Fri Sep 15 02:35:01 2017 ERROR: could not read Auth username from stdin

So, if Fraser could take a look and let me know how to specify the path (if possible) I would appreciate it.

 

For now I'm running the PIA client on the relevant PCs rather than use the R1 capability.

 

thanks

[Netduma Jack]

Ok, PIA is now claiming (after I pointed out the error in the log file) that

 

Which is shown in this error in the R1

Fri Sep 15 02:35:01 2017 ERROR: could not read Auth username from stdin

So, if Fraser could take a look and let me know how to specify the path (if possible) I would appreciate it.

 

For now I'm running the PIA client on the relevant PCs rather than use the R1 capability.

 

thanks

 

Hi Mike,

 

I'm glad they've pointed you in the right direction. Fraser's currently off sick but I'll see if I can get him to take a look from home. I'll also try and have a look myself, though I've not tested VPN's half as much as Fraser. I'm hoping he'll be in next week and we'll get this properly sorted, but I'll let you know if I find anything you can try

[mikehd]

Another reply from VIA regarding the config script:

 

 

The daily disconnect you are experiencing might be resolved by switching your connection from UDP to TCP. Here are the available port/encryption combinations to try:

TCP

If you're using AES-128-CBC, please use the following settings: TCP 502

If you're using AES-256-CBC, please use the following settings: TCP 501

UDP

If you're using AES-128-CBC, please use the following settings: UDP 1198

If you're using AES-256-CBC, please use the following settings: UDP 1197

 

Additionally, you are using auth-user-pass without specifying a file location. This command should be used with the specification of a file path that points to a text file containing your user name on the first line and your password on the second line. An example of what this command might look like: auth-user-pass /tmp/login_credentials.txt

 

I'm not sure the UDP or TCP is really causing the disconnect. I do not know what the path to the login credentials will be on the R1. Is this information that Fraser or you can provide?

[Netduma Jack]

Ok, PIA is now claiming (after I pointed out the error in the log file) that

 

Which is shown in this error in the R1

Fri Sep 15 02:35:01 2017 ERROR: could not read Auth username from stdin

So, if Fraser could take a look and let me know how to specify the path (if possible) I would appreciate it.

 

For now I'm running the PIA client on the relevant PCs rather than use the R1 capability.

 

thanks

 

Based on PIA’s advice you would change the two lines in your config to this: 

 

proto tcp

remote us-seattle.privateinternetaccess.com 502

 

Though that is assuming they have the same servers for TCP & UDP (I would assume so). Though if you’re using this for gaming then this won’t work because games use primarily UDP. If you’re just browsing the internet then this change may actually work. In terms of the path I don’t think it’s needed as other configs for other VPN providers haven’t needed it.

[mikehd]

It seems that the R1 needs to store the username and password in order to log in initially. Or is it used then thrown away? Or is it in /tmp/login_credentials.txt ?

 

Is there a console that the user can invoke?

Edited September 23, 2017 by mikehd

[Netduma Jack]

It seems that the R1 needs to store the username and password in order to log in initially. Or is it used then thrown away? Or is it in /tmp/login_credentials.txt ?

 

Is there a console that the user can invoke?

 

I'm not sure if the R1 stores the username and password, though I don't believe it can be found in /tmp/login_credentials.txt. Please try factory resetting and re-entering the configuration file and login details - unfortunately there's no console you can invoke on your end.