dissonant Posted Monday at 12:04 AM Share Posted Monday at 12:04 AM Strange issue with the Hybrid VPN. I have only been enabling for certain activities but keeping it off normally. I always check my IP after enabling to make sure that the IP is properly masked first and today I noticed it wasn't. So I disabled and enabled again (also have block traffic when VPN disconnected enabled) with no success. I tried changing the config to point to a different VPN config for a different city with no difference. Also tried rebooting the router and no change. Also tried deleting and re-adding the device to be hidden behind the VPN. Not sure what else I should try short of reloading a saved config or reflashing. Thought I'd post on here in case you guys might want some log files or something in case there is some bug in the firmware you'd want to fix before trying that? Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted Monday at 03:18 PM Administrators Share Posted Monday at 03:18 PM Could you provide a screenshot of the rule you have made please? Link to comment Share on other sites More sharing options...
dissonant Posted Monday at 09:33 PM Author Share Posted Monday at 09:33 PM Sorry, not sure what you need. I'm not talking about the VPN into the router, I'm talking about the Hybrid VPN that allows you to put certain clients behind a VPN that the router connects to. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted Monday at 10:04 PM Administrators Share Posted Monday at 10:04 PM Yeah I get you - the right side of HVPN where you add a rule - the device you want it to apply to and the service Link to comment Share on other sites More sharing options...
dissonant Posted Monday at 10:34 PM Author Share Posted Monday at 10:34 PM Oh, well that side didn't change.... I've had it the same way the entire time and it just stopped working, but here you go. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted Monday at 11:43 PM Administrators Share Posted Monday at 11:43 PM That's fine, can I see the log then please, should be working fine otherwise you wouldn't have a connection. The IP can cache so may be worth rebooting the device itself after applying and checking again Link to comment Share on other sites More sharing options...
dissonant Posted Tuesday at 09:10 AM Author Share Posted Tuesday at 09:10 AM Yeah, I have noticed in the past the IP might be cached on certain ip location sites if I check right before enabling the hVPN and then check again, so I open an incognito window and also try other IP location sites that I haven't been to recently so I know the IP is not cached. Here's the log: Tue Nov 12 08:59:18 2024 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 19 2023 Tue Nov 12 08:59:18 2024 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06 Tue Nov 12 08:59:18 2024 WARNING: --ping should normally be used with --ping-restart or --ping-exit Tue Nov 12 08:59:18 2024 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Nov 12 08:59:18 2024 NOTE: --fast-io is disabled since we are not using UDP Tue Nov 12 08:59:18 2024 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 12 08:59:18 2024 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Nov 12 08:59:18 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]149.102.254.32:1443 Tue Nov 12 08:59:18 2024 Socket Buffers: R=[87380->87380] S=[16384->16384] Tue Nov 12 08:59:18 2024 Attempting to establish TCP connection with [AF_INET]149.102.254.32:1443 [nonblock] Tue Nov 12 08:59:19 2024 TCP connection established with [AF_INET]149.102.254.32:1443 Tue Nov 12 08:59:19 2024 TCP_CLIENT link local: (not bound) Tue Nov 12 08:59:19 2024 TCP_CLIENT link remote: [AF_INET]149.102.254.32:1443 Tue Nov 12 08:59:19 2024 TLS: Initial packet from [AF_INET]149.102.254.32:1443, sid=c19aadce 207590bd Tue Nov 12 08:59:19 2024 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Nov 12 08:59:19 2024 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA Tue Nov 12 08:59:19 2024 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA Tue Nov 12 08:59:19 2024 VERIFY KU OK Tue Nov 12 08:59:19 2024 Validating certificate extended key usage Tue Nov 12 08:59:19 2024 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Nov 12 08:59:19 2024 VERIFY EKU OK Tue Nov 12 08:59:19 2024 VERIFY OK: depth=0, CN=us-sea-v051.prod.surfshark.com Tue Nov 12 08:59:19 2024 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1603', remote='link-mtu 1583' Tue Nov 12 08:59:19 2024 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM' Tue Nov 12 08:59:19 2024 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]' Tue Nov 12 08:59:19 2024 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Tue Nov 12 08:59:19 2024 [us-sea-v051.prod.surfshark.com] Peer Connection Initiated with [AF_INET]149.102.254.32:1443 Tue Nov 12 08:59:21 2024 SENT CONTROL [us-sea-v051.prod.surfshark.com]: 'PUSH_REQUEST' (status=1) Tue Nov 12 08:59:21 2024 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.7.7.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.7.13 255.255.255.0,peer-id 11,cipher AES-256-GCM' Tue Nov 12 08:59:21 2024 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.3) Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: timers and/or timeouts modified Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Tue Nov 12 08:59:21 2024 Socket Buffers: R=[87380->327680] S=[21480->327680] Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: --ifconfig/up options modified Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: route options modified Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: route-related options modified Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: peer-id set Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: adjusting link_mtu to 1626 Tue Nov 12 08:59:21 2024 OPTIONS IMPORT: data channel crypto options modified Tue Nov 12 08:59:21 2024 Data Channel: using negotiated cipher 'AES-256-GCM' Tue Nov 12 08:59:21 2024 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Nov 12 08:59:21 2024 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Nov 12 08:59:21 2024 TUN/TAP device tun0 opened Tue Nov 12 08:59:21 2024 TUN/TAP TX queue length set to 100 Tue Nov 12 08:59:21 2024 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Tue Nov 12 08:59:21 2024 /sbin/ifconfig tun0 10.7.7.13 netmask 255.255.255.0 mtu 1500 broadcast 10.7.7.255 Tue Nov 12 08:59:21 2024 /bin/touch /tmp/lua_LSJMk6 tun0 1500 1554 10.7.7.13 255.255.255.0 init Tue Nov 12 08:59:21 2024 Initialization Sequence Completed Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted Tuesday at 03:56 PM Administrators Share Posted Tuesday at 03:56 PM That all looks fine, could you provide the config you're using please? Link to comment Share on other sites More sharing options...
dissonant Posted yesterday at 08:23 AM Author Share Posted yesterday at 08:23 AM Here you go: client dev tun proto tcp remote us-sea.prod.surfshark.com 1443 remote-random nobind tun-mtu 1500 mssfix 1450 ping 15 ping-restart 0 reneg-sec 0 remote-cert-tls server auth-user-pass #comp-lzo verb 3 fast-io cipher AES-256-CBC auth SHA512 <ca> -----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- </ca> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1----- </tls-auth> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now