Don't know where I went wrong...any idea? What would you need from me to be able to help me?

JW0914 wrote:

davidc502 wrote:

I was going over here > http://wiki.openwrt.org/toh/linksys/wrt1900ac   to someone express a stronger notion to upgrade to RC2   However, it's currently locked by you.. I hope you're doing it

Cheers,

I think something may have been lost in translation --> "to someone express a stronger notion to upgrade to RC2"

After I saw your post about Kaloz's build, I thought it might be helpful to accentuate and differentiate between the firmware versions on the WRT1900 Wiki, so I separated the individual firmwares via a blank space and changed each firmware listing to green (combined with re-titling page to have a more cohesive Table of Contents)

I didn't know if everyone was in agreement about stressing how "recommended" it is to flash to RC2. and perhaps there should be a change to the main page to reflect the recommendation.

Maybe a flashing .gif? lol

It seems a lot of folks get into trouble trying the other builds. It's okay, as people are entitled to do what they want. I just didn't know if we were stating RC2 as clearly as we could?

just a thought.

gaga wrote:

Don't know where I went wrong...any idea? What would you need from me to be able to help me?

In order to troubleshoot, we need you to post the output of the actual config files.

Config file output we need:

• /etc/config/openvpn

• /etc/config/firewall

• /tmp/openvpn.log

The log file path may vary depending on where you chose to save it via the openvpn config file

Don't forget to remove sensitive information from your config files before posting... such as your DDNS address, and other information you may not wish to share, such as vpn port #, vpn/lan subnets

Critical issue #20 needs to be fixed for the WRT1900AC V1. I've got 9 of these devices in production and one at my exec's home no less. It's only him and his wife most times and the #20 issue is major! In the plant it might only be a couple of techs working on machines. It's very high priority IMO.

davidc502 wrote:

JW0914 wrote:

I think something may have been lost in translation --> "to someone express a stronger notion to upgrade to RC2"

After I saw your post about Kaloz's build, I thought it might be helpful to accentuate and differentiate between the firmware versions on the WRT1900 Wiki, so I separated the individual firmwares via a blank space and changed each firmware listing to green (combined with re-titling page to have a more cohesive Table of Contents)

I didn't know if everyone was in agreement about stressing how "recommended" it is to flash to RC2. and perhaps there should be a change to the main page to reflect the recommendation.

Maybe a flashing .gif? lol

It seems a lot of folks get into trouble trying the other builds. It's okay, as people are entitled to do what they want. I just didn't know if we were stating RC2 as clearly as we could?

just a thought.

I wasn't sure if that was sarcasm or not lol  Were you saying it probably should say something to the effect of "this is recommended build" next to RC2?

JW0914 wrote:

gaga wrote:

Don't know where I went wrong...any idea? What would you need from me to be able to help me?

In order to troubleshoot, we need you to post the output of the actual config files.

Config file output we need:

• /etc/config/openvpn

• /etc/config/firewall

• /tmp/openvpn.log

The log file path may vary depending on where you chose to save it via the openvpn config file

Don't forget to remove sensitive information from your config files before posting... such as your DDNS address, and other information you may not wish to share, such as vpn port #, vpn/lan subnets

In the following the two files. I couldn't find any logs. I think the issue is that the openvpn config is wrong:

[*]        option dh         '/etc/openvpn/keys/VPN-Server/dh2048.pem'[/*]
[*]   option pkcs12     '/etc/openvpn/keys/VPN-Server/VPN-Server.p12'[/*]
[*]        option tls_auth   '/etc/openvpn/keys/VPN-Server/ta.key 0'[/*]

This was different in the tutorial, right?

Plus from the tab "OpenVPN" in LuCi:

/usr/lib/lua/luci/dispatcher.lua:433: Failed to execute cbi dispatcher target for entry '/admin/services/openvpn'.
The called action terminated with an exception:
/usr/lib/lua/luci/cbi.lua:311: Unable to read UCI data: openvpn
stack traceback:
    [C]: in function 'assert'
    /usr/lib/lua/luci/dispatcher.lua:433: in function 'dispatch'
    /usr/lib/lua/luci/dispatcher.lua:168: in function </usr/lib/lua/luci/dispatcher.lua:167>

Firewall

 
config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    list network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config zone
    option name 'wan'
    list network 'wan'
    list network 'wan6'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config zone
    option name 'OpenVPN'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option network 'vpn0'

config forwarding
    option src 'vpn'
    option dest 'wan'

config rule
        option target 'ACCEPT'
        option proto 'tcp udp'
        option family 'ipv4'
        option src '*'
        option dest_port '1194'
        option name 'Allow Inbound VPN0'
        option target 'ACCEPT'
        option proto 'tcp udp'
        option src '*'
        option dest '*'
        option name 'Allow Forwarded VPN0'
        option dest_port '1194'

config rule
        option target 'ACCEPT'
        option proto 'tcp udp'
        option family 'ipv4'
        option src '*'
        option src_ip '10.1.1.0/24'
        option dest_ip '192.168.1.0/24'
        option name 'Allow Inbound VPN0 Traffic to LAN'

config rule
        option target 'ACCEPT'
        option proto 'tcp udp'
        option family 'ipv4'
        option src '*'
        option src_ip '10.1.1.0/24'
        option dest '*'
        option dest_ip '192.168.1.0/24'
        option name 'Allow Forwarded VPN0 Traffic to LAN'

config rule
        option target 'ACCEPT'
        option proto 'icmp'
        option src_ip '10.1.1.0/24'
        option src '*'
        option dest 'lan'
        option name 'Allow Inbound ICMP Traffic from VPN0 to LAN'

config rule
        option target 'ACCEPT'
        option proto 'icmp'
        option src '*'
        option src_ip '10.1.1.0/24'
        option dest 'wan'
        option name 'Allow Outbound ICMP Echo Request (8)'
        list icmp_type 'echo-request'

config forwarding
        option dest 'vpn'
        option src 'lan'

config forwarding
        option dest 'lan'
        option src 'vpn'

OpenVPN

 
config openvpn 'VPNserver'

        option enabled     '1'

    # --- Protocol ---#
        option dev         'tun'
        option dev         'tun0'
        option topology    'subnet'
        option proto       'udp'
        option port        '1194'

    #--- Routes ---#
        option server    '10.1.1.0 255.255.255.0'

    #--- Client Config ---#
#       option ccd_exclusive           '1'
#       option ifconfig_pool_persist   '/etc/openvpn/clients/private/ipp.txt'
#       option client_config_dir       '/etc/openvpn/clients/private'
        option ifconfig                '10.1.1.1 255.255.255.0'

    #--- Pushed Routes ---#
        list push    'route 192.168.1.0 255.255.255.0'
        list push    'dhcp-option DNS 192.168.1.1'
        list push    'dhcp-option WINS 192.168.1.1'
        list push    'dhcp-option DNS 8.8.8.8'
        list push    'dhcp-option DNS 8.8.4.4'
        list push    'dhcp-option NTP 129.6.15.30'

    #--- Encryption ---#
        option cipher     'AES-256-CBC'
        option dh         '/etc/openvpn/keys/VPN-Server/dh2048.pem'
        option pkcs12     '/etc/openvpn/keys/VPN-Server/VPN-Server.p12'
        option tls_auth   '/etc/openvpn/keys/VPN-Server/ta.key 0'

    #--- Logging ---#
        option log           '/tmp/openvpn-private.log'
        option status        '/tmp/openvpn-private-status.log'
        option verb          '7'

    #--- Connection Options ---#
        option keepalive        '10 120'
        option comp_lzo         'yes'

    #--- Connection Reliability ---#
        option client_to_client '1'
        option persist_key      '1'
        option persist_tun      '1'

    #--- Connection Speed ---#    
        option sndbuf            '393216'
        option rcvbuf            '393216'
        option fragment          '0'
        option mssfix            '0'
        option tun_mtu           '48000'

    #--- Pushed Buffers ---#
        list push    'sndbuf 393216'
        list push    'rcvbuf 393216'

    #--- Permissions ---#
        option user     'nobody'
        option group    'nogroup'

Chadster766 wrote:

Critical issue #20 needs to be fixed for the WRT1900AC V1. I've got 9 of these devices in production and one at my exec's home no less. It's only him and his wife most times and the #20 issue is major! In the plant it might only be a couple of techs working on machines. It's very high priority IMO.

It makes me wonder if all the individuals who are experiencing the issue are reporting the issue via the Bug Report link for WiFi issues.  It would seem most who are having the issue are not, as it's a fairly high priority issue .

JW0914 wrote:

davidc502 wrote:

I didn't know if everyone was in agreement about stressing how "recommended" it is to flash to RC2. and perhaps there should be a change to the main page to reflect the recommendation.

Maybe a flashing .gif? lol

It seems a lot of folks get into trouble trying the other builds. It's okay, as people are entitled to do what they want. I just didn't know if we were stating RC2 as clearly as we could?

just a thought.

I wasn't sure if that was sarcasm or not lol  Were you saying it probably should say something to the effect of "this is recommended build" next to RC2?

No sarcasm   I think the main page should jump out and bite anyone considering flashing to anything other than RC2 (unless you're experienced)... I was just wondering if you, and others agree?

cheers

JW0914 wrote:

Chadster766 wrote:

Critical issue #20 needs to be fixed for the WRT1900AC V1. I've got 9 of these devices in production and one at my exec's home no less. It's only him and his wife most times and the #20 issue is major! In the plant it might only be a couple of techs working on machines. It's very high priority IMO.

It makes me wonder if all the individuals who are experiencing the issue are reporting the issue via the Bug Report link for WiFi issues.  It would seem most who are having the issue are not, as it's a fairly high priority issue .

IMO most of the users in this forum are power users and have many devices connected all the time. So they are willing to let this bug be swept under the rug because it doesn't effect them. For me, since I have a many units in diverse environments it's very important.

The openvpn server config is correct, as long as you created the paths the server config points to; if you didn't mirror the paths, the openvpn server would simply need to be updated with the correct ones.

Log file should be where the config file points to: /tmp/openvpn-private.log and /tmp/openvpn-private-status.log (though the latter shouldn't contain any information yet; while the former should have output showing where the error occurred).

Just to verify, you did create the VPN interface right?

Chadster766 wrote:

JW0914 wrote:

It makes me wonder if all the individuals who are experiencing the issue are reporting the issue via the Bug Report link for WiFi issues.  It would seem most who are having the issue are not, as it's a fairly high priority issue .

IMO most of the users in this forum are power users and have many devices connected all the time. So they are willing to let this bug be swept under the rug because it doesn't effect them. For me, since I have a many units in diverse environments it's very important.

Up until about a week ago, I didn't realize there was an actual way to submit bug reports until Kaloz mentioned it along with the links.  I assumed there may be others not realizing it as well, so I added the two Bug Report links to my signature in hopes that if someone is having an issue that can be reproduced by someone, they would notice the links and realize to file a bug report.

JW0914 wrote:

The openvpn server config is correct, as long as you created the paths the server config points to; if you didn't mirror the paths, the openvpn server would simply need to be updated with the correct ones.

Log file should be where the config file points to: /tmp/openvpn-private.log and /tmp/openvpn-private-status.log (though the latter shouldn't contain any information yet; while the former should have output showing where the error occurred).

Just to verify, you did create the VPN interface right?

Yes, but here the config in the tutorial seems to be wrong..

I will start over again...maybe (read most-likely) I did a mistake...

gaga wrote:

JW0914 wrote:

The openvpn server config is correct, as long as you created the paths the server config points to; if you didn't mirror the paths, the openvpn server would simply need to be updated with the correct ones.

Log file should be where the config file points to: /tmp/openvpn-private.log and /tmp/openvpn-private-status.log (though the latter shouldn't contain any information yet; while the former should have output showing where the error occurred).

Just to verify, you did create the VPN interface right?

Yes, but here the config in the tutorial seems to be wrong..

I will start over again...maybe (read most-likely) I did a mistake...

The config in the tutorial is the actual one I use, just with different subnets and ports, plus a second server. 

You don't have to start over again, we just have to narrow down what went wrong and where.

Is there anything output to /tmp/openvpn-private.log?

Call me ignorant or stupid, but:

cp -R keys /etc/openvpn

 '/etc/openvpn/keys/VPN-Server/dh2048.pem'

seems not to correspond, right?

I just want to ensure that this one will work. I have this one at home that I run all the time for my pi... http://www.amazon.com/Honey-House-USB-S … NQSER5C1HG

EDIT
I do understand how that could be confusing to someone who's never setup a VPN server config before, so I've edited the config in the Wiki, removing the extras directories.  The edited config:

config openvpn 'VPN-Server'

        option enabled     '1'

    # --- Protocol ---#
        option dev         'tun'
        option dev         'tun0'
        option topology    'subnet'
        option proto       'udp'
        option port        '1194'

    #--- Routes ---#
        option server    '10.1.1.0 255.255.255.0'

    #--- Client Config ---#
#       option ccd_exclusive           '1'
#       option ifconfig_pool_persist   '/etc/openvpn/clients/ipp.txt'
#       option client_config_dir       '/etc/openvpn/clients/'
        option ifconfig                '10.1.1.1 255.255.255.0'

    #--- Pushed Routes ---#
        list push    'route 192.168.1.0 255.255.255.0'
        list push    'dhcp-option DNS 192.168.1.1'
        list push    'dhcp-option WINS 192.168.1.1'
        list push    'dhcp-option DNS 8.8.8.8'
        list push    'dhcp-option DNS 8.8.4.4'
        list push    'dhcp-option NTP 129.6.15.30'

    #--- Encryption ---#
        option cipher     'AES-256-CBC'
        option dh         '/etc/openvpn/keys/dh2048.pem'
        option pkcs12     '/etc/openvpn/keys/my-server.p12'
        option tls_auth   '/etc/openvpn/keys/ta.key 0'

    #--- Logging ---#
        option log           '/tmp/openvpn.log'
        option status        '/tmp/openvpn-status.log'
        option verb          '7'

    #--- Connection Options ---#
        option keepalive        '10 120'
        option comp_lzo         'yes'

    #--- Connection Reliability ---#
        option client_to_client '1'
        option persist_key      '1'
        option persist_tun      '1'

    #--- Connection Speed ---#    
        option sndbuf            '393216'
        option rcvbuf            '393216'
        option fragment          '0'
        option mssfix            '0'
        option tun_mtu           '48000'

    #--- Pushed Buffers ---#
        list push    'sndbuf 393216'
        list push    'rcvbuf 393216'

    #--- Permissions ---#
        option user     'nobody'
        option group    'nogroup'

oshrizak wrote:

I just want to ensure that this one will work. I have this one at home that I run all the time for my pi... http://www.amazon.com/Honey-House-USB-S … NQSER5C1HG

It will... as long as you only use gnd, tx, and rx =] 

• Never use the power pin of the USB-TTL on the WRT1900

thanks for the info! I will be sure to post back any info if I have some trouble. I will be doing this tonight.
Per the description
The power pin provides the 5V @ 500mA direct from the USB port and the RX/TX pins are 3.3V level for interfacing with the most common 3.3V logic level chipsets.

JW0914 wrote:

EDIT
I do understand how that could be confusing to someone who's never setup a VPN server config before, so I've edited the config in the Wiki, removing the extras directories.  The edited config:

config openvpn 'VPNserver'

        option enabled     '1'

    # --- Protocol ---#
        option dev         'tun'
        option dev         'tun0'
        option topology    'subnet'
        option proto       'udp'
        option port        '1194'

    #--- Routes ---#
        option server    '10.1.1.0 255.255.255.0'

    #--- Client Config ---#
#       option ccd_exclusive           '1'
#       option ifconfig_pool_persist   '/etc/openvpn/clients/ipp.txt'
#       option client_config_dir       '/etc/openvpn/clients/'
        option ifconfig                '10.1.1.1 255.255.255.0'

    #--- Pushed Routes ---#
        list push    'route 192.168.1.0 255.255.255.0'
        list push    'dhcp-option DNS 192.168.1.1'
        list push    'dhcp-option WINS 192.168.1.1'
        list push    'dhcp-option DNS 8.8.8.8'
        list push    'dhcp-option DNS 8.8.4.4'
        list push    'dhcp-option NTP 129.6.15.30'

    #--- Encryption ---#
        option cipher     'AES-256-CBC'
        option dh         '/etc/openvpn/keys/dh2048.pem'
        option pkcs12     '/etc/openvpn/keys/my-server.p12'
        option tls_auth   '/etc/openvpn/keys/ta.key 0'

    #--- Logging ---#
        option log           '/tmp/openvpn.log'
        option status        '/tmp/openvpn-status.log'
        option verb          '7'

    #--- Connection Options ---#
        option keepalive        '10 120'
        option comp_lzo         'yes'

    #--- Connection Reliability ---#
        option client_to_client '1'
        option persist_key      '1'
        option persist_tun      '1'

    #--- Connection Speed ---#    
        option sndbuf            '393216'
        option rcvbuf            '393216'
        option fragment          '0'
        option mssfix            '0'
        option tun_mtu           '48000'

    #--- Pushed Buffers ---#
        list push    'sndbuf 393216'
        list push    'rcvbuf 393216'

    #--- Permissions ---#
        option user     'nobody'
        option group    'nogroup'

I see, thanks!

The "ta.key" is the "my-server.key"?
What shall I do with the "Permissions"? Leave it as is?

gaga wrote:

JW0914 wrote:

EDIT
I do understand how that could be confusing to someone who's never setup a VPN server config before, so I've edited the config in the Wiki, removing the extras directories.  The edited config:

config openvpn 'VPN-Server'

        option enabled     '1'

    # --- Protocol ---#
        option dev         'tun'
        option dev         'tun0'
        option topology    'subnet'
        option proto       'udp'
        option port        '1194'

    #--- Routes ---#
        option server    '10.1.1.0 255.255.255.0'

    #--- Client Config ---#
#       option ccd_exclusive           '1'
#       option ifconfig_pool_persist   '/etc/openvpn/clients/ipp.txt'
#       option client_config_dir       '/etc/openvpn/clients/'
        option ifconfig                '10.1.1.1 255.255.255.0'

    #--- Pushed Routes ---#
        list push    'route 192.168.1.0 255.255.255.0'
        list push    'dhcp-option DNS 192.168.1.1'
        list push    'dhcp-option WINS 192.168.1.1'
        list push    'dhcp-option DNS 8.8.8.8'
        list push    'dhcp-option DNS 8.8.4.4'
        list push    'dhcp-option NTP 129.6.15.30'

    #--- Encryption ---#
        option cipher     'AES-256-CBC'
        option dh         '/etc/openvpn/keys/dh2048.pem'
        option pkcs12     '/etc/openvpn/keys/my-server.p12'
        option tls_auth   '/etc/openvpn/keys/ta.key 0'

    #--- Logging ---#
        option log           '/tmp/openvpn.log'
        option status        '/tmp/openvpn-status.log'
        option verb          '7'

    #--- Connection Options ---#
        option keepalive        '10 120'
        option comp_lzo         'yes'

    #--- Connection Reliability ---#
        option client_to_client '1'
        option persist_key      '1'
        option persist_tun      '1'

    #--- Connection Speed ---#    
        option sndbuf            '393216'
        option rcvbuf            '393216'
        option fragment          '0'
        option mssfix            '0'
        option tun_mtu           '48000'

    #--- Pushed Buffers ---#
        list push    'sndbuf 393216'
        list push    'rcvbuf 393216'

    #--- Permissions ---#
        option user     'nobody'
        option group    'nogroup'

I see, thanks!

The "ta.key" is the "my-server.key"?
What shall I do with the "Permissions"? Leave it as is?

My bad, I left out a step.  It's been awhile since I created my VPN.

To create the ta.key, run

openvpn --genkey --secret ta.key

The my-server.p12 is the VPN Server's certificate you created with build-key-server my-server.  I also left out the step to create a p12 for the server, as the above command will generate a my-server.crt and my-server.csr

openssl pkcs12 -export -in my-server.crt -inkey my-server.key -certfile ca.crt -name My-Server -out my-server.p12

The wiki will updated with the correct information in a few minutes

Ok, thanks! I will test it tomorrow. Need to go to bed  :-D

JW0914 wrote:

Chadster766 wrote:

IMO most of the users in this forum are power users and have many devices connected all the time. So they are willing to let this bug be swept under the rug because it doesn't effect them. For me, since I have a many units in diverse environments it's very important.

Up until about a week ago, I didn't realize there was an actual way to submit bug reports until Kaloz mentioned it along with the links.  I assumed there may be others not realizing it as well, so I added the two Bug Report links to my signature in hopes that if someone is having an issue that can be reproduced by someone, they would notice the links and realize to file a bug report.

That's nice of you and I'm sure it's appreciated by those that don't know were to submit bugs.

To classify Issue #20 as high priority is really a "no brainer" regardless of how many times it gets reported because it's been confirmed by multiple users and the devs themselves.

dlang wrote:

sorry for this late post (I've been out running a fireworks show the last few days )

for those posting speedtest reports, can you give the dslreports test a try?

http://www.dslreports.com/speedtest

it not only reports raw speed the way that speedtest.net does, but it also measures the latency on the connection to detect bufferblat. Dave Taht from the cerowrt/bufferbloat team is starting to look into the drivers for these APs, so while they are pretty good to start with, they are going to be getting better.

I think you may be looking for more info than this, but I got 64.5mbps down, 4.3mbps up, 51ms latency

JW0914 wrote:

Chadster766 wrote:

IMO most of the users in this forum are power users and have many devices connected all the time. So they are willing to let this bug be swept under the rug because it doesn't effect them. For me, since I have a many units in diverse environments it's very important.

Up until about a week ago, I didn't realize there was an actual way to submit bug reports until Kaloz mentioned it along with the links.  I assumed there may be others not realizing it as well, so I added the two Bug Report links to my signature in hopes that if someone is having an issue that can be reproduced by someone, they would notice the links and realize to file a bug report.

That's nice of you and I'm sure it's appreciated by those that don't know were to submit bugs.

To classify Issue #20 as high priority is really a "no brainer" regardless of how many times it gets reported because it's been confirmed by multiple users and the devs themselves.

Just for confirmation I did issue #20 replication on the latest snapshot OpenWrt Chaos Calmer r46191 and it isn't fixed.

Worst of all during 2 device only testing the wireless was supper flaky and the 2.4Ghz almost useless. Hasn't anyone else done this testing?