JW0914 wrote:

PraxisOne wrote:

Just to confirm, regarding JimWright's 3.5mm mod listed in the wiki, do I require the MAX3232 board if I pick up this TTL-232R-3V3-AJ? I would still need 3.3v in addition though, yes?

No, they're two entirely different things... refer to WRT1900ac Wiki

USB-TTL AJ cables only come with 3 wires... GND, TX, and RX

Sorry to be obtuse, was that a no: I don't require the MAX3232 and can get away with the 3 wires, or a no: I can't actually use the USB-TTL AJ cable at all because they don't have 3.3v wire?
The user from the wiki used DB9-3.5mm cable, which is not exactly quite what I'm after.

nyt wrote:

Now, we see proper behavior.  Pressing reset button once no longer completely erases the overlay.

heh? Reset never ever erased anything, it pushed you to recovery.

So I have HTTPS enabled and HTTP disabled for uhttpd... is there a way to make 192.168.1.1 auto load https://192.168.1.1? 

I know it's possible, as most secure sites will autoload their HTTPS address even if their HTTP address is typed.... I'm just not sure how that works.

JW0914 wrote:

So I have HTTPS enabled and HTTP disabled for uhttpd... is there a way to make 192.168.1.1 auto load https://192.168.1.1? 

I know it's possible, as most secure sites will autoload their HTTPS address even if their HTTP address is typed.... I'm just not sure how that works.

I think this feature was added in trunk recently

@gaga

Instead of waiting for a forum reply, feel free to IM me @ jwm0914 on AIM

JW0914 wrote:

@gaga

Instead of waiting for a forum reply, feel free to IM me @ jwm0914 on AIM

It works now!!
I had to set this and now it is working.

bild upload

Can you post the output of cat /etc/config/openvpn as managing the vpn from LuCI re-writes the config file and I'd like to compare your config from yesterday to the new config

JW0914 wrote:

Can you post the output of cat /etc/config/openvpn as managing the vpn from LuCI re-writes the config file and I'd like to compare your config from yesterday to the new config

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

After it worked, I changed to UDP...
As of now I can't access my NAS, though. Need to figure out why...

I have the following setup:

ISP router
192.168.2.1

WRT1900
192.168.2.101
DNS 192.168.2.1
=> Serving as 192.168.1.1 from 192.168.1.2 - 192.168.1.150

NAS
192.168.1.10, DNS: 192.168.1.1

Now I get as a OpenVPN client the IP address 10.1.1.2 and thus, I can't reach my NAS. This is probably only a small issue, but I can't figure out what I need to do.

Any hints?

JW0914 wrote:

Can you post the output of cat /etc/config/openvpn as managing the vpn from LuCI re-writes the config file and I'd like to compare your config from yesterday to the new config

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

As of now I can't access my NAS, though. Need to figure out why...

Running trunk ver 46262 called 46263 according to buildbot. First cpu stall I have seen. If anyone is interested here is a link.

https://onedrive.live.com/redir?resid=E … file%2ctxt

build 46131 did not do this but it really ate the memory. I will have to try another build at least it seems like collectd was working for a change. This build went down yesterday also but everything locked tight no access. It seemed to last about 16 hrs both times.

At least it gives me a chance to see if the latest stock firmware flashes correctly.

northbound wrote:

At least it gives me a chance to see if the latest stock firmware flashes correctly.

That's important because of the 1.1.9 issue.  If you are able to flash directly to 1.1.10, then the wiki needs updating.

gaga wrote:

JW0914 wrote:

Can you post the output of cat /etc/config/openvpn as managing the vpn from LuCI re-writes the config file and I'd like to compare your config from yesterday to the new config

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

After it worked, I changed to UDP...
As of now I can't access my NAS, though. Need to figure out why...

I have the following setup:

ISP router
192.168.2.1

WRT1900
192.168.2.101
DNS 192.168.2.1
=> Serving as 192.168.1.1 from 192.168.1.2 - 192.168.1.150

NAS
192.168.1.10, DNS: 192.168.1.1

Now I get as a OpenVPN client the IP address 10.1.1.2 and thus, I can't reach my NAS. This is probably only a small issue, but I can't figure out what I need to do.

Any hints?

gaga wrote:

JW0914 wrote:

Can you post the output of cat /etc/config/openvpn as managing the vpn from LuCI re-writes the config file and I'd like to compare your config from yesterday to the new config

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

As of now I can't access my NAS, though. Need to figure out why...

I wonder why option tls_server '1' needed to be added.

From the OpenVPN Man Page (search page for tls-server)

--tls-server  Enable TLS and assume server role during TLS handshake. Note that OpenVPN is designed as a peer-to-peer application. The designation of client or server is only for the purpose of negotiating the TLS control channel.

--tls-client  Enable TLS and assume client role during TLS handshake.

I'll add that as a annotation to the Wiki, and research why one would have to physically specify tls-server in a non-production environment... unless you re-created your certificates without build-key-server, as that's what specifies the VPN server certificate as a server config, along with ta.key 0/1

Kaloz wrote:

nyt wrote:

Now, we see proper behavior.  Pressing reset button once no longer completely erases the overlay.

heh? Reset never ever erased anything, it pushed you to recovery.

In trunk, looking at rc.button/reset, it definitely factory resets if you hold it for five seconds.  The broken GPIO states caused the first press to be a released action with SEEN being the timestamp from boot, causing it to trigger the wipe.

root@ZOMGWTFBBQWIFI:/etc/rc.button# cat reset
#!/bin/sh

[ "${ACTION}" = "released" ] || exit 0

. /lib/functions.sh

logger "$BUTTON pressed for $SEEN seconds"

if [ "$SEEN" -lt 1 ]
then
        echo "REBOOT" > /dev/console
        sync
        reboot
elif [ "$SEEN" -gt 5 ]
then
        echo "FACTORY RESET" > /dev/console
        jffs2reset -y && reboot &
fi

northbound wrote:

At least it gives me a chance to see if the latest stock firmware flashes correctly.

That's important because of the 1.1.9 issue.  If you are able to flash directly to 1.1.10, then the wiki needs updating.

davidc502 wrote:

northbound wrote:

At least it gives me a chance to see if the latest stock firmware flashes correctly.

That's important because of the 1.1.9 issue.  If you are able to flash directly to 1.1.10, then the wiki needs updating.

Confirmed.
Update 1.1.10 will flash properly from OpenWrt and it also picked up the my settings for factory firmware......Now to see if anything is fixed on today's trunk build.

JW0914 wrote:

gaga wrote:

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

After it worked, I changed to UDP...
As of now I can't access my NAS, though. Need to figure out why...

I have the following setup:

ISP router
192.168.2.1

WRT1900
192.168.2.101
DNS 192.168.2.1
=> Serving as 192.168.1.1 from 192.168.1.2 - 192.168.1.150

NAS
192.168.1.10, DNS: 192.168.1.1

Now I get as a OpenVPN client the IP address 10.1.1.2 and thus, I can't reach my NAS. This is probably only a small issue, but I can't figure out what I need to do.

Any hints?

gaga wrote:

config openvpn 'VPNserver'
    option enabled '1'
    option dev 'tun0'
    option topology 'subnet'
    option proto 'udp'
    option port '1194'
    option server '10.1.1.0 255.255.255.0'
    option ifconfig '10.1.1.1 255.255.255.0'
    list push 'route 192.168.1.0 255.255.255.0'
    list push 'dhcp-option DNS 192.168.1.1'
    list push 'dhcp-option WINS 192.168.1.1'
    list push 'dhcp-option DNS 8.8.8.8'
    list push 'dhcp-option DNS 8.8.4.4'
    list push 'dhcp-option NTP 129.6.15.30'
    list push 'sndbuf 393216'
    list push 'rcvbuf 393216'
    option cipher 'AES-256-CBC'
    option dh '/etc/openvpn/keys/dh2048.pem'
    option tls_auth '/etc/openvpn/keys/ta.key 0'
    option log '/tmp/openvpn.log'
    option status '/tmp/openvpn-status.log'
    option verb '7'
    option keepalive '10 120'
    option comp_lzo 'yes'
    option client_to_client '1'
    option persist_key '1'
    option persist_tun '1'
    option sndbuf '393216'
    option rcvbuf '393216'
    option fragment '0'
    option mssfix '0'
    option tun_mtu '24000'
    option user 'nobody'
    option group 'nogroup'
    option ca '/etc/openvpn/keys/ca.crt'
    option cert '/etc/openvpn/keys/my-server.crt'
    option key '/etc/openvpn/keys/my-server.key'
    option tls_server '1'

As of now I can't access my NAS, though. Need to figure out why...

I wonder why option tls_server '1' needed to be added.

From the OpenVPN Man Page (search page for tls-server)

--tls-server  Enable TLS and assume server role during TLS handshake. Note that OpenVPN is designed as a peer-to-peer application. The designation of client or server is only for the purpose of negotiating the TLS control channel.

--tls-client  Enable TLS and assume client role during TLS handshake.

I'll add that as a annotation to the Wiki, and research why one would have to physically specify tls-server in a non-production environment... unless you re-created your certificates without build-key-server, as that's what specifies the VPN server certificate as a server config, along with ta.key 0/1

What is your VPN performance?
What transfers do you get?

northbound wrote:

davidc502 wrote:

That's important because of the 1.1.9 issue.  If you are able to flash directly to 1.1.10, then the wiki needs updating.

Confirmed.
Update 1.1.10 will flash properly from OpenWrt and it also picked up the my settings for factory firmware......Now to see if anything is fixed on today's trunk build.

Appreciate the confirmation. The wiki has been updated.

Over the past 3 days, I've just got the router tuned right where I want it, so I'm not touching anything!   Well, until the next big update. lol

belliash wrote:

JW0914 wrote:

I wonder why option tls_server '1' needed to be added.

From the OpenVPN Man Page (search page for tls-server)

--tls-server  Enable TLS and assume server role during TLS handshake. Note that OpenVPN is designed as a peer-to-peer application. The designation of client or server is only for the purpose of negotiating the TLS control channel.

--tls-client  Enable TLS and assume client role during TLS handshake.

I'll add that as a annotation to the Wiki, and research why one would have to physically specify tls-server in a non-production environment... unless you re-created your certificates without build-key-server, as that's what specifies the VPN server certificate as a server config, along with ta.key 0/1

What is your VPN performance?
What transfers do you get?

On my LG G4: ~30mbit/s