1. pedro Avatar pedro
  2. FreshTomato
  3. freshtomato-arm
  4. Issues

2020.6 Break OpenVPN Script

Issue #83 invalid
dateno1 created an issue

Hardware : AC68U

2020.5 Work well but not work with 2020.6

I was using script for running OpenVPN Client

Linux Script

iptables -I INPUT -p tcp --dport 9201 -j ACCEPT
ifconfig tun0 down
openvpn --rmtun --dev tun0
openvpn --mktun --dev tun0
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.100.0/255.255.255.0 -o tun0 -j MASQUERADE
#Current 2 Subnets on this router
iptables -t nat -I POSTROUTING -s 192.168.110.0/255.255.255.0 -o tun0 -j MASQUERADE

sleep 2
openvpn --config /mnt/USB/config.ovpn --dev tun0 --writepid /var/run/openvpn.pid &

sleep 1
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.100.0/255.255.255.0 -o tun0 -j MASQUERADE
#Current 2 Subnets on this router
iptables -t nat -I POSTROUTING -s 192.168.110.0/255.255.255.0 -o tun0 -j MASQUERADE

OpenVPN Script (config.ovpn)

#######################################################################################
# FinchVPN OpenVPN Config (www.FinchVPN.com) v2.5.2 | 20150228 | android | 17 Apr 2018
#######################################################################################
client
dev tun
proto tcp

remote 202.182.99.139 9201
remote jp-01.protectednetgroup.com 9201

#resolv-retry infinite
nobind
ca [inline]
tls-client
tls-auth [inline] 1
persist-tun
persist-key
cipher AES-128-CBC
engine dynamic
mute-replay-warnings
auth-user-pass
remote-cert-tls server
comp-lzo adaptive
reneg-sec 31557600
verb 3
<ca>
-----BEGIN CERTIFICATE-----
##################Cert deleted for Secure
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
#################Key deleted for Secure
-----END OpenVPN Static key V1-----
</tls-auth>

ns-cert-type server

auth-user-pass /mnt/USB/auth.conf

#ignore server's default gateway
route 0.0.0.0 0.0.0.0 net_gateway
route-nopull

#Protect DNS
route 1.1.1.1 255.255.255.255
route 8.8.8.8 255.255.255.255

#pass trough ISP
route 104.26.10.3 255.255.255.255
#route somewhere.domain 255.255.255.255
#route somewhere.adress 255.255.255.255
#route somewhere.subnet 255.255.255.0
.
.
.
.

#Many Domain or ip exist

It work well with 2020.5 or older version

But when i was try to run in on 2020.6 i lost Internet connection

If i killed OpenVPN process internet work well again

This VPN connection is protect DSN query from ISP and bypass blacklist by ISP

I was try to running client on GUI’s Custom Configuration like this

remote jp-01.protectednetgroup.com 9201

ca /mnt/USB/openvpn/FinchVPN/ca.crt
tls-client
tls-auth /mnt/USB/openvpn/FinchVPN/ta.key 1
auth-user-pass
auth-user-pass /mnt/USB/openvpn/FinchVPN/auth.conf
engine dynamic
mute-replay-warnings
remote-cert-tls server
ns-cert-type server

#Protect DNS
route 1.1.1.1 255.255.255.255
route 8.8.8.8 255.255.255.255

#pass trough ISP
route 104.26.10.3 255.255.255.255
#route somewhere.domain 255.255.255.255
#route somewhere.adress 255.255.255.255
#route somewhere.subnet 255.255.255.0
.
.
.

but not worked

Also it hard to merge all of this script with GUI (it has so many ‘bypass list’ and that will use many NVRAM)

PS : I used 500Mbps Internet Line but Test result Just 150~200Mbps

Comments (5)

  2. CTRL+F5

    I too am having OpenVPN Client problems since 2020.6, I even tried M_ars 2020.8 VPN builds. I finally just gave up and went back to 2020.5, and it works fine again…

    (00)

  5. dateno1 reporter

    It fixed on 2020.8

    Maybe ‘openvpn: ensure DHCP doesn't override our default route (fixes TAP+DHCP)’ fix it

  6. Log in to comment
Assignee
Type
bug
Priority
critical
Status
invalid
Votes
1
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!