- edited description
- changed title to 2020.6 Break OpenVPN Script
2020.6 Break OpenVPN Script
Hardware : AC68U
2020.5 Work well but not work with 2020.6
I was using script for running OpenVPN Client
Linux Script
iptables -I INPUT -p tcp --dport 9201 -j ACCEPT
ifconfig tun0 down
openvpn --rmtun --dev tun0
openvpn --mktun --dev tun0
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.100.0/255.255.255.0 -o tun0 -j MASQUERADE
#Current 2 Subnets on this router
iptables -t nat -I POSTROUTING -s 192.168.110.0/255.255.255.0 -o tun0 -j MASQUERADE
sleep 2
openvpn --config /mnt/USB/config.ovpn --dev tun0 --writepid /var/run/openvpn.pid &
sleep 1
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.100.0/255.255.255.0 -o tun0 -j MASQUERADE
#Current 2 Subnets on this router
iptables -t nat -I POSTROUTING -s 192.168.110.0/255.255.255.0 -o tun0 -j MASQUERADE
OpenVPN Script (config.ovpn)
#######################################################################################
# FinchVPN OpenVPN Config (www.FinchVPN.com) v2.5.2 | 20150228 | android | 17 Apr 2018
#######################################################################################
client
dev tun
proto tcp
remote 202.182.99.139 9201
remote jp-01.protectednetgroup.com 9201
#resolv-retry infinite
nobind
ca [inline]
tls-client
tls-auth [inline] 1
persist-tun
persist-key
cipher AES-128-CBC
engine dynamic
mute-replay-warnings
auth-user-pass
remote-cert-tls server
comp-lzo adaptive
reneg-sec 31557600
verb 3
<ca>
-----BEGIN CERTIFICATE-----
##################Cert deleted for Secure
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
#################Key deleted for Secure
-----END OpenVPN Static key V1-----
</tls-auth>
ns-cert-type server
auth-user-pass /mnt/USB/auth.conf
#ignore server's default gateway
route 0.0.0.0 0.0.0.0 net_gateway
route-nopull
#Protect DNS
route 1.1.1.1 255.255.255.255
route 8.8.8.8 255.255.255.255
#pass trough ISP
route 104.26.10.3 255.255.255.255
#route somewhere.domain 255.255.255.255
#route somewhere.adress 255.255.255.255
#route somewhere.subnet 255.255.255.0
.
.
.
.
#Many Domain or ip exist
It work well with 2020.5 or older version
But when i was try to run in on 2020.6 i lost Internet connection
If i killed OpenVPN process internet work well again
This VPN connection is protect DSN query from ISP and bypass blacklist by ISP
I was try to running client on GUI’s Custom Configuration like this
remote jp-01.protectednetgroup.com 9201
ca /mnt/USB/openvpn/FinchVPN/ca.crt
tls-client
tls-auth /mnt/USB/openvpn/FinchVPN/ta.key 1
auth-user-pass
auth-user-pass /mnt/USB/openvpn/FinchVPN/auth.conf
engine dynamic
mute-replay-warnings
remote-cert-tls server
ns-cert-type server
#Protect DNS
route 1.1.1.1 255.255.255.255
route 8.8.8.8 255.255.255.255
#pass trough ISP
route 104.26.10.3 255.255.255.255
#route somewhere.domain 255.255.255.255
#route somewhere.adress 255.255.255.255
#route somewhere.subnet 255.255.255.0
.
.
.
but not worked
Also it hard to merge all of this script with GUI (it has so many ‘bypass list’ and that will use many NVRAM)
PS : I used 500Mbps Internet Line but Test result Just 150~200Mbps
Comments (5)
-
reporter -
I too am having OpenVPN Client problems since 2020.6, I even tried M_ars 2020.8 VPN builds. I finally just gave up and went back to 2020.5, and it works fine again…
(00)
-
repo owner - changed status to invalid
Not FW related problem
-
reporter What’s Problem?
It happen after update FW
-
reporter It fixed on 2020.8
Maybe ‘openvpn: ensure DHCP doesn't override our default route (fixes TAP+DHCP)’ fix it
- Log in to comment