My first attempt at setting this up....help.

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
abazin
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 13, 2015 5:09 am

My first attempt at setting this up....help.

Post by abazin » Fri Nov 13, 2015 6:18 am

I'm trying to connect to openVpn on a DD-WRT v24-sp2 (linksys router) using an Android client (OpenVPN Connect 1.1.16) but getting a timeout message on the client. The client log has:

Connecting to xx.xx.xx.xx:1194 via UDPv4
Server poll timeout, trying next remote entry...


The config on the router:
Start Type: WAN
Config as: Daemon
Additional Config:

Code: Select all

push "route 192.168.0.1 255.255.255.0"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

# Only use crl-verify if you are using the revoke list &#-106; otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl

# management parameter allows DD-WRT&#-110;s OpenVPN Status web page to access the server&#-110;s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001
comp-lzo

Firewall settings:

Code: Select all

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
client config:

Code: Select all

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote test.expresspeg.com 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert aime-android.crt
key aime-android.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

Server log file:

Code: Select all

Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=59.189.45.32 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=124 PROTO=UDP SPT=20541 DPT=9101 LEN=111 
Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30586 DF PROTO=TCP SPT=55876 DPT=80 SEQ=2367084458 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30587 DF PROTO=TCP SPT=55877 DPT=80 SEQ=3720518297 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30588 DF PROTO=TCP SPT=55878 DPT=80 SEQ=1721781122 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30589 DF PROTO=TCP SPT=55879 DPT=80 SEQ=565665652 ACK=0 WINDOW=8192 RES=0x0
 SYN URGP=0 OPT 
Nov 13 00:04:07 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30590 DF PROTO=TCP SPT=55880 DPT=80 SEQ=2580153371 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:08 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:78:4b:87:f9:a3:0d:08:00 SRC=192.168.0.215 DST=192.168.0.1 LEN=66 TOS=0x00 PREC=0x00 TTL=64 ID=19084 DF PROTO=UDP SPT=64189 DPT=53 LEN=46 
Nov 13 00:04:08 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.215 DST=54.192.91.198 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37501 DF PROTO=TCP SPT=54556 DPT=80 SEQ=158324967 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A08DD4
9A00000000010303
Nov 13 00:04:09 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:78:4b:87:f9:a3:0d:08:00 SRC=192.168.0.215 DST=192.168.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=19214 DF PROTO=UDP SPT=29196 DPT=53 LEN=41 
Nov 13 00:04:09 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:70:3e:ac:a7:87:80:08:00 SRC=192.168.0.218 DST=192.168.0.1 LEN=102 TOS=0x00 PREC=0x00 TTL=255 ID=30550 PROTO=UDP SPT=52917 DPT=53 LEN=82 
Nov 13 00:04:09 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.218 DST=23.21.213.72 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=13058 DF PROTO=TCP SPT=54862 DPT=443 SEQ=1669191882 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B4010303050101
80A1F2074B400000
Nov 13 00:04:09 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.215 DST=31.13.80.52 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=24435 DF PROTO=TCP SPT=50493 DPT=443 SEQ=857674809 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A08DD4B
A000000000103030
Nov 13 00:04:11 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:75 SRC=74.125.25.141 DST=xx.xx.xx.xx LEN=117 TOS=0x00 PREC=0x00 TTL=49 ID=7098 PROTO=TCP SPT=443 DPT=54822 SEQ=3364758393 ACK=2211486709 
INDOW=1258 RES=0
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30634 DF PROTO=TCP SPT=55881 DPT=80 SEQ=4272451091 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30639 DF PROTO=TCP SPT=55882 DPT=80 SEQ=3141278315 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30645 DF PROTO=TCP SPT=55883 DPT=80 SEQ=407983521 ACK=0 WINDOW=8192 RES=0x0
 SYN URGP=0 OPT 
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30650 DF PROTO=TCP SPT=55884 DPT=80 SEQ=2546480635 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30666 DF PROTO=TCP SPT=55885 DPT=80 SEQ=153979544 ACK=0 WINDOW=8192 RES=0x0
 SYN URGP=0 OPT 
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30714 DF PROTO=TCP SPT=55886 DPT=80 SEQ=35814078 ACK=0 WINDOW=8192 RES=0x00
SYN URGP=0 OPT (
Nov 13 00:04:12 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30768 DF PROTO=TCP SPT=55887 DPT=80 SEQ=3452215781 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:14 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=24953 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:14 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=24956 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:14 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=96.22.103.187 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=7463 PROTO=UDP SPT=20541 DPT=51954 LEN=111 
Nov 13 00:04:15 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:78:4b:87:f9:a3:0d:08:00 SRC=192.168.0.215 DST=192.168.0.1 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=19793 DF PROTO=UDP SPT=64801 DPT=53 LEN=44 
Nov 13 00:04:15 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.215 DST=31.13.80.8 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44603 DF PROTO=TCP SPT=44356 DPT=443 SEQ=926868333 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A08DD4D5
0000000001030307
Nov 13 00:04:17 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30774 DF PROTO=TCP SPT=55888 DPT=80 SEQ=1907194172 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:21 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=95.211.241.18 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=28470 PROTO=UDP SPT=20541 DPT=56092 LEN=111 
Nov 13 00:04:22 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30779 DF PROTO=TCP SPT=55889 DPT=80 SEQ=2309606623 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:25 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=34 
Nov 13 00:04:27 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=34 
Nov 13 00:04:27 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30784 DF PROTO=TCP SPT=55890 DPT=80 SEQ=3197105289 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:28 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:34 SRC=23.254.167.214 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=21784 DF PROTO=TCP SPT=56217 DPT=19375 SEQ=300131403 ACK=0 WIN
OW=8192 RES=0x00
Nov 13 00:04:28 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=135.23.162.226 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=25014 PROTO=UDP SPT=20541 DPT=9101 LEN=111 
Nov 13 00:04:28 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:92:5c:dc:4d:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=7676 PROTO=UDP SPT=57621 DPT=57621 LEN=52 
Nov 13 00:04:29 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=30 
Nov 13 00:04:31 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=34 
Nov 13 00:04:31 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:34 SRC=23.254.167.214 DST=xx.xx.xx.xx LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=25790 DF PROTO=TCP SPT=56217 DPT=19375 SEQ=300131403 ACK=0 WIN
OW=8192 RES=0x00
Nov 13 00:04:32 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30790 DF PROTO=TCP SPT=55891 DPT=80 SEQ=1868782404 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:33 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=30 
Nov 13 00:04:33 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25009 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:33 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25012 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:35 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=34 
Nov 13 00:04:35 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=37.187.116.117 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=13005 PROTO=UDP SPT=20541 DPT=51413 LEN=111 
Nov 13 00:04:37 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=34 
Nov 13 00:04:37 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30795 DF PROTO=TCP SPT=55892 DPT=80 SEQ=4003756666 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:37 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:30 SRC=23.254.167.214 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=28004 DF PROTO=TCP SPT=56217 DPT=19375 SEQ=300131403 ACK=0 WIN
OW=8192 RES=0x00
Nov 13 00:04:38 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=6030 PROTO=UDP SPT=57621 DPT=57621 LEN=52 
Nov 13 00:04:39 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=30 
Nov 13 00:04:39 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=22 
Nov 13 00:04:39 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:6c:ad:f8:29:04:48:08:00 SRC=192.168.0.228 DST=192.168.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=36106 SEQ=1 
Nov 13 00:04:40 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:6c:ad:f8:29:04:48:08:00 SRC=192.168.0.228 DST=192.168.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=36106 SEQ=2 
Nov 13 00:04:41 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=34 
Nov 13 00:04:42 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=195.154.236.168 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=16094 PROTO=UDP SPT=20541 DPT=51378 LEN=111 
Nov 13 00:04:42 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30801 DF PROTO=TCP SPT=55893 DPT=80 SEQ=1439674775 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:43 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=30 
Nov 13 00:04:45 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=34 
Nov 13 00:04:46 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=212.4.153.164 LEN=41 TOS=0x00 PREC=0x00 TTL=127 ID=27958 DF PROTO=TCP SPT=54873 DPT=443 SEQ=1081666773 ACK=2614066271 WINDOW=256 RES=0x00 ACK URGP=0 
Nov 13 00:04:47 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=34 
Nov 13 00:04:47 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30806 DF PROTO=TCP SPT=55894 DPT=80 SEQ=1377007892 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:49 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=30 
Nov 13 00:04:49 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=22 
Nov 13 00:04:49 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=185.74.221.242 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=17477 PROTO=UDP SPT=20541 DPT=18136 LEN=111 
Nov 13 00:04:51 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=34 
Nov 13 00:04:52 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25079 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:52 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25082 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:04:52 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30811 DF PROTO=TCP SPT=55895 DPT=80 SEQ=2928192315 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:53 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=30 
Nov 13 00:04:55 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=34 
Nov 13 00:04:55 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=38902 LEN=22 
Nov 13 00:04:56 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=212.129.50.23 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=18583 PROTO=UDP SPT=20541 DPT=6881 LEN=111 
Nov 13 00:04:57 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=34 
Nov 13 00:04:57 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30822 DF PROTO=TCP SPT=55896 DPT=80 SEQ=1223468692 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:04:59 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=30 
Nov 13 00:04:59 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=22 
Nov 13 00:05:00 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:1a:92:5c:dc:4d:08:00 SRC=192.168.0.100 DST=192.168.0.1 LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=7695 PROTO=UDP SPT=53999 DPT=53 LEN=47 
Nov 13 00:05:00 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.100 DST=24.244.3.27 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7696 DF PROTO=TCP SPT=55043 DPT=80 SEQ=224311674 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402
 
Nov 13 00:05:00 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.100 DST=24.244.3.27 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7697 DF PROTO=TCP SPT=55042 DPT=80 SEQ=718515301 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402
 
Nov 13 00:05:01 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=34 
Nov 13 00:05:03 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30833 DF PROTO=TCP SPT=55897 DPT=80 SEQ=3432423264 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:03 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=30 
Nov 13 00:05:03 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=99.238.109.111 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=23965 PROTO=UDP SPT=20541 DPT=9101 LEN=111 
Nov 13 00:05:03 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=01:00:5e:00:00:01:c4:71:fe:73:7c:d9:08:00:45:c0:00:1c SRC=22.35.0.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=28771 PROTO=2 
Nov 13 00:05:05 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=34 
Nov 13 00:05:05 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=48729 LEN=22 
Nov 13 00:05:05 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:28 SRC=104.238.136.99 DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2103 PROTO=TCP SPT=52427 DPT=3389 SEQ=12460320 ACK=0 WINDOW=10
4 RES=0x00 SYN U
Nov 13 00:05:06 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:92:5c:dc:4d:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=7710 PROTO=UDP SPT=57621 DPT=57621 LEN=52 
Nov 13 00:05:07 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=22 
Nov 13 00:05:07 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=30 
Nov 13 00:05:08 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30845 DF PROTO=TCP SPT=55898 DPT=80 SEQ=4265284086 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:08 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25136 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:05:08 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25141 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:05:09 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=30 
Nov 13 00:05:09 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=22 
Nov 13 00:05:10 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:3c SRC=183.80.59.105 DST=xx.xx.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42088 DF PROTO=TCP SPT=1692 DPT=23 SEQ=3928173116 ACK=0 WINDOW=5
40 RES=0x00 SYN 
Nov 13 00:05:10 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=72.53.153.215 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31889 PROTO=UDP SPT=20541 DPT=9101 LEN=111 
Nov 13 00:05:11 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=34 
Nov 13 00:05:13 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=30 
Nov 13 00:05:13 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30850 DF PROTO=TCP SPT=55899 DPT=80 SEQ=193338072 ACK=0 WINDOW=8192 RES=0x0
 SYN URGP=0 OPT 
Nov 13 00:05:13 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:3c SRC=183.80.59.105 DST=xx.xx.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42090 DF PROTO=TCP SPT=1692 DPT=23 SEQ=3928173116 ACK=0 WINDOW=5
40 RES=0x00 SYN 
Nov 13 00:05:13 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:5d SRC=68.110.14.21 DST=xx.xx.xx.xx LEN=93 TOS=0x00 PREC=0x00 TTL=52 ID=47805 DF PROTO=UDP SPT=6881 DPT=20541 LEN=73 
Nov 13 00:05:15 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=34 
Nov 13 00:05:15 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=32995 LEN=22 
Nov 13 00:05:16 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=6085 PROTO=UDP SPT=57621 DPT=57621 LEN=52 
Nov 13 00:05:17 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=22 
Nov 13 00:05:17 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=30 
Nov 13 00:05:17 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:70:3e:ac:a7:87:80:08:00 SRC=192.168.0.218 DST=192.168.0.1 LEN=63 TOS=0x00 PREC=0x00 TTL=255 ID=53963 PROTO=UDP SPT=54507 DPT=53 LEN=43 
Nov 13 00:05:17 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.218 DST=107.22.197.110 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=54743 DF PROTO=TCP SPT=54863 DPT=443 SEQ=3178708534 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030501
1080A1F217C97000
Nov 13 00:05:17 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=185.34.3.201 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=19357 PROTO=UDP SPT=20541 DPT=19184 LEN=111 
Nov 13 00:05:18 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30856 DF PROTO=TCP SPT=55900 DPT=80 SEQ=2679677060 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:19 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=30 
Nov 13 00:05:19 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=33224 LEN=22 
Nov 13 00:05:19 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=c0:c1:c0:fb:2f:59:c4:71:fe:73:7c:d9:08:00:45:00:00:3c SRC=183.80.59.105 DST=xx.xx.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42092 DF PROTO=TCP SPT=1692 DPT=23 SEQ=3928173116 ACK=0 WINDOW=5
40 RES=0x00 SYN 
Nov 13 00:05:21 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=34 
Nov 13 00:05:23 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=50 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=30 
Nov 13 00:05:23 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30861 DF PROTO=TCP SPT=55901 DPT=80 SEQ=3666768459 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:24 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25186 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:05:24 DD-WRT kern.warn kernel: DROP IN=vlan2 OUT= MAC=ff:ff:ff:ff:ff:ff:c4:71:fe:73:7c:d9:08:00:45:00:01:81 SRC=22.35.0.1 DST=255.255.255.255 LEN=385 TOS=0x00 PREC=0x00 TTL=255 ID=25189 PROTO=UDP SPT=67 DPT=68 LEN=365 
Nov 13 00:05:24 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=188.165.23.219 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=4841 PROTO=UDP SPT=20541 DPT=37003 LEN=111 
Nov 13 00:05:25 DD-WRT daemon.err openvpn[1645]: 192.168.0.215:38902 TLS Error: TLS handshake failed
Nov 13 00:05:26 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=35251 LEN=22 
Nov 13 00:05:28 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30866 DF PROTO=TCP SPT=55902 DPT=80 SEQ=1705542594 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:29 DD-WRT kern.warn kernel: ACCEPT IN= OUT=br0 SRC=192.168.0.1 DST=192.168.0.215 LEN=42 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1194 DPT=50060 LEN=22 
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30871 DF PROTO=TCP SPT=55903 DPT=80 SEQ=3888851402 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30872 DF PROTO=TCP SPT=55904 DPT=80 SEQ=1703404532 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30873 DF PROTO=TCP SPT=55905 DPT=80 SEQ=2088645054 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30874 DF PROTO=TCP SPT=55906 DPT=80 SEQ=76656828 ACK=0 WINDOW=8192 RES=0x00
SYN URGP=0 OPT (
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30877 DF PROTO=TCP SPT=55907 DPT=80 SEQ=85727549 ACK=0 WINDOW=8192 RES=0x00
SYN URGP=0 OPT (
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30878 DF PROTO=TCP SPT=55908 DPT=80 SEQ=2955955437 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30891 DF PROTO=TCP SPT=55909 DPT=80 SEQ=1302259749 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30896 DF PROTO=TCP SPT=55910 DPT=80 SEQ=2830307300 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:30 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30900 DF PROTO=TCP SPT=55911 DPT=80 SEQ=4116681560 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Nov 13 00:05:31 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.0.211 DST=92.221.89.239 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=26692 PROTO=UDP SPT=20541 DPT=27903 LEN=111 
Nov 13 00:05:32 DD-WRT kern.warn kernel: ACCEPT IN=br0 OUT= MAC=c0:c1:c0:fb:2f:58:00:22:19:e5:4c:a3:08:00 SRC=192.168.0.211 DST=192.168.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=30916 DF PROTO=TCP SPT=55912 DPT=80 SEQ=1836745393 ACK=0 WINDOW=8192 RES=0x
0 SYN URGP=0 OPT
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: My first attempt at setting this up....help.

Post by Traffic » Fri Nov 13, 2015 2:02 pm

Please post your OpenVPN server log not your firewall log ..

If you have trouble finding your VPN server log see --log in the Manual.
Top
abazin
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 13, 2015 5:09 am

Re: My first attempt at setting this up....help.

Post by abazin » Sat Nov 14, 2015 9:45 pm

Ok thanks. First rookie move, I had the WIFI turned on and already on my home network. I turned it off and now I get a 'connected' status in OpenVPN Connect on Android over LTE. However, I can't actually reach any of my servers in the house. The client logs have:

Code: Select all

Error parsing IPv4 route: [route][192.168.0.1][255.255.255.0] : tun_prop_error: route is not canonical
I grepped the server logs with openvpn:

Code: Select all

Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: MULTI: multi_create_instance called
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Re-using SSL/TLS context
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 LZO compression initialized
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Local Options hash (VER=V4): '530fdded'
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Expected Remote Options hash (VER=V4): '41690919'
Nov 14 15:15:41 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 TLS: Initial packet from [AF_INET]24.114.39.171:22145, sid=3219d8f4 35969940
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 VERIFY OK: <snip>
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 VERIFY OK: <snip>
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22145 [aime-android] Peer Connection Initiated with [AF_INET]24.114.39.171:22145
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 MULTI_sva: pool returned IPv4=192.168.66.6, IPv6=(Not enabled)
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 MULTI: Learn: 192.168.66.6 -> aime-android/24.114.39.171:22145
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 MULTI: primary virtual IP for aime-android/24.114.39.171:22145: 192.168.66.6
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 PUSH: Received control message: 'PUSH_REQUEST'
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 send_push_reply(): safe_cap=940
Nov 14 15:15:42 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22145 SENT CONTROL [aime-android]: 'PUSH_REPLY,route 192.168.0.1 255.255.255.0,dhcp-option DNS 192.168.66.1,route 192.168.66.1,topology net30,ping 10,ping-restart 120,ifconf
g 192.168.66.6 192.
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: MULTI: multi_create_instance called
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Re-using SSL/TLS context
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 LZO compression initialized
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Local Options hash (VER=V4): '530fdded'
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Expected Remote Options hash (VER=V4): '41690919'
Nov 14 15:20:31 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 TLS: Initial packet from [AF_INET]24.114.39.171:22156, sid=8a99f754 c0eec51c
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 VERIFY OK: <snip>
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 VERIFY OK: <snip>
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 14 15:20:33 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: 24.114.39.171:22156 [aime-android] Peer Connection Initiated with [AF_INET]24.114.39.171:22156
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 MULTI_sva: pool returned IPv4=192.168.66.6, IPv6=(Not enabled)
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 MULTI: Learn: 192.168.66.6 -> aime-android/24.114.39.171:22156
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 MULTI: primary virtual IP for aime-android/24.114.39.171:22156: 192.168.66.6
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 PUSH: Received control message: 'PUSH_REQUEST'
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 send_push_reply(): safe_cap=940
Nov 14 15:20:34 DD-WRT daemon.notice openvpn[1638]: aime-android/24.114.39.171:22156 SENT CONTROL [aime-android]: 'PUSH_REPLY,route 192.168.0.1 255.255.255.0,dhcp-option DNS 192.168.66.1,route 192.168.66.1,topology net30,ping 10,ping-restart 120,ifconf
g 192.168.66.6 192.
Top
abazin
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 13, 2015 5:09 am

Re: My first attempt at setting this up....help.

Post by abazin » Sat Nov 14, 2015 10:07 pm

I also tried changing:

push "route 192.168.0.1 255.255.255.0"

TO

push "route 192.168.0.1 255.255.255.255"

I no longer get the 'canonical' error but still can't reach my internal servers :(
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: My first attempt at setting this up....help.

Post by Traffic » Wed Nov 18, 2015 10:58 pm

Change:
abazin wrote:push "route 192.168.0.1 255.255.255.0"
To:

Code: Select all

push "route 192.168.0.0 255.255.255.0"
Also,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet. f.e 192.168.143.0/24
Top
Post Reply

Return to “Cert / Config management”