Kill switcha nie mam w ustawieniach firewalla
Czy on coś zmieni?
Pomimo że go nie mam w commandline jak się wysypuje NORD rozłącza to i tak mi rozłącza wszystkie urządzenia podpięte po net, trwa to od 30sek do 5min i potem działa.
Konfigurowałem go za pomocą https://support.nordvpn.com/Connectivity/Router/1047410342/DD-WRT-setup-with-NordVPN.htm
Tylko nie wszystkie pola tam są vs nowe ddwrt (manual robiony na niższej wersji FW), na początku mi się darł o te CIPHER oraz metody kompresji, tak samo jak nie dałem auth-nocache pisał mi że creditiensiale do Norda mogą zostać wykradzione dodaj do konfiguracji auth-nocache. Plików autoryzacyjnych w pliktu txt nie używam bo wpisuje się je w kliencie VPN
Jednak nie ma w tym manualu opisanych paru funkcji. Mam też trasu routingu poustalane na urządzeniach przewodowych żeby omijały VPN a (głównie dla połączeń WIFI)
Tak dziś wygląda log
0210301 00:48:28 D MANAGEMENT: CMD 'status 2'
20210301 00:48:28 MANAGEMENT: Client disconnected
20210301 00:48:28 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 00:48:28 D MANAGEMENT: CMD 'log 500'
20210301 00:48:28 MANAGEMENT: Client disconnected
20210301 01:46:32 VERIFY OK: depth=2 C=PA O=NordVPN CN=NordVPN Root CA
20210301 01:46:32 VERIFY OK: depth=1 C=PA O=NordVPN CN=NordVPN CA5
20210301 01:46:32 VERIFY KU OK
20210301 01:46:32 NOTE: --mute triggered...
20210301 13:45:30 150 variation(s) on previous 3 message(s) suppressed by --mute
20210301 13:45:30 N read TCP_CLIENT: Operation timed out (code=110)
20210301 13:45:30 N Connection reset restarting [0]
20210301 13:45:30 I SIGUSR1[soft connection-reset] received process restarting
20210301 13:45:30 Restart pause 5 second(s)
20210301 13:45:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210301 13:45:35 I NOTE: --fast-io is disabled since we are not using UDP
20210301 13:45:35 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20210301 13:45:35 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20210301 13:45:35 I TCP/UDP: Preserving recently used remote address: [AF_INET]5.253.206.171:443
20210301 13:45:35 Socket Buffers: R=[87380->1048576] S=[16384->1048576]
20210301 13:45:35 I Attempting to establish TCP connection with [AF_INET]5.253.206.171:443 [nonblock]
20210301 13:45:38 I TCP connection established with [AF_INET]5.253.206.171:443
20210301 13:45:38 W --mtu-disc is not supported on this OS
20210301 13:45:38 I TCP_CLIENT link local: (not bound)
20210301 13:45:38 I TCP_CLIENT link remote: [AF_INET]5.253.206.171:443
20210301 13:45:39 TLS: Initial packet from [AF_INET]5.253.206.171:443 sid=e40eff7c d2cafe2c
20210301 13:46:00 N read TCP_CLIENT: Operation timed out (code=110)
20210301 13:46:00 N Connection reset restarting [0]
20210301 13:46:00 I SIGUSR1[soft connection-reset] received process restarting
20210301 13:46:00 Restart pause 5 second(s)
20210301 13:46:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210301 13:46:05 I NOTE: --fast-io is disabled since we are not using UDP
20210301 13:46:05 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20210301 13:46:05 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
20210301 13:46:05 I TCP/UDP: Preserving recently used remote address: [AF_INET]5.253.206.171:443
20210301 13:46:05 Socket Buffers: R=[87380->1048576] S=[16384->1048576]
20210301 13:46:05 I Attempting to establish TCP connection with [AF_INET]5.253.206.171:443 [nonblock]
20210301 13:46:05 I TCP connection established with [AF_INET]5.253.206.171:443
20210301 13:46:05 W --mtu-disc is not supported on this OS
20210301 13:46:05 I TCP_CLIENT link local: (not bound)
20210301 13:46:05 I TCP_CLIENT link remote: [AF_INET]5.253.206.171:443
20210301 13:46:05 TLS: Initial packet from [AF_INET]5.253.206.171:443 sid=8753c879 9e29c69e
20210301 13:46:05 VERIFY OK: depth=2 C=PA O=NordVPN CN=NordVPN Root CA
20210301 13:46:05 VERIFY OK: depth=1 C=PA O=NordVPN CN=NordVPN CA5
20210301 13:46:05 NOTE: --mute triggered...
20210301 13:46:05 6 variation(s) on previous 3 message(s) suppressed by --mute
20210301 13:46:05 I [pl147.nordvpn.com] Peer Connection Initiated with [AF_INET]5.253.206.171:443
20210301 13:46:06 SENT CONTROL [pl147.nordvpn.com]: 'PUSH_REQUEST' (status=1)
20210301 13:46:06 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 103.86.96.100 dhcp-option DNS 103.86.99.100 sndbuf 524288 rcvbuf 524288 explicit-exit-notify comp-lzo no route-gateway 10.7.1.1 topology subnet ping 60 ping-restart 180 ifconfig 10.7.1.5 255.255.255.0 peer-id 0'
20210301 13:46:06 OPTIONS IMPORT: timers and/or timeouts modified
20210301 13:46:06 NOTE: --mute triggered...
20210301 13:46:06 3 variation(s) on previous 3 message(s) suppressed by --mute
20210301 13:46:06 Socket Buffers: R=[1048576->1048576] S=[1048576->1048576]
20210301 13:46:06 OPTIONS IMPORT: --ifconfig/up options modified
20210301 13:46:06 OPTIONS IMPORT: route options modified
20210301 13:46:06 OPTIONS IMPORT: route-related options modified
20210301 13:46:06 NOTE: --mute triggered...
20210301 13:46:06 3 variation(s) on previous 3 message(s) suppressed by --mute
20210301 13:46:06 Using peer cipher 'AES-256-CBC'
20210301 13:46:06 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20210301 13:46:06 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20210301 13:46:06 NOTE: --mute triggered...
20210301 13:46:06 2 variation(s) on previous 3 message(s) suppressed by --mute
20210301 13:46:06 I Preserving previous TUN/TAP instance: tun0
20210301 13:46:06 I NOTE: Pulled options changed on restart will need to close and reopen TUN/TAP device.
20210301 13:46:06 I /tmp/openvpncl/route-down.sh tun0 1500 1659 10.7.2.2 255.255.255.0 init
20210301 13:46:06 net_route_v4_del: 5.253.206.171/32 via XXXXXXXXXXXXXXXXXXXX dev [NULL] table 0 metric -1
20210301 13:46:06 net_route_v4_del: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
20210301 13:46:06 net_route_v4_del: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
20210301 13:46:06 Closing TUN/TAP interface
20210301 13:46:06 I net_addr_v4_del: 10.7.2.2 dev tun0
20210301 13:46:07 net_route_v4_best_gw query: dst 0.0.0.0
20210301 13:46:07 net_route_v4_best_gw result: via XXXXXXXXXX dev eth0
20210301 13:46:07 I TUN/TAP device tun0 opened
20210301 13:46:07 I net_iface_mtu_set: mtu 1500 for tun0
20210301 13:46:07 I net_iface_up: set tun0 up
20210301 13:46:07 I net_addr_v4_add: 10.7.1.5/24 dev tun0
20210301 13:46:07 net_route_v4_add: 5.253.206.171/32 via XXXXXXXXXXdev [NULL] table 0 metric -1
20210301 13:46:07 net_route_v4_add: 0.0.0.0/1 via 10.7.1.1 dev [NULL] table 0 metric -1
20210301 13:46:07 net_route_v4_add: 128.0.0.0/1 via 10.7.1.1 dev [NULL] table 0 metric -1
20210301 13:46:08 I Initialization Sequence Completed
20210301 14:46:06 VERIFY OK: depth=2 C=PA O=NordVPN CN=NordVPN Root CA
20210301 14:46:06 VERIFY OK: depth=1 C=PA O=NordVPN CN=NordVPN CA5
20210301 14:46:06 VERIFY KU OK
20210301 14:46:06 NOTE: --mute triggered...
20210301 15:43:52 9 variation(s) on previous 3 message(s) suppressed by --mute
20210301 15:43:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 15:43:52 D MANAGEMENT: CMD 'state'
20210301 15:43:52 MANAGEMENT: Client disconnected
20210301 15:43:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 15:43:52 D MANAGEMENT: CMD 'state'
20210301 15:43:52 MANAGEMENT: Client disconnected
20210301 15:43:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 15:43:52 D MANAGEMENT: CMD 'state'
20210301 15:43:52 MANAGEMENT: Client disconnected
20210301 15:43:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 15:43:52 D MANAGEMENT: CMD 'status 2'
20210301 15:43:52 MANAGEMENT: Client disconnected
20210301 15:43:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210301 15:43:52 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00
Połączony z 01 marca 2021 16:09:34:
Jak wyłącze auth no cache
mam takie info
20210301 16:07:22 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dlatego też to dodałem Edytowany przez forest75 dnia 01-03-2021 16:09
Narazie nie mam pomysłu o co kaman... a tak z ciekawości, dlaczego masz ustawiony port 443? i to jeszcze na TCP?
Edytowany przez solldat dnia 01-03-2021 17:09
Zaprawdę wódka jest potężna, lecz bimber większą mocą włada.
Dostajesz sygnał SIGUSR1: "This signal may also be internally generated by a timeout condition, governed by the -ping-restart option." https://openvpn.net/community-resourc...envpn-2-4/
W konfigu klienta masz ustawione
choć w logu klienta masz ping-restart 180, które przychodzi z serwera, więc można spróbować zmienić tą wartość na serwerze.
Poczytaj też o parametrze keepalive i o tym dlaczego należy stosować auth-nocache.
Edytowany przez khain dnia 03-03-2021 22:22
· Łącznie użytkowników: 24,115 · Najnowszy użytkownik: Ja
Czat
Musisz się zalogować, aby opublikować wiadomość.
Adooni
20-11-2023 09:27
Cudy X6 w x-kom za 159zl dzisiaj.
bigl
16-11-2023 10:19
Pytanie praktyczne o FTTH Orange. Chcę tylko IPv4 i żadnych dodatków. Ale chcę mieć publiczne IP do serwera VPN. Czy powinienem wziąć zewnętrzny ONT + odpalić FreshTomato czy FunBox plus host DMZ?
alex6010
12-11-2023 16:57
Witam mam mam pytanie jak w tomato zablokować gry store.steampowered .com
pedro
10-11-2023 17:55
Cześć tobie.
DarioX7
05-11-2023 10:50
Cześć wszystkim.
Maniek91PL
19-10-2023 21:44
dorwałem w swoje rączki właśnie Asus AC5300, który jest gabarytami większy niż mój mini pc
' target='_blank'>Link
