OpenVPN client issues with RT-N56U 3.0.3.8-081 base

[GoogleCodeExporter]

Hi,

I'm running a RT-N56U with a fresh firmware flash of 3.0.3.8-081 base on it and 
I'm trying to get the OpenVPN client to work with my paid VPN service through 
the web GUI in the router.

The first bug(?) I found out is that you can't have the character "&" (and) in 
a password. The characters changes to a "_" (underscore) both in the web GUI 
and when I check with "vi /etc/openvpn/client/secret" in the shell. I changed 
password on my VPN service to get around that.

My second problem is that the OpenVPN client exits at this stage when trying to 
start:

openvpn-cli[634]: /sbin/ifconfig tun0 ***.***.***.*** netmask ***.***.***.*** 
mtu 1500 broadcast ***.***.***.***
openvpn-cli[634]: /sbin/ifconfig tun0 add ****:****:****:****::****/**
openvpn-cli[634]: Linux ifconfig inet6 failed: external program exited with 
error status: 1
openvpn-cli[634]: Exiting due to fatal error

I tried to start the client manually through the shell with:

cd /etc/openvpn/client/
openvpn --client --config client.conf

That outputs the same result with a little bit more information:

/sbin/ifconfig tun0 ***.***.***.*** netmask ***.***.***.*** mtu 1500 broadcast 
***.***.***.***
/sbin/ifconfig tun0 add ****:****:****:****::****/**
ifconfig: SIOCSIFADDR: Permission denied
Linux ifconfig inet6 failed: external program exited with error status: 1
Exiting due to fatal error

I'm a total newbie to Linux so I don't know if this has something to do with 
IPv6 or something? I don't need IPv6 and when I look in the routers settings 
it's disabled.

Here is the client.conf file:

client
proto udp
remote ***.***.***.*** 1194
resolv-retry infinite
nobind
dev tun0
ca /etc/storage/openvpn/client/ca.crt
auth-user-pass secret
persist-key
script-security 2
writepid /var/run/openvpn_cli.pid
up ovpnc.script
down ovpnc.script

### User params:
remote-random
persist-tun
remote-cert-tls server
reneg-sec 0
verb 3

I've tried with the default User params and with no User params at all (I 
change the settings under "OpenVPN Extended Configuration" in the OpenVPN 
client web GUI) and every time it's the same "Exiting due to fatal error".

Thanks in advance!

Original issue reported on code.google.com by viR...@gmail.com on 20 Jul 2014 at 3:48

[GoogleCodeExporter]

I believe it's possible to use & in password - try to use single quotes.
Do you have IPv6 working?

Try that config and start it with:
/usr/sbin/openvpn --cd /etc/openvpn/client --config client.conf --user admin 
--group root --verb 5

Then show the output...

Original comment by d...@soulblader.com on 20 Jul 2014 at 4:22

[GoogleCodeExporter]

I'm not sure what you mean by "try to use single quotes"?

Lets say the password for my VPN server is: gara&eee
When I write that in the web GUI it changes to: gara_eee both in the web GUI 
and in /etc/openvpn/client/secret.

If I edit the secret file through vi editor in the shell it will be overwritten 
as soon as I enter the configuration in the web GUI.

I tried to change to: gara'&'eee in the web GUI
That changed to: gara'_'eee

I don't know if IPv6 is working as I'm not using it, I only use "normal/old" 
IPv4. I didn't change any IPv6 settings in the router - it's disabled there (by 
default I guess?).

I tried to downgrade to version 3.4.3.7-075 base and I get the same "Exiting 
due to fatal error" with that version also.

Output of /usr/sbin/openvpn --cd /etc/openvpn/client --config client.conf 
--user admin --group root --verb 5:

/usr/sbin/openvpn --cd /etc/openvpn/client --config client.conf --user admin 
--group root --verb 5
us=178830 OpenVPN 2.3.3 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Apr 12 2014
us=180807 NOTE: the current --script-security setting may allow this 
configuration to call user-defined scripts
us=187644 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
us=188971 Socket Buffers: R=[163840->131072] S=[163840->131072]
us=191469 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
us=192924 failed to find GID for group root: No such file or directory (errno=2)
us=193750 Exiting due to fatal error

Original comment by viR...@gmail.com on 20 Jul 2014 at 5:22

[GoogleCodeExporter]

You are right - it is a bug. But I get it only in web browser, 
/etc/openvpn/client/secret seems to be correct with &. But I'm on 3.0.3.8-082 
now.
About IPv6 - open browser and type http://ipv6.google.com/. Can you see the 
webpage?

Original comment by d...@soulblader.com on 20 Jul 2014 at 6:34

[GoogleCodeExporter]

No, I can't reach http://ipv6.google.com/.

I Googled "Linux ifconfig inet6 failed: external program exited with error 
status: 1" and found this thread, also from your project:

https://code.google.com/p/rt-n56u/issues/detail?id=970

Based on comments from that thread I tried to execute the OpenVPN client with:

sysctl -w net.ipv6.conf.tun0.disable_ipv6=0
cd /etc/openvpn/client/
openvpn --client --config client.conf

Then I get connected to the VPN server and everything works (even the green 
Connected button appears in the web GUI).

A project member explains that "sysctl -w net.ipv6.conf.tun0.disable_ipv6=0" 
enables IPv6 on the tun interface. I guess that my VPN service does have IPv6 
enabled in their OpenVPN server and therefore I need to have it enabled on my 
side also?

Sadly the "sysctl -w net.ipv6.conf.tun0.disable_ipv6=0" doesn't last if I make 
any changes and/or reboot the router - any suggestion on how to make it work 
permanently?

Original comment by viR...@gmail.com on 20 Jul 2014 at 7:00

[GoogleCodeExporter]

# echo 'echo 0 > /proc/sys/net/ipv6/conf/tun0/disable_ipv6' >> 
/etc/storage/started_script.sh
# mtd_storage.sh save

Original comment by d...@soulblader.com on 20 Jul 2014 at 7:20

[GoogleCodeExporter]

Thanks a lot guys for all your help, everything is fine now.

Incredible work with this firmware!

Original comment by viR...@gmail.com on 20 Jul 2014 at 8:03

[GoogleCodeExporter]

Original comment by d...@soulblader.com on 20 Jul 2014 at 8:22

• Changed state: Verified

[GoogleCodeExporter]

Hey guys,
I am having the same issue on the RT-AC66u.

I know this is not really the place to post this but I am not able to find 
anything elsewhere. 
/proc/sys/net/ipv6/conf/tun11 > disable_ipv6=1 and don't know how to change it 
to 0.

Is anyone familiar with the ac66u? 
Any help would be appreciated. 

Original comment by james...@gmail.com on 11 Dec 2014 at 5:42

[GoogleCodeExporter]

The same way

echo 0 > /proc/sys/net/ipv6/conf/tun11/disable_ipv6

or

sysctl -w net.ipv6.conf.tun11.disable_ipv6 = 0

I have no idea how to make this setting be applied on boot... 

Original comment by d...@soulblader.com on 11 Dec 2014 at 9:18

[GoogleCodeExporter]

the echo worked but the Connection Status stays as an X, if i deactivate and 
reactivate the VPNprofile then the display_ipv6 resets to 1.

The sysctl is an unknown command.

Been at it for 2 days now ...

Original comment by james...@gmail.com on 11 Dec 2014 at 11:21