DD-WRT v24-sp2 OpenVPN - Establishes Peer Connection but Linux ifconfig fails and exits

DeveloperBlue

I have a Netgear WNDR3400v2 Router running DD-WRT v24-sp2 (04/17/14) mega sitting behind a Netgear R6230.

I would like to have any device that connects to the WNDR3400v2 connect to the PIA VPN, and any device that connects to the main router connect normally to the internet.

I followed various setups, and in the end I have this output after PuTTY-ing in to the WNDR3400v2.

[email protected]:~# cat /var/log/messages | grep [o]penvpn
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1221]: OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 17 2014
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1221]: WARNING: file '/tmp/ovpn/pass' is group or others accessible
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1221]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1221]: LZO compression initialized
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1220]: OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 17 2014
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1220]: WARNING: file '/tmp/ovpn/pass' is group or others accessible
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1220]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1221]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1222]: UDPv4 link local: [undef]
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1222]: UDPv4 link remote: 193.37.253.109:1194
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1222]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1220]: LZO compression initialized
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1220]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1222]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1222]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:23 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS handshake failed
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1222]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1228]: UDPv4 link local: [undef]
Jan  1 00:00:23 DD-WRT daemon.notice openvpn[1228]: UDPv4 link remote: 194.59.251.11:1194
Jan  1 00:00:23 DD-WRT daemon.warn openvpn[1228]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan  1 00:00:24 DD-WRT daemon.err openvpn[1228]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:24 DD-WRT daemon.err openvpn[1228]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:24 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:24 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS handshake failed
Jan  1 00:00:24 DD-WRT daemon.notice openvpn[1228]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:25 DD-WRT daemon.warn openvpn[1222]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:25 DD-WRT daemon.notice openvpn[1222]: Re-using SSL/TLS context
Jan  1 00:00:25 DD-WRT daemon.notice openvpn[1222]: LZO compression initialized
Jan  1 00:00:25 DD-WRT daemon.err openvpn[1222]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:25 DD-WRT daemon.notice openvpn[1222]: UDPv4 link local: [undef]
Jan  1 00:00:25 DD-WRT daemon.notice openvpn[1222]: UDPv4 link remote: 193.37.253.109:1194
Jan  1 00:00:25 DD-WRT daemon.err openvpn[1222]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:25 DD-WRT daemon.err openvpn[1222]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:25 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:25 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS handshake failed
Jan  1 00:00:25 DD-WRT daemon.notice openvpn[1222]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:26 DD-WRT daemon.warn openvpn[1228]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:26 DD-WRT daemon.notice openvpn[1228]: Re-using SSL/TLS context
Jan  1 00:00:26 DD-WRT daemon.notice openvpn[1228]: LZO compression initialized
Jan  1 00:00:26 DD-WRT daemon.err openvpn[1228]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:26 DD-WRT daemon.notice openvpn[1228]: UDPv4 link local: [undef]
Jan  1 00:00:26 DD-WRT daemon.notice openvpn[1228]: UDPv4 link remote: 194.59.251.187:1194
Jan  1 00:00:26 DD-WRT daemon.err openvpn[1228]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:26 DD-WRT daemon.err openvpn[1228]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:26 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:26 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS handshake failed
Jan  1 00:00:26 DD-WRT daemon.notice openvpn[1228]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:28 DD-WRT daemon.warn openvpn[1222]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1222]: Re-using SSL/TLS context
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1222]: LZO compression initialized
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1222]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1222]: UDPv4 link local: [undef]
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1222]: UDPv4 link remote: 194.59.251.130:1194
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1222]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1222]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1222]: TLS Error: TLS handshake failed
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1222]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:28 DD-WRT daemon.warn openvpn[1228]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1228]: Re-using SSL/TLS context
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1228]: LZO compression initialized
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1228]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1228]: UDPv4 link local: [undef]
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1228]: UDPv4 link remote: 194.59.251.135:1194
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1228]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1228]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS object -> incoming plaintext read error
Jan  1 00:00:28 DD-WRT daemon.err openvpn[1228]: TLS Error: TLS handshake failed
Jan  1 00:00:28 DD-WRT daemon.notice openvpn[1228]: SIGUSR1[soft,tls-error] received, process restarting
Jan  1 00:00:29 DD-WRT daemon.notice openvpn[1222]: SIGTERM[hard,init_instance] received, process exiting
Jan  1 00:00:29 DD-WRT daemon.notice openvpn[1228]: SIGTERM[hard,init_instance] received, process exiting
Jun 15 18:10:39 DD-WRT daemon.notice openvpn[1344]: OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 17 2014
Jun 15 18:10:39 DD-WRT daemon.warn openvpn[1344]: WARNING: file '/tmp/ovpn/pass' is group or others accessible
Jun 15 18:10:39 DD-WRT daemon.warn openvpn[1344]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jun 15 18:10:39 DD-WRT daemon.notice openvpn[1344]: LZO compression initialized
Jun 15 18:10:39 DD-WRT daemon.err openvpn[1344]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jun 15 18:10:39 DD-WRT daemon.notice openvpn[1345]: UDPv4 link local: [undef]
Jun 15 18:10:39 DD-WRT daemon.notice openvpn[1345]: UDPv4 link remote: 194.59.251.25:1194
Jun 15 18:10:39 DD-WRT daemon.warn openvpn[1345]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 15 18:10:41 DD-WRT daemon.notice openvpn[1345]: SIGTERM[hard,] received, process exiting
Jun 15 18:10:53 DD-WRT daemon.notice openvpn[1451]: OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 17 2014
Jun 15 18:10:53 DD-WRT daemon.warn openvpn[1451]: WARNING: file '/tmp/ovpn/pass' is group or others accessible
Jun 15 18:10:53 DD-WRT daemon.warn openvpn[1451]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jun 15 18:10:53 DD-WRT daemon.notice openvpn[1451]: LZO compression initialized
Jun 15 18:10:53 DD-WRT daemon.err openvpn[1451]: RESOLVE: NOTE: us-east.privateinternetaccess.com resolves to 13 addresses
Jun 15 18:10:53 DD-WRT daemon.notice openvpn[1452]: UDPv4 link local: [undef]
Jun 15 18:10:53 DD-WRT daemon.notice openvpn[1452]: UDPv4 link remote: 193.37.253.93:1194
Jun 15 18:10:53 DD-WRT daemon.warn openvpn[1452]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 15 18:10:55 DD-WRT daemon.warn openvpn[1452]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Jun 15 18:10:55 DD-WRT daemon.warn openvpn[1452]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Jun 15 18:10:55 DD-WRT daemon.notice openvpn[1452]: [fe924a84ad1534022030586e77032d8c] Peer Connection Initiated with 193.37.253.93:1194
Jun 15 18:10:58 DD-WRT daemon.notice openvpn[1452]: TUN/TAP device tun0 opened
Jun 15 18:10:58 DD-WRT daemon.notice openvpn[1452]: /usr/sbin/ifconfig tun0 10.65.10.6 pointopoint 10.65.10.5 mtu 1500
Jun 15 18:10:58 DD-WRT daemon.err openvpn[1452]: Linux ifconfig failed: could not execute external program
Jun 15 18:10:58 DD-WRT daemon.notice openvpn[1452]: Exiting

I notice that it tries and fails while the system clock is incorrect. When the clock is finally set, it manages to connect but then subsequently fails.

Because I am on DD-WRT v24-sp2, the GUI is unusable and I cannot upgrade as that is the only available version for my router. I've been relying on scripts found here: https://www.privateinternetaccess.com/forum/discussion/17620/dd-wrt-v24-sp2-vpn-gui-settings-dont-match-setup-guide

I am connecting to the internet just fine without the VPN on the WNDR3400v2. It is also running on a different subnet (192.168.2.1) and has the following DNS Servers:
209.222.18.222
209.222.18.218

Please let me know if any more information is required. I've been trying to get this set up for a few hours now, and I'm at a loss.