mchp92
DD-WRT Novice
Joined: 25 Jul 2016
Posts: 1
|
 Posted: Mon Jul 25, 2016 19:37 Post subject: Help needed in getting OpenVPN to work |
 |
Hi all
I have just this weekend purchased a wrt54gl router and flashed it with dd-wrt, for the sole purpose of having a host in my lan which serves as a openvpn server. i currently have one on my nas and want to migrate it away from there. I have set up port forwards in the routers i have on the wan side of my wrt54, and created all certificates and user profiles. I imported the ovpn file and the certificate and key files into my ios openvpn connect app. i can succesfully connect to my wrt54 thru that vpn, as i get the 'Connected' confirmation in my app.
the setup is roughly as follows
ISP/WAN <---> ISP_Router (1) <---> MyRouter (2) <---> WRT54/OpenVPN (3) (4)
(1) Subnet of this LAN is 192.168.1.0/24
(2) Subnet of this LAN is 10.157.147.0/24
(3) Subnet of this LAN is 192.168.222.0/24
there are normally no hosts in subnet (3)
all hosts are in subnet (2), directly behind MyRouter; this includes the WRT54
(4) IPs given out by VPN are in subnet 10.8.0.0/24 (i think)
what i dont get to work so far, is two things (basically, 'everything' beyond mere connect):
i) be able to reach all hosts in my LAN
ii) direct all traffic from eg my iphone through my LAN / VPNServer
unfortunately, neither i or ii currently work. If i connect to my VPN, i can not 'see' any LAN IP. also, a quick test involving some v v common URLs that are known to be reachable 99.999% wont respond. again, i CAN connect in my APP.
My guess is i have somthing wrong in my client config and/or the firewall settings in my wrt54. I dont think i have any NAT loopback (or whatever they call it) issues, as the vpn on my synolgy (in subnet (2)) does both i and ii
THe settings i currently use in my configs (server and client), as well as in firewall, have been 'copied' from how-to web pages including some of dd-wrt and openvpn.net.
heres roughly my settings
SERVER CONFIG
push "route 192.168.222.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
#push "dhcp-option DNS 10.8.0.1"
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
# Only use crl-verify if you are using the revoke list &#-106; otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT&#-110;s OpenVPN Status web page to access the server&#-110;s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001
FIREWALL RULES
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.222.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
CLIENT CONFIG
remote MY_WAN_IP_GIVEN_BY_ISP 1194
client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float
#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 30
ca ca.crt
cert USERNAME.crt
key USERNAME.key
Succesful connect attempt (yesterday - couldnt reproduce today)
2016-07-24 22:02:37 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios armv7a thumb2 32-bit built on Apr 15 2016 14:13:50
2016-07-24 22:02:37 Frame=512/2048/512 mssfix-ctrl=1250
2016-07-24 22:02:37 UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
10 [route-delay] [30]
2016-07-24 22:02:37 EVENT: RESOLVE
2016-07-24 22:02:38 Contacting MY_WAN_IP:1194 via UDP
2016-07-24 22:02:38 EVENT: WAIT
2016-07-24 22:02:38 SetTunnelSocket returned 1
2016-07-24 22:02:38 Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
2016-07-24 22:02:38 EVENT: CONNECTING
2016-07-24 22:02:38 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-07-24 22:02:38 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.7-199
IV_VER=3.0.11
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
2016-07-24 22:02:39 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=NBR, L=xxx, O=OpenVPN, OU=Admin, CN=Babbage, ??=Babbage, emailAddress=XXX
subject name : C=NL, ST=NBR, L=xxx, O=OpenVPN, OU=Admin, CN=Babbage, ??=Babbage, emailAddress=XXX
issued on : 2016-07-24 14:32:35
expires on : 2026-07-22 14:32:35
signed using : RSA with MD5
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-07-24 22:02:40 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2016-07-24 22:02:40 Session is ACTIVE
2016-07-24 22:02:40 EVENT: GET_CONFIG
2016-07-24 22:02:40 Sending PUSH_REQUEST to server...
2016-07-24 22:02:40 OPTIONS:
0 [route] [192.168.222.0] [255.255.255.0]
1 [route] [10.8.0.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.8.0.6] [10.8.0.5]
2016-07-24 22:02:40 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: NONE
peer ID: -1
2016-07-24 22:02:40 EVENT: ASSIGN_IP
2016-07-24 22:02:40 Connected via tun
2016-07-24 22:02:40 EVENT: CONNECTED @MY_WAN_IP:1194 (MY_WAN_IP) via /UDPv4 on tun/10.8.0.6/
2016-07-24 22:02:40 SetStatus Connected
2016-07-24 22:03:15 TUN reset routes
2016-07-24 22:03:15 EVENT: DISCONNECTED
2016-07-24 22:03:15 Raw stats on disconnect:
BYTES_IN : 2650
BYTES_OUT : 2722
PACKETS_IN : 29
PACKETS_OUT : 31
2016-07-24 22:03:15 Performance stats on disconnect:
CPU usage (microseconds): 112500
Network bytes per CPU second: 47751
Tunnel bytes per CPU second: 0
2016-07-24 22:03:15 ----- OpenVPN Stop -----
App Connect log (UPDATE: when trying to get the connect log from openvpn conect app just now, i get timeout  )
2016-07-25 21:06:31 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios armv7a thumb2 32-bit built on Apr 15 2016 14:13:50
2016-07-25 21:06:31 Frame=512/2048/512 mssfix-ctrl=1250
2016-07-25 21:06:31 UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
10 [route-delay] [30]
2016-07-25 21:06:31 EVENT: RESOLVE
2016-07-25 21:06:31 Contacting MY_WAN_IP:1194 via UDP
2016-07-25 21:06:31 EVENT: WAIT
2016-07-25 21:06:31 SetTunnelSocket returned 1
2016-07-25 21:06:31 Connecting to MY_WAN_IP:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:06:41 Server poll timeout, trying next remote entry...
2016-07-25 21:06:41 EVENT: RECONNECTING
2016-07-25 21:06:41 EVENT: RESOLVE
2016-07-25 21:06:41 Contacting MY_WAN_IP:1194 via UDP
2016-07-25 21:06:41 EVENT: WAIT
2016-07-25 21:06:41 SetTunnelSocket returned 1
2016-07-25 21:06:41 Connecting to MY_WAN_IP:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:06:51 Server poll timeout, trying next remote entry...
2016-07-25 21:06:51 EVENT: RECONNECTING
2016-07-25 21:06:51 EVENT: RESOLVE
2016-07-25 21:06:51 Contacting MY_WAN_IP:1194 via UDP
2016-07-25 21:06:51 EVENT: WAIT
2016-07-25 21:06:51 SetTunnelSocket returned 1
2016-07-25 21:06:51 Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:07:01 Server poll timeout, trying next remote entry...
2016-07-25 21:07:01 EVENT: RECONNECTING
2016-07-25 21:07:01 EVENT: RESOLVE
2016-07-25 21:07:01 Contacting MY_WAN_IP:1194 via UDP
2016-07-25 21:07:01 EVENT: WAIT
2016-07-25 21:07:01 SetTunnelSocket returned 1
2016-07-25 21:07:01 Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:07:11 Server poll timeout, trying next remote entry...
2016-07-25 21:07:11 EVENT: RECONNECTING
2016-07-25 21:07:11 EVENT: RESOLVE
2016-07-25 21:07:11 Contacting MY_WAN_IP:1194 via UDP
2016-07-25 21:07:11 EVENT: WAIT
2016-07-25 21:07:11 SetTunnelSocket returned 1
2016-07-25 21:07:11 Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:07:21 Server poll timeout, trying next remote entry...
2016-07-25 21:07:21 EVENT: RECONNECTING
2016-07-25 21:07:21 EVENT: RESOLVE
2016-07-25 21:07:21 ContactingMY_WAN_IP:1194 via UDP
2016-07-25 21:07:21 EVENT: WAIT
2016-07-25 21:07:21 SetTunnelSocket returned 1
2016-07-25 21:07:21 Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
2016-07-25 21:07:31 EVENT: CONNECTION_TIMEOUT [ERR]
2016-07-25 21:07:31 EVENT: DISCONNECTED
2016-07-25 21:07:31 Raw stats on disconnect:
BYTES_OUT : 420
PACKETS_OUT : 30
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2016-07-25 21:07:31 Performance stats on disconnect:
CPU usage (microseconds): 59698
Network bytes per CPU second: 7035
Tunnel bytes per CPU second: 0
2016-07-25 21:07:31 EVENT: DISCONNECT_PENDING
2016-07-25 21:07:31 ----- OpenVPN Stop ----- |
|
