Posted: Wed Oct 04, 2017 14:27 Post subject: dd-wrt openvpn need help
Dear friends,
I need some help
I have a raspberry pi loaded with pivpn and made a few profiles wich all work from my android phone.... (using my data plan and using wifi at someones house (so outside of my network)
I also have a few tl-wr1043nd v1 (routers) loaded with dd-wrt v3.0-r33413 std (09/27/17)
I would like to use these routers to setup a vpn connection from outside the network, like connecting these at a friends house to tere network and automaticly startup the vpn so i can plugin whatever and end up at my network
(basicly using the router as an extension for my network)
(i want to use the 4 port lan switch as ports that lands on my network, and also the wifi)
I have been working on this sins may, but i cannot get it to work, Can someone please help me?
below i posted the client config for the router
Code:
client
dev tun
proto udp
remote xx.xxx.xxx.xx 1150
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
letters and what not
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
some more...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
and the key
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
and the static
-----END OpenVPN Static key V1-----
</tls-auth>
i use a monowall router, and for security i am using udp port 1150 to let outside vpn clients connect to the server
@above: yes, i want to use this (and other routers as a client) i have been tring to use the GUI, and so many other things, i just cant get it to work, and i dont know where i need to look for a solution.
any help is appreciated.
(even my writing stresses under it)
my updated config file that i took from the router
Oct 6 12:14:11 DD-WRT daemon.warn openvpn[2334]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
Oct 6 12:14:11 DD-WRT daemon.notice openvpn[2334]: OpenVPN 2.4.3 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 27 2017
Oct 6 12:14:11 DD-WRT daemon.notice openvpn[2334]: library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.09
Oct 6 12:14:11 DD-WRT daemon.notice openvpn[2336]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Oct 6 12:14:11 DD-WRT daemon.warn openvpn[2336]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 6 12:14:11 DD-WRT daemon.warn openvpn[2336]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 6 12:14:11 DD-WRT daemon.err openvpn[2336]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected ke
Oct 6 12:14:11 DD-WRT daemon.notice openvpn[2336]: Exiting due to fatal error
The weird thing is that i do not use a username/passphrase, just the ca,cert and key.
maybe this can help to fix my problem (should i run it as a client or as a deamon? )
I am able to setup a vpn (will explain it below)
but run into 2 problems
1) the openvpn client cannot setup tun1, so the router is isolated.
if i want to connect to the internet i have to disable the vpn... looks like a routing issue?
second problem 2) i needed to create a passphrase file to open the ta.key,
That file is not being saved on the router just because it refuses it... How do i fix this?
i am not out of the woods yet, so if anyone can help me ... with the storing of the password, and routing problems, then that would be great.
explaining the problem:
after looking through the logs and a lot of google-ing
i remembered something that i did to connect my phone for the first time to the vpn server..
i needed to enter a password... that same password is what kept tls from connecting to the server (it's password protected) (a password for a key)
i made a file with the password and added "askpass /tmp/openvpncl/filesomething" to the additional info box in the client tab
that was it....
so the vpn works, it shows it's connected but i cannot disconnect the router from power or reboot (i have to place the password file back in the directory by hand (the second problem)