Posted: Sun Feb 04, 2007 22:02 Post subject: Problem with getting an OpenVPN to work - help needed
My configuration :
WRT54GS v.1 with DD-WRT v24 Beta (01/27/07) vpn
I've follwed instructions in Wiki HOWTO however it looks like entering command using web method seems to not work so I've logged by SSH and started entring commands manually.
I've also copied keys and openvpn.conf file to /tmp/openvpn.
I don't know what more can be done, service is not working, port 1194 is not opened and openvpn client reports that connection is 'reset by peer'
Can you tell me what should I see after typing this command
so can I copy my example.startup to /etc/config or /jffs/etc/config folder, reboot and have OpenVPN working and port opened ?
When I type commands manually this is what I get
Code:
~ # openvpn --mktun --dev tap0
Mon Feb 5 19:29:42 2007 TUN/TAP device tap0 opened
Mon Feb 5 19:29:42 2007 Persist state set to: ON
~ # brctl addif br0 tap0
device tap0 is already a member of a bridge; can't enslave it to bridge br0.
I don't use 'web method' because there is some sort of limitation how much code you can insert and so it creates .rc_startup in /tmp folder which ends in the middle of my dh file making this file not correct. I'm also unable to delete this code from file because clicking edit alllows you only to delete something, you can't delete everything nor add something more. I can copy to router .rc_startup file but after reboot it will be replaced with trash stored in 'web method'. This is I avoid web method. I have WRT54GS so I want to have my VPN on JFFS not in RAM.
I'm thinking about reflashing to v.23 SP2 or SP3
Last edited by telemach on Mon Feb 05, 2007 19:57; edited 2 times in total
Joined: 07 Jun 2006 Posts: 1488 Location: the Netherlands
Posted: Mon Feb 05, 2007 19:40 Post subject:
Looks like your script is executing since it says tap0 is already bridged.
Here's my config, I don't use certificates, just one connection (although I'm planning on changing my config so it allows simultaneous connections).
openvpn.conf:
Code:
proto tcp-server # Setup the protocol (server)
port 443 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
secret /mmc/etc/config/openvpn.key # OpenVPN static key
My OpenVPN server is stored on a SD-CARD so I also need to load the libraries needed by OpenVPN.
Also, your certificates need to be exactly like they were generated, including linebreaks etc.
Also be sure you don't have extra linebreaks in comments etc.
[edit]
Another thing i noticed, try the full path to the config file as parameter, that could be the problem too. _________________ Firmware: DD-WRT v24-sp2 (latest available) mega
WRT320N
mode server
tls-server
port 1194
proto udp-server
dev tap0
I think "proto udp-server" should be just "proto udp".
Quote:
I don't use 'web method' because there is some sort of limitation how much code you can insert and so it creates .rc_startup in /tmp folder which ends in the middle of my dh file making this file not correct.
That could also be a browser issue, or maybe you're running out of NVRAM.
Quote:
I'm also unable to delete this code from file because clicking edit allows you only to delete something; you can't delete everything nor add something more.
I don't understand what you mean. Why can't you delete everything?
Try ssh in and issue the command nvram unset rc_startup to get rid of the unwanted script.
Another thing i noticed, try the full path to the config file as parameter, that could be the problem too.
thanks, this was also a part of a problem, there is some mess in the Wiki, reading openvpn is crucial, now I have everything smooth working and installed in jffs, co rc_startup or rc_firewall is needed
one hint for ppl having problem with openvpn
add this to your server.conf
Code:
log-append openvpn.log
verb 5
this will create openvpn.log file with detailed information why openvpn is not working or exiting, by analyzing this file I was able to detect and fix my problems