Trouble setting up VPN (resolved)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
velis
DD-WRT Novice


Joined: 08 Apr 2012
Posts: 13

PostPosted: Mon Apr 09, 2012 9:31    Post subject: Trouble setting up VPN (resolved) Reply with quote
I followed the "the easy way" on VPN setup. However, the entire procedure was pretty painful. Seems OpenVPN now has two clients (the old 2.1.2 I could hardly find) and the default VPN_client (for which I can't find a version number). The problem is that the new client doesn't have the certificate creation subfolder plus a few other minor details.

Ultimately I managed to get VPN working locally (haven't yet tried remotely). I get a new "NIC" with IP in the VPN range, but without default gateway. Networking works, but I'm not even sure how to check whether it's by VPN or by ordinary wireless I use to connect to the router's VPN server. I guess I'll be able to do that once I actually test from the intended remote location.

However, I have a major issue with the client (the new one, I can't seem to make the 2.1.2 old one work):
Immediately upon connecting the client hogs one entire core and starts sending huge amounts of data over the connection - all the connection can handle.
During this time, the router doesn't register any traffic from the client computer.

So what gives? Where did I miss?


Last edited by velis on Wed Apr 18, 2012 6:31; edited 1 time in total
Sponsor
velis
DD-WRT Novice


Joined: 08 Apr 2012
Posts: 13

PostPosted: Tue Apr 10, 2012 5:00    Post subject: Reply with quote
Tried from remote location and the traffic spamming wasn't there so I guess the major problem is solved.
The network didn't work either Smile So I need to read up s bit more on VPN setup, particulary the routing section it seems.
velis
DD-WRT Novice


Joined: 08 Apr 2012
Posts: 13

PostPosted: Thu Apr 12, 2012 16:34    Post subject: Reply with quote
Read up on routing plus googled A LOT.
I just can't seem to make the stuff work.
The client connects, logs on client and server show no errors, but nothing works.
I can't ping neither the router (tried VPN and "standard" IP) nor any other computer connected to it.

ipconfig shows that default gateway is not assigned to the tun interface created by openvpn.
In the mean time I also made client 2.1.2 work, but it's essentially the same client as mentioned before and works in the exact same way with identical logs.

How can I make the TUN interface receive a default gateway - or better asked: what am I doing wrong here?
As before, using configurations as suggested in "the easy way" VPN guide. Only changed the relevant IPs.
velis
DD-WRT Novice


Joined: 08 Apr 2012
Posts: 13

PostPosted: Fri Apr 13, 2012 6:07    Post subject: Reply with quote
I made minor progress:
creating a route for 0.0.0.0 through VPN interface now allows me to ping the router both by its VPN IP and by its LAN IP. However I still can't ping any of the other computers on the LAN and DNS for the VPN network does not work.

Edit: now I tried to add these two lines:
push "dhcp-option DNS 192.168.254.100"
push "dhcp-option DOMAIN dghvoip.lan"
of course, nothing works any more Sad
routvol
DD-WRT User


Joined: 02 Feb 2009
Posts: 87

PostPosted: Fri Apr 13, 2012 7:54    Post subject: Reply with quote
maybe this helps.

my server openvpn.conf
Code:

daemon
server 10.8.0.0 255.255.255.0
proto udp
port 21194
dev tap0
dh /opt/share/easy-rsa/keys/dh1024.pem
key /opt/share/easy-rsa/keys/i2server.key
cert /opt/share/easy-rsa/keys/i2server.crt
ca /opt/share/easy-rsa/keys/ca.crt
up /opt/etc/openvpn/openvpnup.sh
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
tls-server
mode server
tls-auth /opt/etc/openvpn/ta.key 0
status /opt/etc/openvpn/openvpn-status.log
log         /opt/etc/openvpn/openvpn.log
client-to-client
client-config-dir /opt/etc/openvpn/ccd
script-security 3 system


my client file:
Code:

client
dev tap0
remote 192.168.1.1 21194
persist-key
persist-tun
tls-client
comp-lzo
verb 4
ca /ffp/etc/openvpn/ca.crt
cert /ffp/etc/openvpn/client323.crt
key /ffp/etc/openvpn/client323.key
tls-auth /ffp/etc/openvpn/ta.key 1
log /ffp/var/log/openvpn.log


openvpn version
Code:

root@DD-WRT:~# openvpn --version
OpenVPN 2.2.0 mipsel-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 28 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

  $ ./configure --build=x86_64-pc-linux-gnu --host=mipsel-linux --target=mipsel-linux --prefix=/opt --disable-nls --enable-password-save

Compile time defines:  ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL
root@DD-WRT:~#


openvpn.up.sh
Code:

#!/opt/bin/bash

log=openvpnup.log

echo interface: $1 >> $log
echo mtu:       $2 >> $log
echo link mtu:  $3 >> $log
echo localip:   $4 >> $log
echo netmask:   $5 >> $log

iptables -I INPUT -p udp --dport 21194 -j ACCEPT

iptables -I INPUT -i tap0 -j ACCEPT
iptables -I INPUT -i br0 -j ACCEPT

iptables -I FORWARD -i br0 -j ACCEPT

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

velis
DD-WRT Novice


Joined: 08 Apr 2012
Posts: 13

PostPosted: Wed Apr 18, 2012 6:30    Post subject: Reply with quote
Thanks for the help routvol. Made me realize I had version problem. Was using build 13064 as recommended by router database, but only after MUCH MORE reading i found that it's not exactly a good build.

Changing version to a more appropriate one fixed all issues at once. VPN worked in the first try after I did this.

Please guys, fix the router database! It's the best idea ever, but it's not helpful if the most popular router of all time doesn't even have a wiki page link on its database entry, not to mention suggested version (mis)information.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum