No OpenVPN on Buffalo WHR-300HP??

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
mbehensky
DD-WRT Novice


Joined: 16 Dec 2010
Posts: 4

PostPosted: Wed Oct 10, 2012 0:32    Post subject: No OpenVPN on Buffalo WHR-300HP?? Reply with quote
I was at Fry's today to get a router to run DD-WRT on for my office. I was going to grab a D-Link DI-615, but the clerk suggested I try one of the new Buffalo routers that come with DD-WRT pre-installed.

I bought it. Unfortunately the build of DD-WRT they have pre-installed doesn't seem to come with OpenVPN support (this was the main reason I bought the router). This is particularly odd, since their press release for these routers touted their OpenVPN support.

I tried downloading the firmware they had on their website, but I got an "Upgrade Failed" almost immediately.

Is this the same as a WHR-HP300GN that is listed in the router database?

Can I just flash that firmware?

I apologize if this is the wrong forum for this question..

Max Behensky
Sponsor
mbehensky
DD-WRT Novice


Joined: 16 Dec 2010
Posts: 4

PostPosted: Wed Oct 10, 2012 2:04    Post subject: Loaded a build, but still no vpn Reply with quote
After a bunch of fooling around, I managed to load the recommended build from the router database (was a "multi" build). Came up fine, but still no OpenVPN.

There doesn't seem to be any "vpn" builds specifically for that router. Does it not have enough flash or something?
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17417
Location: Hesse/Germany

PostPosted: Fri Oct 12, 2012 10:29    Post subject: Reply with quote
no flash space for it
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
mbehensky
DD-WRT Novice


Joined: 16 Dec 2010
Posts: 4

PostPosted: Fri Oct 12, 2012 19:22    Post subject: Switched to a Linksys E2500, got it to work after much pain. Reply with quote
I guessed there wasn't enough flash. I bricked the buffalo router anyway (never responds to a ping) trying to install one of the vpn jffs builds. I'll make a jtag cable sometime and try to get it up and running again.

I bought a Linksys/Cisco e2500 at Frys (8mb flash) and got that to work. I installed the nv60K OpenVPN build from BrainSlayers 7/20/2012 broadcom_K26 directory:

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/07-20-12-r19519/broadcom_K26/dd-wrt.v24-19519_NEWD-2_K2.6_openvpn-nv60k.bin

I had the dreaded tls handshaking problem, but found that I could get it to talk if I put

tls-cipher EDH-RSA-DES-CBC3-SHA

on both the router and the client. This was suggested in one of the posts from renatopi on the bug tracker entry #2536.

I couldn't use the GUI setup directly either, because you couldn't set the netmask and have it stick. I used the GUI setup, logged in to the router with SSH, copied the GUI config file from /tmp/openvpn, and pasted it into the config section after I changed the netmask to 255.255.255.0

Here is my functioning config:

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
writepid /var/run/openvpnd.pid
management 127.0.0.1 5002
management-log-cache 50
mtu-disc yes
topology subnet
client-config-dir /tmp/openvpn/ccd
script-security 2
port 1194
proto udp
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
tls-cipher EDH-RSA-DES-CBC3-SHA
fast-io
tun-mtu 1500
server 192.168.154.0 255.255.255.0
dev tun2
comp-lzo
duplicate-cn
push "route 192.168.153.0 255.255.255.0"

(Note that I also had to add comp-lzo to avoid errors)

I also used the following firewall script:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -i tun2 -j ACCEPT
iptables -I FORWARD 1 -i tun2 -j ACCEPT
iptables -I FORWARD 1 -i br0 -d tun2 -j ACCEPT

(note there are two hyphens before dport!!)

The first INPUT statement opens the VPN port.

I'm not sure why you need the second INPUT statement, but I couldn't get it to route data without that.

The third statement lets the vpn traffic go anywhere

The fourth lets lan and wireless traffic go to the vpn

I'm not an iptables expert. Hopefully I haven't opened any gaping holes in the firewall here, but this was the most restrictive set of rules I could use and still have stuff work.
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17417
Location: Hesse/Germany

PostPosted: Sat Oct 13, 2012 12:01    Post subject: Reply with quote
set the whr to recovery mode and reflash
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
tbsnarf
DD-WRT Novice


Joined: 30 Dec 2012
Posts: 1

PostPosted: Sun Dec 30, 2012 0:28    Post subject: LOTS of flash ... simply not supported :( !? Reply with quote
Sash wrote:
no flash space for it


Bogus. The WHR-300HP seems to have 64k of flash... unfortunately it doesn't seem to be "properly" supported. I flashed mine with the WHR-HP-G300N v2 image, but there isn't an image for that older product with openVPN support, so I don't seem to have gained much over the stock buffalo/dd-wrt image.

It seems like it WOULD be a good little device if properly supported.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum