Probleme mit OpenVPN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC basierende Hardware
Author Message
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Sun May 12, 2013 15:24    Post subject: Probleme mit OpenVPN Reply with quote
Hallo,
nachdem ich eine OpenVpn Verbindung von meinem Tp-Link 1043nd als OpenVPN Server zu mein Android Hnady bzw. Windows Rechner hinbekommen habe,hab ich noch folgendes Problem.

Ich schaffe es einfach nicht den kompletten Inernetverkehr durch den VPN Tunnel zu schicken. Hab schon diesen Eintrag in der GUI unter additional gemacht:redirect-gateway def1

Was mach ich nur falsch? Ich komme auf das Netz hinter dem Router,d.h. über VPN komme ich auf meine NAS und auf das WEBIF vom Router. Nur geht dann keine Internetverbindung mehr. Lasse ich den Eintrag redirect-gateway def1 weg,dann geht das Inernet,aber nicht durch den Tunnel.

Muß ich noch irgendwo was anderes eintragen??? Bin echt schon am Verzweifeln,da ich schon soviel in der Firewall eingetragen hab.

Danke und Gruß
neo
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17412
Location: Hesse/Germany

PostPosted: Sun May 12, 2013 21:44    Post subject: Reply with quote
kommt doch drauf an was der client mit dem push macht....
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Mon May 13, 2013 5:05    Post subject: Reply with quote
Das heisst jetzt für mich? Muss ich noch irgendwo was eintragen? Laut dem Wiki brauche ich ja jkeine Rules mehr in der Firewall.
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Mon May 13, 2013 11:04    Post subject: Reply with quote
Hier mal meine Client Config:

client
dev tun
proto udp
remote ####.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
pull


ca ca.crt
cert Telefon.crt
key Telefon.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4

Und meine Server Config:

Open VPN:Enable
Start Type:System
Config as:Server
Server mode:Router(Tun)
Network:10.8.0.0
Netmask:255.255.255.0
Port:1194
Tunnel Protocoll:udp
Encryption Cypher:AES-128-CBC
Hash:SHA1
Advanced Options:Enable
TLS Cipher:None
LZO Compression:Adaptive
Redirect default Gateway:Enable
Allow Client to Client:Enable
Allow duplicate cn:Disable
Tunnel MTU setting:1500

Additional Config:push "route 192.168.100.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"

Mein Router hat die IP:192.168.100.1

VPN Tunnel bekomme ich hin. Nur meine Clienten können mit dieser Config nicht ins Internet. Was mache ich nur falsch bzw. muss ich doch noch was unter Firewall eingeben???

Firmware ist:Firmware: DD-WRT v24-sp2 (04/15/13) std (build 21286) Router TP-Link 1043nd

Ich hoffe auf Eure Hilfe.

Gruß
neo
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Mon May 13, 2013 20:09    Post subject: Reply with quote
Hallo,
weiß denn wirklich keiner woran es liegt? Jetzt hab ich schon so eine geniale Firmware auf meinen Router u irgendjemand wird doch darauf Openvpn als Server am laufen haben,wo es funktioniert??!!

Ich hoffe wirklich,das einen Newbie hier geholfen wird. Hab ja nun meine Config schon gepostet. Ein Tip wo der Fehler ist,würde mir ja reichen.

Danke und Gruß
Neo
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17412
Location: Hesse/Germany

PostPosted: Mon May 20, 2013 9:56    Post subject: Reply with quote
client log?
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Tue May 21, 2013 8:38    Post subject: Reply with quote
Hallo Sash,

hier der Clientlog:

Tue May 21 10:32:19 2013 us=953125 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Enter Management Password:
Tue May 21 10:32:19 2013 us=953125 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue May 21 10:32:19 2013 us=953125 Need hold release from management interface, waiting...
Tue May 21 10:32:20 2013 us=421875 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue May 21 10:32:20 2013 us=531250 MANAGEMENT: CMD 'state on'
Tue May 21 10:32:20 2013 us=531250 MANAGEMENT: CMD 'log all on'
Tue May 21 10:32:20 2013 us=531250 MANAGEMENT: CMD 'hold off'
Tue May 21 10:32:20 2013 us=531250 MANAGEMENT: CMD 'hold release'
Tue May 21 10:32:20 2013 us=531250 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue May 21 10:32:20 2013 us=625000 LZO compression initialized
Tue May 21 10:32:20 2013 us=625000 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 21 10:32:20 2013 us=625000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 21 10:32:20 2013 us=625000 MANAGEMENT: >STATE:1369125140,RESOLVE,,,
Tue May 21 10:32:20 2013 us=656250 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 21 10:32:20 2013 us=656250 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue May 21 10:32:20 2013 us=656250 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue May 21 10:32:20 2013 us=656250 Local Options hash (VER=V4): '66096c33'
Tue May 21 10:32:20 2013 us=656250 Expected Remote Options hash (VER=V4): '691e95c7'
Tue May 21 10:32:20 2013 us=656250 UDPv4 link local: [undef]
Tue May 21 10:32:20 2013 us=656250 UDPv4 link remote: [AF_INET]###:1194
Tue May 21 10:32:20 2013 us=656250 MANAGEMENT: >STATE:1369125140,WAIT,,,
Tue May 21 10:32:20 2013 us=703125 MANAGEMENT: >STATE:1369125140,AUTH,,,
Tue May 21 10:32:20 2013 us=703125 TLS: Initial packet from [AF_INET]###:1194, sid=8d02bada 0f658865
Tue May 21 10:32:21 2013 us=843750 VERIFY OK: depth=1, C=DE, ST=MUC, L=###, O=OpenVPN, CN=###, emailAddress=n###
Tue May 21 10:32:21 2013 us=843750 VERIFY OK: nsCertType=SERVER
Tue May 21 10:32:21 2013 us=843750 VERIFY OK: depth=0, C=DE, ST=MUC, O=OpenVPN, CN=ddwrt, emailAddress=###
Tue May 21 10:32:23 2013 us=171875 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue May 21 10:32:23 2013 us=171875 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 21 10:32:23 2013 us=171875 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue May 21 10:32:23 2013 us=171875 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 21 10:32:23 2013 us=171875 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 21 10:32:23 2013 us=171875 [ddwrt] Peer Connection Initiated with [AF_INET]###:1194
Tue May 21 10:32:24 2013 us=328125 MANAGEMENT: >STATE:1369125144,GET_CONFIG,,,
Tue May 21 10:32:25 2013 us=468750 SENT CONTROL [ddwrt]: 'PUSH_REQUEST' (status=1)
Tue May 21 10:32:25 2013 us=515625 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 192.168.100.0 255.255.255.0,dhcp-option DNS 10.8.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
Tue May 21 10:32:25 2013 us=515625 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 21 10:32:25 2013 us=515625 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 21 10:32:25 2013 us=515625 OPTIONS IMPORT: route options modified
Tue May 21 10:32:25 2013 us=515625 OPTIONS IMPORT: route-related options modified
Tue May 21 10:32:25 2013 us=515625 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue May 21 10:32:25 2013 us=515625 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue May 21 10:32:25 2013 us=515625 MANAGEMENT: >STATE:1369125145,ASSIGN_IP,,10.8.0.3,
Tue May 21 10:32:25 2013 us=515625 open_tun, tt->ipv6=0
Tue May 21 10:32:25 2013 us=515625 TAP-WIN32 device [LAN-Verbindung 6] opened: \\.\Global\{659DCE34-75A1-450D-98D1-C5BD5AF64303}.tap
Tue May 21 10:32:25 2013 us=515625 TAP-Windows Driver Version 9.9
Tue May 21 10:32:25 2013 us=515625 TAP-Windows MTU=1500
Tue May 21 10:32:25 2013 us=515625 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.3/255.255.255.0 [SUCCEEDED]
Tue May 21 10:32:25 2013 us=515625 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface {659DCE34-75A1-450D-98D1-C5BD5AF64303} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Tue May 21 10:32:25 2013 us=515625 DHCP option string: 06040a08 0001
Tue May 21 10:32:25 2013 us=515625 Successful ARP Flush on interface [3] {659DCE34-75A1-450D-98D1-C5BD5AF64303}
Tue May 21 10:32:30 2013 us=671875 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue May 21 10:32:30 2013 us=671875 C:\WINXP\system32\route.exe ADD ### MASK 255.255.255.255 192.168.178.1
Tue May 21 10:32:30 2013 us=671875 Route addition via IPAPI succeeded [adaptive]
Tue May 21 10:32:30 2013 us=671875 C:\WINXP\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Tue May 21 10:32:30 2013 us=671875 Route addition via IPAPI succeeded [adaptive]
Tue May 21 10:32:30 2013 us=671875 C:\WINXP\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Tue May 21 10:32:30 2013 us=671875 Route addition via IPAPI succeeded [adaptive]
Tue May 21 10:32:30 2013 us=671875 MANAGEMENT: >STATE:1369125150,ADD_ROUTES,,,
Tue May 21 10:32:30 2013 us=671875 C:\WINXP\system32\route.exe ADD 192.168.100.0 MASK 255.255.255.0 10.8.0.1
Tue May 21 10:32:30 2013 us=671875 Route addition via IPAPI succeeded [adaptive]
Tue May 21 10:32:30 2013 us=671875 Initialization Sequence Completed
Tue May 21 10:32:30 2013 us=671875 MANAGEMENT: >STATE:1369125150,CONNECTED,SUCCESS,10.8.0.3,###



Client ist in dem Fall ein WinXP Rechner. Im Server wurden keine Regeln in der Firewall vorgenommen.

Gruß
neo
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17412
Location: Hesse/Germany

PostPosted: Wed May 22, 2013 22:23    Post subject: Reply with quote
routing tabelle von client?
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
neolauren1
DD-WRT Novice


Joined: 12 May 2013
Posts: 6

PostPosted: Thu May 23, 2013 8:43    Post subject: Reply with quote
Hi,
Was heisst Routing Tabelle vom Client? Hab dir ja die Client Config schon geschickt. Mehr habe ich nicht.
Oder fehlt noch irgendwo eine Datei und wo müßte die hin?
Gruß
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17412
Location: Hesse/Germany

PostPosted: Tue Jun 04, 2013 16:19    Post subject: Reply with quote
ohne routign tablelle kann keiner sagen wohin die pakete gehen. so sieht alles soweit ok aus
_________________
GEGEN die EEG-UMLAGE auf EIGENVERBRAUCH!
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1332
Location: Germany

PostPosted: Fri Jun 07, 2013 9:49    Post subject: Reply with quote
ich tipp mal: auf NAT beim server nicht aktiviert ?
_________________
RT-N66U @ kongac Build 24200M K3.10.40
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC basierende Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum