Unable to connect to DD-WRT Router using OpenVPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
dnguyen411
DD-WRT Novice


Joined: 20 Jul 2014
Posts: 5
PostPosted: Sun Jul 20, 2014 3:18    Post subject: Unable to connect to DD-WRT Router using OpenVPN Reply with quote
I'm not having any luck connecting any devices from outside my network to my router running DD-WRT and setup for OpenVPN. I used this guide from YouTube to set it up: https://www.youtube.com/watch?v=cYZAXLg ... =5&list=WL

For the client side, I'm using an iPhone 4S running OpenVPN 1.0.4 build 140. Below is the log from the app after I try connecting to my router via the Verizon.

Quote:
2014-07-19 14:59:32 LZO-ASYM init swap=0 asym=0
2014-07-19 14:59:32 EVENT: RESOLVE
2014-07-19 14:59:32 Contacting 73.37.140.86:1194 via UDP
2014-07-19 14:59:32 EVENT: WAIT
2014-07-19 14:59:32 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 14:59:42 Server poll timeout, trying next remote entry...
2014-07-19 14:59:42 EVENT: RECONNECTING
2014-07-19 14:59:42 LZO-ASYM init swap=0 asym=0
2014-07-19 14:59:42 EVENT: RESOLVE
2014-07-19 14:59:42 Contacting 73.37.140.86:1194 via UDP
2014-07-19 14:59:42 EVENT: WAIT
2014-07-19 14:59:42 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 14:59:52 Server poll timeout, trying next remote entry...
2014-07-19 14:59:52 EVENT: RECONNECTING
2014-07-19 14:59:52 LZO-ASYM init swap=0 asym=0
2014-07-19 14:59:52 EVENT: RESOLVE
2014-07-19 14:59:52 Contacting 73.37.140.86:1194 via UDP
2014-07-19 14:59:52 EVENT: WAIT
2014-07-19 14:59:52 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 15:00:02 Server poll timeout, trying next remote entry...
2014-07-19 15:00:02 EVENT: RECONNECTING
2014-07-19 15:00:02 LZO-ASYM init swap=0 asym=0
2014-07-19 15:00:02 EVENT: RESOLVE
2014-07-19 15:00:02 Contacting 73.37.140.86:1194 via UDP
2014-07-19 15:00:02 EVENT: WAIT
2014-07-19 15:00:02 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 15:00:12 Server poll timeout, trying next remote entry...
2014-07-19 15:00:12 EVENT: RECONNECTING
2014-07-19 15:00:12 LZO-ASYM init swap=0 asym=0
2014-07-19 15:00:12 EVENT: RESOLVE
2014-07-19 15:00:12 Contacting 73.37.140.86:1194 via UDP
2014-07-19 15:00:12 EVENT: WAIT
2014-07-19 15:00:12 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 15:00:22 Server poll timeout, trying next remote entry...
2014-07-19 15:00:22 EVENT: RECONNECTING
2014-07-19 15:00:22 LZO-ASYM init swap=0 asym=0
2014-07-19 15:00:22 EVENT: RESOLVE
2014-07-19 15:00:22 Contacting 73.37.140.86:1194 via UDP
2014-07-19 15:00:22 EVENT: WAIT
2014-07-19 15:00:22 Connecting to dnguyen411.ddns.net:1194 (73.37.140.86) via UDPv4
2014-07-19 15:00:32 EVENT: CONNECTION_TIMEOUT [ERR]
2014-07-19 15:00:32 EVENT: DISCONNECTED
2014-07-19 15:00:32 Raw stats on disconnect:
BYTES_OUT : 420
PACKETS_OUT : 30
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2014-07-19 15:00:32 Performance stats on disconnect:
CPU usage (microseconds): 83346
Network bytes per CPU second: 5039
Tunnel bytes per CPU second: 0
2014-07-19 15:00:32 ----- OpenVPN Stop -----
2014-07-19 15:00:32 EVENT: DISCONNECT_PENDING


Here's the log from the server:

Quote:
20140719 14:59:33 174.238.101.73:5329 TLS: Initial packet from [AF_INET]174.238.101.73:5329 sid=76276d55 ab37c6a2
20140719 14:59:43 174.238.101.73:5312 TLS: Initial packet from [AF_INET]174.238.101.73:5312 sid=d293101c 82e52791
20140719 14:59:53 174.238.101.73:5313 TLS: Initial packet from [AF_INET]174.238.101.73:5313 sid=c9ab49ac dabd1af4
20140719 15:00:03 174.238.101.73:5318 NOTE: --mute triggered...
20140719 15:00:34 174.238.101.73:5329 3 variation(s) on previous 3 message(s) suppressed by --mute
20140719 15:00:34 N 174.238.101.73:5329 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:00:34 N 174.238.101.73:5329 TLS Error: TLS handshake failed
20140719 15:00:34 174.238.101.73:5329 SIGUSR1[soft tls-error] received client-instance restarting
20140719 15:00:43 N 174.238.101.73:5312 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:00:43 N 174.238.101.73:5312 TLS Error: TLS handshake failed
20140719 15:00:43 174.238.101.73:5312 SIGUSR1[soft tls-error] received client-instance restarting
20140719 15:00:53 N 174.238.101.73:5313 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:00:53 N 174.238.101.73:5313 TLS Error: TLS handshake failed
20140719 15:00:53 174.238.101.73:5313 SIGUSR1[soft tls-error] received client-instance restarting
20140719 15:01:04 N 174.238.101.73:5318 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:01:04 N 174.238.101.73:5318 TLS Error: TLS handshake failed
20140719 15:01:04 174.238.101.73:5318 SIGUSR1[soft tls-error] received client-instance restarting
20140719 15:01:13 N 174.238.101.73:5339 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:01:13 N 174.238.101.73:5339 TLS Error: TLS handshake failed
20140719 15:01:13 174.238.101.73:5339 SIGUSR1[soft tls-error] received client-instance restarting
20140719 15:01:23 N 174.238.101.73:5340 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20140719 15:01:23 N 174.238.101.73:5340 TLS Error: TLS handshake failed
20140719 15:01:23 174.238.101.73:5340 SIGUSR1[soft tls-error] received client-instance restarting


I did a UDP port scan of port 1194 and the scanner found it was open so I think I can rule out that my router firewall is blocking the request. I've attached screenshots of my router's settings (See Attachments)

Here are my Firewall Settings in the Commands tab:

Quote:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT

iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -o br0 -j ACCEPT


Here is my client's ovpn file:

Quote:
client
dev tun
proto udp
remote dnguyen411.ddns.net 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert davisiphone.crt
key davisiphone.key
ns-cert-type server
comp-lzo
verb 3


Can anybody help me figure out why I can't get a connection? Thanks in advance...
Back to top View user's profile Send private message
Sponsor
dnguyen411
DD-WRT Novice


Joined: 20 Jul 2014
Posts: 5
PostPosted: Mon Jul 21, 2014 1:33    Post subject: Reply with quote
According to this link http://www.dd-wrt.com/wiki/index.php/OpenVPN#Troubleshooting, this is my server ovpn file:

Quote:
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
writepid /var/run/openvpnd.pid
management 127.0.0.1 5002
management-log-cache 50
mtu-disc yes
topology subnet
client-config-dir /tmp/openvpn/ccd
script-security 2
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
fast-io
passtos
Back to top View user's profile Send private message
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany
PostPosted: Sun Jul 27, 2014 8:40    Post subject: Reply with quote
why port forwaring

wiki: openvpn
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Back to top View user's profile Send private message
dnguyen411
DD-WRT Novice


Joined: 20 Jul 2014
Posts: 5
PostPosted: Sun Jul 27, 2014 11:42    Post subject: Reply with quote
Sash wrote:
why port forwaring

wiki: openvpn


I don't understand what you mean. For the outside world to see the openvpn, according to every instruction I read, you need to forward UDP 1194 to your server. In my case, my server is my router.
Back to top View user's profile Send private message
dnguyen411
DD-WRT Novice


Joined: 20 Jul 2014
Posts: 5
PostPosted: Tue Jul 29, 2014 12:09    Post subject: Reply with quote
After several days of tinkering, I've determined that the problem is with my router firewall setting. I opened the DMZ for my router and used my iphone's openvpn client software to connect. No problems when the DMZ is activated for my router's IP (192.168.54.1).

Here is my current IPTables:

Quote:
iptables -I INPUT 1 -p tcp --dport 443 -j logaccept
iptables -I FORWARD 1 --source 10.8.0.0/24 -j logaccept
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun2 -j logaccept
iptables -I FORWARD -i tun2 -o br0 -j logaccept
iptables -t nat -I POSTROUTING -o tun2 -j MASQUERADE


And here is the output from running:
Quote:
iptables -t nat -vnL PREROUTING
iptables -vnL FORWARD


Quote:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 logaccept 0 -- tun2 br0 0.0.0.0/0 0.0.0.0/0
0 0 logaccept 0 -- br0 tun2 0.0.0.0/0 0.0.0.0/0
0 0 logaccept 0 -- * * 10.8.0.0/24 0.0.0.0/0
0 0 ACCEPT 47 -- * vlan2 192.168.54.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan2 192.168.54.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * tun2 0.0.0.0/0 0.0.0.0/0
246K 96M lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
185K 89M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1343 68484 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.54.100 tcp dpt:54232
13077 1524K ACCEPT udp -- * * 0.0.0.0/0 192.168.54.100 udp dpt:54232
1 44 ACCEPT tcp -- * * 0.0.0.0/0 192.168.54.101 tcp dpt:61391
45704 5479K ACCEPT udp -- * * 0.0.0.0/0 192.168.54.101 udp dpt:61391
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.54.1 udp dpt:1194
833 41396 ACCEPT tcp -- * * 0.0.0.0/0 192.168.54.100 tcp dpts:5800:5900
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.54.100 udp dpts:5800:5900
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
1175 90115 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
1162 89451 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
13 664 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0


Any ideas why my router is not letting OpenVPN traffic correctly?
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway
PostPosted: Sat Aug 02, 2014 6:08    Post subject: Reply with quote
When OpenVPN is started, port 1194 will be opened. The forward is only necessary when OpenVPN is running on another router.
Back to top View user's profile Send private message
dnguyen411
DD-WRT Novice


Joined: 20 Jul 2014
Posts: 5
PostPosted: Wed Aug 06, 2014 3:01    Post subject: Reply with quote
I "downgraded" my dd-wrt firmware to Build 18946. Still didn't work.

Then I went ahead and removed Port Forwarding of UDP 1194 to my router. That worked Very Happy Very Happy
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum