rubenhak DD-WRT Novice
Joined: 17 Mar 2011 Posts: 12
|
Posted: Sun Jul 20, 2014 20:11 Post subject: OpenVPN server not working |
|
Hi Everybody,
I'm relatively new to configuring VPN. Sorry in advance if i ask something stupid. I'm trying to setup OpenVPN on DD-WRT.
Main internet connected router is Cisco E4200v2. Running stock firmware. IP: 192.168.0.1. This one has DHCP turned on.
Second router is Netgear WNDR3700 v2. IP: 192.168.0.2. Running DD-WRT v24-sp2 (03/25/13) std - build 21061. Acts as Wifi repeater. DHCP is turned off.
Trying to enable OpenVPN on secondary dd-wrt router.
Used OpenVPN 2.3.4 x64 windows version to generate certificates, keys and as a client.
Here is my config:
OpenVPN Server/Daemon
OpenVPN: Enable
Start Type: WAN Up
Config: Daemon
CA Cert, Public Server Cert, Private Server Key, DH PEM: are set including ---BEGIN/END lines
Additional Config:
Code: |
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
server 10.8.0.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
|
Firewall Script:
Code: |
iptables -I INPUT 1 -dport 1194 -j ACCEPT
iptables -I FORWARD 1 -source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
|
Client config:
Code: |
remote MY-PUBLIC-DNS 1194
client
remote-cert-tls server
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float
route-delay 30
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
ca "c:\\...\\ca.crt"
cert "c:\\...\\WorkLaptop.crt"
key "c:\\..\\WorkLaptop.key"
|
Looks like the connection is immediately getting reset. Here are the logs from the client side:
Code: |
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_pin_cache_period = -1
Sun Jul 20 13:41:34 2014 pkcs11_id = '[UNDEF]'
Sun Jul 20 13:41:34 2014 pkcs11_id_management = DISABLED
Sun Jul 20 13:41:34 2014 server_network = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_network_ipv6 = ::
Sun Jul 20 13:41:34 2014 server_netbits_ipv6 = 0
Sun Jul 20 13:41:34 2014 server_bridge_ip = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_pool_start = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_pool_end = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_defined = DISABLED
Sun Jul 20 13:41:34 2014 ifconfig_pool_start = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_end = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Jul 20 13:41:34 2014 ifconfig_pool_persist_refresh_freq = 600
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_defined = DISABLED
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_base = ::
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_netbits = 0
Sun Jul 20 13:41:34 2014 n_bcast_buf = 256
Sun Jul 20 13:41:34 2014 tcp_queue_limit = 64
Sun Jul 20 13:41:34 2014 real_hash_size = 256
Sun Jul 20 13:41:34 2014 virtual_hash_size = 256
Sun Jul 20 13:41:34 2014 client_connect_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 learn_address_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 client_disconnect_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 client_config_dir = '[UNDEF]'
Sun Jul 20 13:41:34 2014 ccd_exclusive = DISABLED
Sun Jul 20 13:41:34 2014 tmp_dir = 'C:\Users\admin\AppData\Local\Temp\'
Sun Jul 20 13:41:34 2014 push_ifconfig_defined = DISABLED
Sun Jul 20 13:41:34 2014 push_ifconfig_local = 0.0.0.0
Sun Jul 20 13:41:34 2014 push_ifconfig_remote_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_defined = DISABLED
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_local = ::/0
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_remote = ::
Sun Jul 20 13:41:34 2014 enable_c2c = DISABLED
Sun Jul 20 13:41:34 2014 duplicate_cn = DISABLED
Sun Jul 20 13:41:34 2014 cf_max = 0
Sun Jul 20 13:41:34 2014 cf_per = 0
Sun Jul 20 13:41:34 2014 max_clients = 1024
Sun Jul 20 13:41:34 2014 max_routes_per_client = 256
Sun Jul 20 13:41:34 2014 auth_user_pass_verify_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 auth_user_pass_verify_script_via_file = DISABLED
Sun Jul 20 13:41:34 2014 client = ENABLED
Sun Jul 20 13:41:34 2014 pull = ENABLED
Sun Jul 20 13:41:34 2014 auth_user_pass_file = '[UNDEF]'
Sun Jul 20 13:41:34 2014 show_net_up = DISABLED
Sun Jul 20 13:41:34 2014 route_method = 0
Sun Jul 20 13:41:34 2014 ip_win32_defined = DISABLED
Sun Jul 20 13:41:34 2014 ip_win32_type = 3
Sun Jul 20 13:41:34 2014 dhcp_masq_offset = 0
Sun Jul 20 13:41:34 2014 dhcp_lease_time = 31536000
Sun Jul 20 13:41:34 2014 tap_sleep = 0
Sun Jul 20 13:41:34 2014 dhcp_options = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_renew = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_pre_release = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_release = DISABLED
Sun Jul 20 13:41:34 2014 domain = '[UNDEF]'
Sun Jul 20 13:41:34 2014 netbios_scope = '[UNDEF]'
Sun Jul 20 13:41:34 2014 netbios_node_type = 0
Sun Jul 20 13:41:34 2014 disable_nbt = DISABLED
Sun Jul 20 13:41:34 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Sun Jul 20 13:41:34 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Sun Jul 20 13:41:34 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 20 13:41:34 2014 Need hold release from management interface, waiting...
Sun Jul 20 13:41:34 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'state on'
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'log all on'
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'hold off'
Sun Jul 20 13:41:35 2014 MANAGEMENT: CMD 'hold release'
Sun Jul 20 13:41:35 2014 LZO compression initialized
Sun Jul 20 13:41:35 2014 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Jul 20 13:41:35 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,RESOLVE,,,
Sun Jul 20 13:41:35 2014 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jul 20 13:41:35 2014 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jul 20 13:41:35 2014 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jul 20 13:41:35 2014 Local Options hash (VER=V4): 'bc07730e'
Sun Jul 20 13:41:35 2014 Expected Remote Options hash (VER=V4): 'b695cb4a'
Sun Jul 20 13:41:35 2014 Attempting to establish TCP connection with [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,TCP_CONNECT,,,
Sun Jul 20 13:41:35 2014 TCP connection established with [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 TCPv4_CLIENT link local: [undef]
Sun Jul 20 13:41:35 2014 TCPv4_CLIENT link remote: [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,WAIT,,,
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,AUTH,,,
Sun Jul 20 13:41:35 2014 TLS: Initial packet from [AF_INET]MY-IP-ADDRESS:1194, sid=960149d1 f8b4960f
Sun Jul 20 13:41:35 2014 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, ...
Sun Jul 20 13:41:35 2014 VERIFY OK: nsCertType=SERVER
Sun Jul 20 13:41:35 2014 Validating certificate key usage
Sun Jul 20 13:41:35 2014 ++ Certificate has key usage 00a0, expects 00a0
Sun Jul 20 13:41:35 2014 VERIFY KU OK
Sun Jul 20 13:41:35 2014 Validating certificate extended key usage
Sun Jul 20 13:41:35 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jul 20 13:41:35 2014 VERIFY EKU OK
Sun Jul 20 13:41:35 2014 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, ......
Sun Jul 20 13:41:35 2014 Connection reset, restarting [-1]
Sun Jul 20 13:41:35 2014 TCP/UDP: Closing socket
Sun Jul 20 13:41:35 2014 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,RECONNECTING,connection-reset,,
Sun Jul 20 13:41:35 2014 Restart pause, 5 second(s)
|
Can someone please help to fix this?
How can i see at least logs on DD-WRT to diagnose this issue?
Thanks,
Ruben |
|