DD-WRT :: View topic - OpenVPN server not working

OpenVPN server not working

DD-WRT Forum Index -> Advanced Networking

View previous topic :: View next topic

Author

Message

rubenhak
DD-WRT Novice

Joined: 17 Mar 2011
Posts: 12

Posted: Sun Jul 20, 2014 20:11 Post subject: OpenVPN server not working

Hi Everybody,

I'm relatively new to configuring VPN. Sorry in advance if i ask something stupid. I'm trying to setup OpenVPN on DD-WRT.

Main internet connected router is Cisco E4200v2. Running stock firmware. IP: 192.168.0.1. This one has DHCP turned on.
Second router is Netgear WNDR3700 v2. IP: 192.168.0.2. Running DD-WRT v24-sp2 (03/25/13) std - build 21061. Acts as Wifi repeater. DHCP is turned off.

Trying to enable OpenVPN on secondary dd-wrt router.

Used OpenVPN 2.3.4 x64 windows version to generate certificates, keys and as a client.

Here is my config:

OpenVPN Server/Daemon
OpenVPN: Enable
Start Type: WAN Up
Config: Daemon
CA Cert, Public Server Cert, Private Server Key, DH PEM: are set including ---BEGIN/END lines
Additional Config:

Code:

push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
server 10.8.0.0 255.255.255.0

dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Firewall Script:

Code:

iptables -I INPUT 1 -dport 1194 -j ACCEPT
iptables -I FORWARD 1 -source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Client config:

Code:

remote MY-PUBLIC-DNS 1194

client
remote-cert-tls server
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float

route-delay 30

ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4

ca "c:\\...\\ca.crt"
cert "c:\\...\\WorkLaptop.crt"
key "c:\\..\\WorkLaptop.key"

Looks like the connection is immediately getting reset. Here are the logs from the client side:

Code:

Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_protected_authentication = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_private_mode = 00000000
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_cert_private = DISABLED
Sun Jul 20 13:41:34 2014 pkcs11_pin_cache_period = -1
Sun Jul 20 13:41:34 2014 pkcs11_id = '[UNDEF]'
Sun Jul 20 13:41:34 2014 pkcs11_id_management = DISABLED
Sun Jul 20 13:41:34 2014 server_network = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_network_ipv6 = ::
Sun Jul 20 13:41:34 2014 server_netbits_ipv6 = 0
Sun Jul 20 13:41:34 2014 server_bridge_ip = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_pool_start = 0.0.0.0
Sun Jul 20 13:41:34 2014 server_bridge_pool_end = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_defined = DISABLED
Sun Jul 20 13:41:34 2014 ifconfig_pool_start = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_end = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Jul 20 13:41:34 2014 ifconfig_pool_persist_refresh_freq = 600
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_defined = DISABLED
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_base = ::
Sun Jul 20 13:41:34 2014 ifconfig_ipv6_pool_netbits = 0
Sun Jul 20 13:41:34 2014 n_bcast_buf = 256
Sun Jul 20 13:41:34 2014 tcp_queue_limit = 64
Sun Jul 20 13:41:34 2014 real_hash_size = 256
Sun Jul 20 13:41:34 2014 virtual_hash_size = 256
Sun Jul 20 13:41:34 2014 client_connect_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 learn_address_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 client_disconnect_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 client_config_dir = '[UNDEF]'
Sun Jul 20 13:41:34 2014 ccd_exclusive = DISABLED
Sun Jul 20 13:41:34 2014 tmp_dir = 'C:\Users\admin\AppData\Local\Temp\'
Sun Jul 20 13:41:34 2014 push_ifconfig_defined = DISABLED
Sun Jul 20 13:41:34 2014 push_ifconfig_local = 0.0.0.0
Sun Jul 20 13:41:34 2014 push_ifconfig_remote_netmask = 0.0.0.0
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_defined = DISABLED
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_local = ::/0
Sun Jul 20 13:41:34 2014 push_ifconfig_ipv6_remote = ::
Sun Jul 20 13:41:34 2014 enable_c2c = DISABLED
Sun Jul 20 13:41:34 2014 duplicate_cn = DISABLED
Sun Jul 20 13:41:34 2014 cf_max = 0
Sun Jul 20 13:41:34 2014 cf_per = 0
Sun Jul 20 13:41:34 2014 max_clients = 1024
Sun Jul 20 13:41:34 2014 max_routes_per_client = 256
Sun Jul 20 13:41:34 2014 auth_user_pass_verify_script = '[UNDEF]'
Sun Jul 20 13:41:34 2014 auth_user_pass_verify_script_via_file = DISABLED
Sun Jul 20 13:41:34 2014 client = ENABLED
Sun Jul 20 13:41:34 2014 pull = ENABLED
Sun Jul 20 13:41:34 2014 auth_user_pass_file = '[UNDEF]'
Sun Jul 20 13:41:34 2014 show_net_up = DISABLED
Sun Jul 20 13:41:34 2014 route_method = 0
Sun Jul 20 13:41:34 2014 ip_win32_defined = DISABLED
Sun Jul 20 13:41:34 2014 ip_win32_type = 3
Sun Jul 20 13:41:34 2014 dhcp_masq_offset = 0
Sun Jul 20 13:41:34 2014 dhcp_lease_time = 31536000
Sun Jul 20 13:41:34 2014 tap_sleep = 0
Sun Jul 20 13:41:34 2014 dhcp_options = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_renew = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_pre_release = DISABLED
Sun Jul 20 13:41:34 2014 dhcp_release = DISABLED
Sun Jul 20 13:41:34 2014 domain = '[UNDEF]'
Sun Jul 20 13:41:34 2014 netbios_scope = '[UNDEF]'
Sun Jul 20 13:41:34 2014 netbios_node_type = 0
Sun Jul 20 13:41:34 2014 disable_nbt = DISABLED
Sun Jul 20 13:41:34 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Sun Jul 20 13:41:34 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Sun Jul 20 13:41:34 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 20 13:41:34 2014 Need hold release from management interface, waiting...
Sun Jul 20 13:41:34 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'state on'
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'log all on'
Sun Jul 20 13:41:34 2014 MANAGEMENT: CMD 'hold off'
Sun Jul 20 13:41:35 2014 MANAGEMENT: CMD 'hold release'
Sun Jul 20 13:41:35 2014 LZO compression initialized
Sun Jul 20 13:41:35 2014 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Jul 20 13:41:35 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,RESOLVE,,,
Sun Jul 20 13:41:35 2014 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jul 20 13:41:35 2014 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jul 20 13:41:35 2014 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jul 20 13:41:35 2014 Local Options hash (VER=V4): 'bc07730e'
Sun Jul 20 13:41:35 2014 Expected Remote Options hash (VER=V4): 'b695cb4a'
Sun Jul 20 13:41:35 2014 Attempting to establish TCP connection with [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,TCP_CONNECT,,,
Sun Jul 20 13:41:35 2014 TCP connection established with [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 TCPv4_CLIENT link local: [undef]
Sun Jul 20 13:41:35 2014 TCPv4_CLIENT link remote: [AF_INET]MY-IP-ADDRESS:1194
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,WAIT,,,
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,AUTH,,,
Sun Jul 20 13:41:35 2014 TLS: Initial packet from [AF_INET]MY-IP-ADDRESS:1194, sid=960149d1 f8b4960f
Sun Jul 20 13:41:35 2014 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, ...
Sun Jul 20 13:41:35 2014 VERIFY OK: nsCertType=SERVER
Sun Jul 20 13:41:35 2014 Validating certificate key usage
Sun Jul 20 13:41:35 2014 ++ Certificate has key usage 00a0, expects 00a0
Sun Jul 20 13:41:35 2014 VERIFY KU OK
Sun Jul 20 13:41:35 2014 Validating certificate extended key usage
Sun Jul 20 13:41:35 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jul 20 13:41:35 2014 VERIFY EKU OK
Sun Jul 20 13:41:35 2014 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, ......
Sun Jul 20 13:41:35 2014 Connection reset, restarting [-1]
Sun Jul 20 13:41:35 2014 TCP/UDP: Closing socket
Sun Jul 20 13:41:35 2014 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jul 20 13:41:35 2014 MANAGEMENT: >STATE:1405888895,RECONNECTING,connection-reset,,
Sun Jul 20 13:41:35 2014 Restart pause, 5 second(s)

Can someone please help to fix this?
How can i see at least logs on DD-WRT to diagnose this issue?

Thanks,
Ruben

Sponsor

Sash
DD-WRT Guru

Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

Posted: Sun Jul 27, 2014 11:59 Post subject:
i guess its a cert problem anyway read wiki: openvpn _________________ Forum Guidelines...How to get help & Forum Rules & RTFM/STFW & Throw some buzzwords into the WIKI search _________________ I'm NOT rude, just offer pure facts! _________________ Atheros (TP-Link & Clones, etc ) debrick service in EU _________________ Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!

rubenhak
DD-WRT Novice

Joined: 17 Mar 2011
Posts: 12

Posted: Sun Jul 27, 2014 21:51 Post subject:

Sash wrote:

i guess its a cert problem

anyway read wiki: openvpn

cert and keys are fine since I'm using them on windows openvpn server and everything is working fine. But I'd want to run the openvpn on the ddwrt instead of running on windows pc.

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

OpenVPN server not working

Quick Links

Log in