[js1662]

I need help on setting up openvpn client on my F5D8235-4 v2 running dd-wrt r25648.

The F5D8235-4 is connected to a modem router. I am using the dd-wrt GUI to enable openvpn client and I have entered the various cert and keys but it doesn't seem to work. The cert and keys works on PC without problem.

I ssh to F5D8235-4 and run route and there is no tun at all. I have already rebooted the router.

I have the ovpn file. When I run openvpn --config xxx.ovpn it get an error as follows:

Tue Dec 23 23:34:28 2014 OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 15 2014
Tue Dec 23 23:34:28 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Enter Private Key Password:
Tue Dec 23 23:34:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 23 23:34:33 2014 Control Channel Authentication: tls-auth using INLINE static key file
Tue Dec 23 23:34:33 2014 UDPv4 link local: [undef]
Tue Dec 23 23:34:33 2014 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Dec 23 23:34:36 2014 [Server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Tue Dec 23 23:34:39 2014 TUN/TAP device tun1 opened
Tue Dec 23 23:34:39 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 23 23:34:39 2014 /sbin/ifconfig tun1 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Dec 23 23:34:39 2014 ERROR: Linux route add command failed: external program exited with error status: 255
Tue Dec 23 23:34:39 2014 Initialization Sequence Completed

Your help is most appreciated!


The server is on a Raspberry Pi setup as per this guide: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing

[js1662]

Here is my openvpn client GUI setup for your reference:

[js1662]

I got some progress but still far from successful. I disable VPN on GUI and ssh to the router. I mount -o bind the /jffs on the usb drive to /jffs. I placed the ovpn file on openvpncl on /jffs and then run

openvpn --config /jffs/openvpncl/client.ovpn --daemon

It seems that I can connect to the vpn server and get tun0 and vlan2. Below is what I get with route and ifconfig:

root@F5D8235:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.0.9 128.0.0.0 UG 0 0 0 tun0
default 192.168.68.254 0.0.0.0 UG 0 0 0 vlan2
10.8.0.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 * 255.255.255.255 UH 0 0 0 tun0
??.??.??.?? 192.168.68.254 255.255.255.255 UGH 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.8.0.9 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.2.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.68.0 * 255.255.255.0 U 0 0 0 vlan2
root@F5D8235:~# ifconfig
br0 Link encap:Ethernet HWaddr ??:??:??:??:??:3C
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2202 errors:0 dropped:426 overruns:0 frame:0
TX packets:450 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:235904 (230.3 KiB) TX bytes:62463 (60.9 KiB)

br0:0 Link encap:Ethernet HWaddr ??:??:??:??:??:3C
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth2 Link encap:Ethernet HWaddr 94:44:52:40:CF:3C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2896 errors:0 dropped:1 overruns:0 frame:0
TX packets:1756 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:390328 (381.1 KiB) TX bytes:251463 (245.5 KiB)
Interrupt:5

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1229 (1.2 KiB) TX bytes:1229 (1.2 KiB)

ra0 Link encap:Ethernet HWaddr ??:??:??:??:??:3C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18449 errors:0 dropped:0 overruns:0 frame:0
TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3018949 (2.8 MiB) TX bytes:0 (0.0 B)
Interrupt:6

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1076 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:54511 (53.2 KiB)

vlan1 Link encap:Ethernet HWaddr ??:??:??:??:??:3C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2219 errors:0 dropped:16 overruns:0 frame:0
TX packets:450 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:237430 (231.8 KiB) TX bytes:62463 (60.9 KiB)

vlan2 Link encap:Ethernet HWaddr ??:??:??:??:??:3D
inet addr:192.168.68.76 Bcast:192.168.68.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:676 errors:0 dropped:68 overruns:0 frame:0
TX packets:1306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100698 (98.3 KiB) TX bytes:180144 (175.9 KiB)

root@F5D8235:~#


However, my pc which connects to the F5D8235 can't access the internet anymore.

[js1662]

Thank you so much for your comment! With GUI setup, the openvpn.conf is as follows:

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
tls-auth /tmp/openvpncl/ta.key 1
management 127.0.0.1 16
management-log-cache 100
verb 1
mute 20
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp
ns-cert-type server
key-direction 1
cipher aes-128-cbc
auth none
remote myddns.com 1194
comp-lzo yes
tun-mtu 1500
mtu-disc yes
fast-io
tun-ipv6
auth-nocache
askpass /jffs/openvpncl/Client.pass

Looking at Openvpn status on GUI, I saw the following warning:

W ******* WARNING *******: null MAC specified no authentication will be used

Actually, I think with command line setup, I could see tun0 HWaddr is also with all zeros.

[js1662]

It seems like the problem is related to my dd-wrt with my F5D8235-4 v2. I bought a Netgear WNR3500L v2 today and flashed it with Tomato Shibby and I have no problem setting up openvpn client on it. Apparently the problem is related to the Null Mac address which I have no idea what is wrong at this moment.

Unfortunately WNR3500L v2 is not supported by dd-wrt so I can not use dd-wrt on it.

By the way, I am not giving up on my F5D8235-4 as yet.

[js1662]

Comparing WNR3500L-v2 and F5D8235-4 v2, I found that WNR3500L v2 use 3 different MAC for WAN, LAN and wireless. However, F5D8235-4 v2 use only 2 different MAC, one for WAN and one for both LAN and wireless. Not sure if it has anything to do with the Null MAC problem.

[js1662]

The warning said that no authentication will be used hence the tunnel was not started and client status is waiting.

Another strange thing I found is that there is a br0:0 with inet address of 169.254.255.1. Is that normal? The WNR3500 doesn't have that.

[js1662]

Although I still have not figure out how to setup openvpn client using the GUI, I found a workaround by ssh to the router and run .ovpn file directly. See my post on this thread for more details: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=285404