However, I got it working after all, but it's not smooth and lock me up with an active putty.
I can see the PUSH_REPLY with DHCP option is different on the success try than the failure as you said before.
I had rebooted my router dozens of times over the last few months and yesterday was the first time I ran into the bad DHCP line. I think they have some misconfiguration on some servers. I think I'll send an e-mail to support.
Quote:
Could we somehow add into the code that it retry to connect until it gets this proper reply on this dhcp-option, or some better ideas?
It should be fairly straightforward to parse the output of the call to openvpn in the subshell and retry from within the script. This would be a good addition as you say to get the connection up the first time. The script, is not however designed to monitor (it exits).
Quote:
Or trigger on when process is dead start it?
This is harder since what is needed here is a keepalive process monitor. I'm not sure if ddwrt has such a facility currently. Actually I'm not sure the openvpn process even dies when the connection dies (I've never bothered to check), so it could be harder still. This is arguably much more valuable, since the connection does go down occasionally and nothing is there to restart it. This leaves you open to establishing connections that are not in the VPN (something most people want to avoid). I get around that problem by using MAC based access restrictions on the traffic from this secondary router that is behind my main router (allowing only VPN traffic out from the VPN router's MAC), but I still have to restart the VPN router to get the tunnel back up and working.
Hi, now there is now longer any issues to connect to the VPN, but as fast OpenVPN is established with the server I cant browse the web anymore, so now it seems to be a problem with my routing table and I don't know howto tweak it to get fixed.
Just to be clear i've got these lines in my firewall config.
This is from my log.txt file with an successful connection to server:
Code:
Sun May 27 13:04:08 2012 us=57669 [server] Peer Connection Initiated with 178.73.212.230:1194
Sun May 27 13:04:10 2012 us=542056 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun May 27 13:04:10 2012 us=554597 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route 10.99.0.1,topology net30,ping 10,ping-restart 160,ifconfig 10.99.0.162 10.99.0.161'
Sun May 27 13:04:10 2012 us=555081 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 27 13:04:10 2012 us=555162 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 27 13:04:10 2012 us=555212 OPTIONS IMPORT: route options modified
Sun May 27 13:04:10 2012 us=555263 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 27 13:04:10 2012 us=556822 TUN/TAP device tun0 opened
Sun May 27 13:04:10 2012 us=556965 TUN/TAP TX queue length set to 100
Sun May 27 13:04:10 2012 us=557187 /sbin/ifconfig tun0 10.99.0.162 pointopoint 10.99.0.161 mtu 1500
Sun May 27 13:04:10 2012 us=563435 /sbin/route add -net 178.73.212.230 netmask 255.255.255.255 gw 46.59.34.1
Sun May 27 13:04:10 2012 us=571427 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=582158 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=586253 /sbin/route add -net 10.99.0.1 netmask 255.255.255.255 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=589627 Initialization Sequence Completed
And here is an print from my routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
default gw7.a236.priv.b 0.0.0.0 UG 0 0 0 eth1
10.99.0.1 10.99.0.161 255.255.255.255 UGH 0 0 0 tun0
10.99.0.161 * 255.255.255.255 UH 0 0 0 tun0
46.59.34.0 * 255.255.254.0 U 0 0 0 eth1
46.59.34.1 * 255.255.255.255 UH 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
178.73.212.230 gw7.a236.priv.b 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
Hi, now there is now longer any issues to connect to the VPN, but as fast OpenVPN is established with the server I cant browse the web anymore, so now it seems to be a problem with my routing table and I don't know howto tweak it to get fixed.
Just to be clear i've got these lines in my firewall config.
Code:
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT
iptables -I INPUT -i tap0 -j REJECT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
This is from my log.txt file with an successful connection to server:
Code:
Sun May 27 13:04:08 2012 us=57669 [server] Peer Connection Initiated with 178.73.212.230:1194
Sun May 27 13:04:10 2012 us=542056 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun May 27 13:04:10 2012 us=554597 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route 10.99.0.1,topology net30,ping 10,ping-restart 160,ifconfig 10.99.0.162 10.99.0.161'
Sun May 27 13:04:10 2012 us=555081 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 27 13:04:10 2012 us=555162 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 27 13:04:10 2012 us=555212 OPTIONS IMPORT: route options modified
Sun May 27 13:04:10 2012 us=555263 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 27 13:04:10 2012 us=556822 TUN/TAP device tun0 opened
Sun May 27 13:04:10 2012 us=556965 TUN/TAP TX queue length set to 100
Sun May 27 13:04:10 2012 us=557187 /sbin/ifconfig tun0 10.99.0.162 pointopoint 10.99.0.161 mtu 1500
Sun May 27 13:04:10 2012 us=563435 /sbin/route add -net 178.73.212.230 netmask 255.255.255.255 gw 46.59.34.1
Sun May 27 13:04:10 2012 us=571427 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=582158 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=586253 /sbin/route add -net 10.99.0.1 netmask 255.255.255.255 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=589627 Initialization Sequence Completed
And here is an print from my routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
default gw7.a236.priv.b 0.0.0.0 UG 0 0 0 eth1
10.99.0.1 10.99.0.161 255.255.255.255 UGH 0 0 0 tun0
10.99.0.161 * 255.255.255.255 UH 0 0 0 tun0
46.59.34.0 * 255.255.254.0 U 0 0 0 eth1
46.59.34.1 * 255.255.255.255 UH 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
178.73.212.230 gw7.a236.priv.b 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
May someone see what my issue are?
Full regards.
Having the same issue as above. I am able to connect to vpntunnel.se using my USER/PASS/CERT and going to a slightly different server than the script:
Code:
#!/bin/sh
USERNAME="YOUR_USERNAME"
PASSWORD="YOUR_PASSWORD" # Your USER_PASSWORD
PROTOCOL="udp" # udp / tcp MUST BE lower case
VPN_CONFIG="script-security 2
client
float
dev tap
proto $PROTOCOL
nobind
tls-client
ca /tmp/vpntunnelse/ca.crt
ns-cert-type server
push \"dhcp-option DNS 80.67.0.2\"
push \"dhcp-option DNS 91.213.246.2\"
auth-user-pass /tmp/vpntunnelse/userpass.conf
remote-random
$REMOTE_SERVERS
persist-key
persist-tun
comp-lzo
verb 3
log /tmp/vpntunnelse/log.txt"
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]
then
nvram set openvpncl_enable=0
nvram commit
fi
Hi, now there is now longer any issues to connect to the VPN, but as fast OpenVPN is established with the server I cant browse the web anymore, so now it seems to be a problem with my routing table and I don't know howto tweak it to get fixed.
Just to be clear i've got these lines in my firewall config.
Code:
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT
iptables -I INPUT -i tap0 -j REJECT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
This is from my log.txt file with an successful connection to server:
Code:
Sun May 27 13:04:08 2012 us=57669 [server] Peer Connection Initiated with 178.73.212.230:1194
Sun May 27 13:04:10 2012 us=542056 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun May 27 13:04:10 2012 us=554597 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route 10.99.0.1,topology net30,ping 10,ping-restart 160,ifconfig 10.99.0.162 10.99.0.161'
Sun May 27 13:04:10 2012 us=555081 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 27 13:04:10 2012 us=555162 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 27 13:04:10 2012 us=555212 OPTIONS IMPORT: route options modified
Sun May 27 13:04:10 2012 us=555263 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 27 13:04:10 2012 us=556822 TUN/TAP device tun0 opened
Sun May 27 13:04:10 2012 us=556965 TUN/TAP TX queue length set to 100
Sun May 27 13:04:10 2012 us=557187 /sbin/ifconfig tun0 10.99.0.162 pointopoint 10.99.0.161 mtu 1500
Sun May 27 13:04:10 2012 us=563435 /sbin/route add -net 178.73.212.230 netmask 255.255.255.255 gw 46.59.34.1
Sun May 27 13:04:10 2012 us=571427 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=582158 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=586253 /sbin/route add -net 10.99.0.1 netmask 255.255.255.255 gw 10.99.0.161
Sun May 27 13:04:10 2012 us=589627 Initialization Sequence Completed
And here is an print from my routing table:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
default gw7.a236.priv.b 0.0.0.0 UG 0 0 0 eth1
10.99.0.1 10.99.0.161 255.255.255.255 UGH 0 0 0 tun0
10.99.0.161 * 255.255.255.255 UH 0 0 0 tun0
46.59.34.0 * 255.255.254.0 U 0 0 0 eth1
46.59.34.1 * 255.255.255.255 UH 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.99.0.161 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
178.73.212.230 gw7.a236.priv.b 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
May someone see what my issue are?
Full regards.
Having the same issue as above. I am able to connect to vpntunnel.se using my USER/PASS/CERT and going to a slightly different server than the script:
Code:
#!/bin/sh
USERNAME="YOUR_USERNAME"
PASSWORD="YOUR_PASSWORD" # Your USER_PASSWORD
PROTOCOL="udp" # udp / tcp MUST BE lower case
VPN_CONFIG="script-security 2
client
float
dev tap
proto $PROTOCOL
nobind
tls-client
ca /tmp/vpntunnelse/ca.crt
ns-cert-type server
push \"dhcp-option DNS 80.67.0.2\"
push \"dhcp-option DNS 91.213.246.2\"
auth-user-pass /tmp/vpntunnelse/userpass.conf
remote-random
$REMOTE_SERVERS
persist-key
persist-tun
comp-lzo
verb 3
log /tmp/vpntunnelse/log.txt"
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
if [ "$OPVPNENABLE" != 0 ]
then
nvram set openvpncl_enable=0
nvram commit
fi
I get the Initialization Sequence Completed message but I cannot browse at all.
Is it a problem with the routing table / firewall script? I'm a DDWRT noob and am new to routing table jargon as well.
Thanks in advance.
Hi Guys,
I'm having the same problem, I'm using the same code posted above (with the "float") and have no web activity. Did it work with anyone else?
Kind Regards
T.