Posted: Mon Aug 20, 2012 6:10 Post subject: OpenVPN Issue
I'm sorry if I'm in the wrong forum, but I think I'm in the right place..
I have spent about the last 3hrs communicating with my VPN provider on getting it setup on my router. I have tried to configure it through the web interface under OPENVPN CLIENTS, and from the logs it appears that it connects. However when I go and test my IP from one of my clients it shows my ISP's WAN IP.
The support desk also had me create a sh script and try running the VPN from that. Once again it was a no go on my clients using the VPNs given IP address.
Any ideas on what I'm doing wrong??? Thanks for any feedback.
INFO:
DD-WRT Ver: Firmware: DD-WRT v24-sp2 (06/08/12) big
ROUTER: CISCO E2500
OS: Linux (If it matters)
Which VPN provider are you using as their configurations can vary. Also, there has been considerable development on newer versions of firmware and not all versions work completely. Try searching for confirmation from someone else that OpenVPN is working in the firmware version you are using.
I'm currently using Private Internet Access (https://www.privateinternetaccess.com/). I have searched around here on the forums and on google in attempt to figure something out. I was actually up till about 5am last night trying different "solutions" and suggestions I found on google. But still a no go..
I'll try digging through the DD-WRT forums a little more to see if I can find anything.
I use witopia and have had great difficulty configuring routers with firmware newer than 14853 to successfully connect. Part of the issue is that many more variables have been exposed in newer firmware releases and witopia doesn't provide instructions on configuring those new options - trial and error are required in order to get it right. That combined with occasional firmware which has OpenVPN defects (nobody does 100% perfect coding! ) given that area has been getting all this work makes it challenging to figure out.
My advice would be to go to a simpler configuration (version 14853 for example) and see if you can configure that before trying the more complex later versions - although your E2500 needs at least 18XXX so you would have to do that with an older router. If you can't do that, search for someone who has successfully configured a new version with another VPN provider (like witopia or strongvpn) just to make sure that the version you are using is working.
Ya I think the newer firmware and the different commands used now a days is adding to my headache.
I've kind of gotten things figured out, but I'm still receiving a TLS error which I think is the reason its not working. Waiting to hear back from my provider to see if they have any ideas.
Quote:
Mon Aug 20 21:46:21 2012 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Aug 20 21:46:21 2012 VERIFY EKU OK
Mon Aug 20 21:46:21 2012 VERIFY OK: depth=0, /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=server/emailAddress=secure@privateinternetaccess.com
Mon Aug 20 21:47:21 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Aug 20 21:47:21 2012 TLS Error: TLS handshake failed
Mon Aug 20 21:47:21 2012 TCP/UDP: Closing socket
Mon Aug 20 21:47:21 2012 SIGUSR1[soft,tls-error] received, process restarting
I'm starting to think it might be something up with the build I'm using. I'm using a custom script and have it being called in the startup. However it does not appear that its actually being ran. If I go into the commands and do a RUN COMMAND it won't execute. However if I telnet in and run the exact same command it executes.
Guess I'll give another build a go. I was using the mega build, but for some reason it would just randomly drop connections for like 2 seconds.
) given that area has been getting all this work makes it challenging to figure out.