Posted: Sat Sep 13, 2014 6:46 Post subject: 25015M: openvpn client and policy based routing not working
I am running Kong 24345M with OpenVPN client configured to connect to a remote Openvpn server running on another DD-WRT route. The connect is up but the policy based routing seems not working.
My lan is 192.168.10.0/255.255.255.0. I want my client 192.168.10.180 goes through the VPN. So I added 192.168.10.180/32 in "Policy based Routing".
But after the VPN is up, the following 2 commands returns empty result:
ip route list table table 10
ip rule show
/tmp/openvpncl/openvpn.conf has following(will ifconfig-noexec cause any trouble?):
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Sat Sep 13, 2014 7:29 Post subject: Re: openvpn client and policy based routing not working
stoney li wrote:
I am running Kong 24345M with OpenVPN client configured to connect to a remote Openvpn server running on another DD-WRT route. The connect is up but the policy based routing seems not working.
My lan is 192.168.10.0/255.255.255.0. I want my client 192.168.10.180 goes through the VPN. So I added 192.168.10.180/32 in "Policy based Routing".
But after the VPN is up, the following 2 commands returns empty result:
ip route list table table 10
ip rule show
/tmp/openvpncl/openvpn.conf has following(will ifconfig-noexec cause any trouble?):
Im running 25000 and I'm also having trouble with policy based routing. I want these two addresses to use the PIA tunnel 192.168.1.10/32 and 192.168.1.11/32.
When I check my IP address online google shows the anonymous IP but when i check the address at whatismyip. com it shows my real IP. When I don't use policy based routing and all my traffic goes through the tunnel I don't have this problem.
It seems the client is not working. I used 2 dd-wrt routes to connect with openvpn: one server (TAP) and one client. The server and the client can not ping each other. However, if I use a laptop to connect the openvpn server router. They can ping each other without any problem.
So I guess the openvpn client is broken on dd-wrt.
It seems the client is not working. I used 2 dd-wrt routes to connect with openvpn: one server (TAP) and one client. The server and the client can not ping each other. However, if I use a laptop to connect the openvpn server router. They can ping each other without any problem.
So I guess the openvpn client is broken on dd-wrt.
Instead of guessing just look at the syslog and vpn status page. It will usually tell you what's wrong.
VPN Client has been working for me for quite some time. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Hi Kong,
I am trying to setup a openvpn connection from AC68 with 25015M as openvpn client to a remote N13U openvpn server with BS v24-sp2 (03/29/14) std - build 23838 through a ssh tunnel.
The normal putty & windows openvpn client to the remote openvpn server connects without any problem.
As for AC68 setup, I first enabled the openvpn client with TAP (same as the server), then I ssh to AC68 with putty and then "ssh root@<remotehost> -L 1944:<remotehost>:443" to create the ssh tunnel. From the log, it seems the connects was established. However, there is no entry of the client ip address in the remote LAN status.The client has a tap1 device with no ip address.
Last edited by stoney li on Wed Sep 17, 2014 6:11; edited 1 time in total
server status:
tate Server: CONNECTED: SUCCESS Local Address: Remote Address: Client: : Local Address: Remote Address:
Status
Wed Sep 17 13:15:44 2014
Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since Connected Since (time_t)
clientpc xxx.xxx.xxx.xxx:37575 192.168.0.10 76391 4856 Wed Sep 17 13:14:42 2014 1410959682
Virtual Address Common Name Real Address Last Ref
d8:50:e6:5a:4f:78 clientpc xxx.xxx.xxx.xxx:37575 Wed Sep 17 13:15:17 2014
d0:e7:82:7b:74:95 clientpc xxx.xxx.xxx.xxx:37575 Wed Sep 17 13:14:54 2014
a0:f3:c1:bf:a1:80 clientpc xxx.xxx.xxx.xxx:37575 Wed Sep 17 13:15:30 2014
........
It has multiple virtual address instances and keep adding.
Server log:
...........
20140917 13:14:49 clientpc/xxx:37575 PUSH: Received control message: 'PUSH_REQUEST'
20140917 13:14:49 I clientpc/xxx:37575 send_push_reply(): safe_cap=940
20140917 13:14:49 clientpc/xxx:37575 SENT CONTROL [clientpc]: 'PUSH_REPLY dhcp-option DNS 192.168.0.1 route-gateway 192.168.0.1 ping 10 ping-restart 120 socket-flags TCP_NODELAY ifconfig 192.168.0.10 255.255.255.0' (status=1)
20140917 13:14:51 clientpc/219.139.196.230:37575 MULTI: Learn: 28:d2:44:24:09:fd -> clientpc/219.139.196.230:37575
20140917 13:14:51 clientpc/219.139.196.230:37575 MULTI: Learn: a4:4e:31:54:cb:f0 -> clientpc/219.139.196.230:37575
20140917 13:14:53 clientpc/219.139.196.230:37575 MULTI: Learn: a0:f3:c1:bf:a1:80 -> clientpc/219.139.196.230:37575
20140917 13:14:54 clientpc/219.139.196.230:37575 NOTE: --mute triggered...
20140917 13:15:43 6 variation(s) on previous 3 message(s) suppressed by --mute
20140917 13:15:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140917 13:15:43 D MANAGEMENT: CMD 'state'
20140917 13:15:43 MANAGEMENT: Client disconnected
20140917 13:15:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140917 13:15:43 D MANAGEMENT: CMD 'state'
20140917 13:15:43 MANAGEMENT: Client disconnected
20140917 13:15:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140917 13:15:43 D MANAGEMENT: CMD 'state'
20140917 13:15:43 MANAGEMENT: Client disconnected
20140917 13:15:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140917 13:15:44 D MANAGEMENT: CMD 'status 2'
20140917 13:15:44 MANAGEMENT: Client disconnected
20140917 13:15:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140917 13:15:44 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
2. It seems dropbear ssh can not be running in the background to setup a ssh tunnel. I was trying to install openssh but there is no autossh in opkg. Is there a way to install autossh or openssh for the AC build? Or is there a way to running dropbear ssh client in background to setup a tunnel after startup?
The log repeats the following after connected:
.........
20140916 22:17:14 MANAGEMENT: Client disconnected
20140916 22:17:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140916 22:17:14 D MANAGEMENT: CMD 'state'
20140916 22:17:14 MANAGEMENT: Client disconnected
20140916 22:17:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140916 22:17:14 D MANAGEMENT: CMD 'status 2'
20140916 22:17:14 MANAGEMENT: Client disconnected
20140916 22:17:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20140916 22:17:14 D MANAGEMENT: CMD 'log 500'
........
Yes and that is normal, because the webif connects to openvpn status on 127.0.0.1:16, so every webif page refresh adds a new entry. Thus what you see here is the webif connects to get the status, then disconnects:-) _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Yes, port 16 is for the status. Those are always in the webif log.
openvpn client using "dev tun1" (bridge) is not working. The rest modes of openvpn (openvpn server in tun mode, tap mode and client in tap mode) work fine.