OpenVPN is working with Windows client, but not with dd-wrt

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Ragnatok
DD-WRT Novice


Joined: 13 Oct 2014
Posts: 4

PostPosted: Mon Oct 13, 2014 13:07    Post subject: OpenVPN is working with Windows client, but not with dd-wrt Reply with quote
Hi Guys,

My goal is to connect to OpenVPN server to watch IPTV content. I want my dd-wrt router to be able to pass remote country IP to my hardware media player (Dune HD) that is connected to TV.

When I connect to OpenVPN server with my dd-wrt router I have status CONNECTED: SUCCESS, but I can’t ping machines on remote network and I don’t have remote country IP. At the same time I am able to connect to OpenVPN server with Windows OpenVPN client on my laptop and I can ping machines located on remove network and I get remote country IP.

I am noob in networking stuff and I have spent 2 weeks digging documentation and forums, with some progress but without final result. And I am stuck for the moment. I hope you guys can help me to setup OpenVPN client on my dd-wrt router to let my family enjoy TV with the language that we can understand. Very Happy Thanks in advance!

Below you can find my setup and logs.

Setup:

I have WDSL modem (with embedded router) configured as dumb modem (Bridge). My dd-wrt router is connected to modem with Ethernet cable and setup with WAN in PPPOE mode. SPI Firewall is disabled on the router and SSH is enabled. Router has IP address: 10.10.0.1 with mask: 255.255.0.0. No iptables configuration.

Router: Cisco Linksys E900

Firmware: DD-WRT v24-sp2 (05/27/13) big (SVN revision 21676)

OpenVPN client config on dd-wrt:

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tap1
proto udp
cipher bf-cbc
auth sha1
remote 95.158.60.152 12655
comp-lzo yes
tls-client
tun-mtu 1500
mtu-disc yes
fast-io
float
redirect-gateway

OpenVPN client log on dd-wrt:

State:
Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: Remote Address:

Log:
Serverlog Clientlog 20141013 13:59:09 I OpenVPN 2.3.1 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 27 2013
20141013 13:59:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20141013 13:59:09 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20141013 13:59:09 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20141013 13:59:09 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20141013 13:59:09 Socket Buffers: R=[114688->131072] S=[114688->131072]
20141013 13:59:09 I UDPv4 link local: [undef]
20141013 13:59:09 I UDPv4 link remote: [AF_INET]95.158.60.152:12655
20141013 13:59:09 TLS: Initial packet from [AF_INET]95.158.60.152:12655 sid=1528f2b4 e5db5353
20141013 13:59:10 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:10 VERIFY OK: depth=1 C=UA ST=NO L=Kyiv O=SomeTechnologies OU=changeme CN=OpenVPN name=changeme emailAddress=info@sometec.com
20141013 13:59:10 VERIFY OK: depth=0 C=UA ST=NO L=Kyiv O=SomeTechnologies OU=changeme CN=server name=changeme emailAddress=info@sometec.com
20141013 13:59:10 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:12 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:12 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:12 D MANAGEMENT: CMD 'log 500'
20141013 13:59:12 MANAGEMENT: Client disconnected
20141013 13:59:12 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20141013 13:59:12 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20141013 13:59:12 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
20141013 13:59:12 NOTE: --mute triggered...
20141013 13:59:12 2 variation(s) on previous 3 message(s) suppressed by --mute
20141013 13:59:12 I [server] Peer Connection Initiated with [AF_INET]95.158.60.152:12655
20141013 13:59:14 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20141013 13:59:14 PUSH: Received control message: 'PUSH_REPLY dhcp-option WINS 192.168.0.1 route-gateway dhcp ping 10 ping-restart 120'
20141013 13:59:14 OPTIONS IMPORT: timers and/or timeouts modified
20141013 13:59:14 NOTE: --mute triggered...
20141013 13:59:14 2 variation(s) on previous 3 message(s) suppressed by --mute
20141013 13:59:14 ROUTE_GATEWAY 62.235.215.1
20141013 13:59:14 I TUN/TAP device tap1 opened
20141013 13:59:14 TUN/TAP TX queue length set to 100
20141013 13:59:14 W NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
20141013 13:59:14 I Initialization Sequence Completed
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:18 D MANAGEMENT: CMD 'log 500'
20141013 13:59:18 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'log 500'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:28 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:28 D MANAGEMENT: CMD 'log 500'
20141013 13:59:28 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

OpenVPN client config on Windows OpenVPN client:

This config I received from OpenVPN server admin and it is working fine on the OpenVPN Windows client. I can ping remote machines, but not always get remote country IP (don’t know why).

client
float
comp-lzo
float
nobind
persist-key
persist-tun
dev tap
tun-mtu 1500
remote 95.158.60.152 12655
proto udp
ca "ca.crt"
cert "nino_punto.crt"
key "nino_punto.key"
mssfix
route-method exe
verb 3
route-delay 2
mute 20
redirect-gateway

OpenVPN log on Windows OpenVPN client:

Mon Oct 13 14:29:55 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Mon Oct 13 14:29:55 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Oct 13 14:29:55 2014 Need hold release from management interface, waiting...
Mon Oct 13 14:29:56 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'state on'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'log all on'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'hold off'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'hold release'
Mon Oct 13 14:29:56 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 13 14:29:56 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 13 14:29:56 2014 UDPv4 link local: [undef]
Mon Oct 13 14:29:56 2014 UDPv4 link remote: [AF_INET]95.158.60.152:12655
Mon Oct 13 14:29:56 2014 MANAGEMENT: >STATE:1413203396,WAIT,,,
Mon Oct 13 14:29:56 2014 MANAGEMENT: >STATE:1413203396,AUTH,,,
Mon Oct 13 14:29:56 2014 TLS: Initial packet from [AF_INET]95.158.60.152:12655, sid=d8c683fa 2bf7bd7f
Mon Oct 13 14:29:56 2014 VERIFY OK: depth=1, C=UA, ST=NO, L=Kyiv, O=SomeTechnologies, OU=changeme, CN=OpenVPN, name=changeme, emailAddress=info@sometec.com
Mon Oct 13 14:29:56 2014 VERIFY OK: depth=0, C=UA, ST=NO, L=Kyiv, O=SomeTechnologies, OU=changeme, CN=server, name=changeme, emailAddress=info@sometec.com
Mon Oct 13 14:29:57 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 13 14:29:57 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 13 14:29:57 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 13 14:29:57 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 13 14:29:57 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Oct 13 14:29:57 2014 [server] Peer Connection Initiated with [AF_INET]95.158.60.152:12655
Mon Oct 13 14:29:58 2014 MANAGEMENT: >STATE:1413203398,GET_CONFIG,,,
Mon Oct 13 14:29:59 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 13 14:29:59 2014 PUSH: Received control message: 'PUSH_REPLY,dhcp-option WINS 192.168.0.1,route-gateway dhcp,ping 10,ping-restart 120'
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: route-related options modified
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 13 14:29:59 2014 open_tun, tt->ipv6=0
Mon Oct 13 14:29:59 2014 TAP-WIN32 device [Ïîäêëþ÷åíèå ïî ëîêàëüíîé ñåòè] opened: \\.\Global\{413EFBCD-2317-4B9F-BD93-5734D1647AAC}.tap
Mon Oct 13 14:29:59 2014 TAP-Windows Driver Version 9.9
Mon Oct 13 14:29:59 2014 Successful ARP Flush on interface [28] {413EFBCD-2317-4B9F-BD93-5734D1647AAC}
Mon Oct 13 14:29:59 2014 Extracted DHCP router address: 192.168.0.1
Mon Oct 13 14:30:01 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe ADD 95.158.60.152 MASK 255.255.255.255 10.10.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.10.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 192.168.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 Initialization Sequence Completed
Mon Oct 13 14:30:01 2014 MANAGEMENT: >STATE:1413203401,CONNECTED,SUCCESS,,95.158.60.152
Mon Oct 13 14:30:02 2014 Extracted DHCP router address: 192.168.0.1
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Mon Oct 13, 2014 19:49    Post subject: Reply with quote
wiki: openvpn

enable redirect

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Ragnatok
DD-WRT Novice


Joined: 13 Oct 2014
Posts: 4

PostPosted: Tue Oct 14, 2014 9:09    Post subject: Reply with quote
Thanks for the reply.

I have read again dd-wrt OpenVPN Wiki:

http://www.dd-wrt.com/wiki/index.php/OpenVPN

But could not find information about redirect. Stuck again.
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Thu Oct 16, 2014 15:04    Post subject: Reply with quote
Redirect default Gateway
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Ragnatok
DD-WRT Novice


Joined: 13 Oct 2014
Posts: 4

PostPosted: Thu Oct 16, 2014 17:24    Post subject: Reply with quote
redirect-gateway is set in the client config as well as on server side. Thanks to this I have redirected internet traffic when I use OpenVPN Windows client. On dd-wrt I also have redirect-gateway enabled, but I can`t even ping the machines on the remote LAN after connection is established successfully. Also I have a warning in the log related to redirect gateway:

20141013 13:59:14 W NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

But first I would like to be able to ping remote LAN machines.
Ragnatok
DD-WRT Novice


Joined: 13 Oct 2014
Posts: 4

PostPosted: Sun Oct 19, 2014 17:33    Post subject: SOLVED Reply with quote
SOLVED
The problem was because I set my router IP address to: 10.10.0.1. But OpenVPN server and other remote LAN machines were in address space: 192.168.0.x. So I changed my router IP address to: 192.168.0.215 and it started to work properly.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum