Ragnatok DD-WRT Novice
Joined: 13 Oct 2014 Posts: 4
|
Posted: Mon Oct 13, 2014 13:07 Post subject: OpenVPN is working with Windows client, but not with dd-wrt |
|
Hi Guys,
My goal is to connect to OpenVPN server to watch IPTV content. I want my dd-wrt router to be able to pass remote country IP to my hardware media player (Dune HD) that is connected to TV.
When I connect to OpenVPN server with my dd-wrt router I have status CONNECTED: SUCCESS, but I can’t ping machines on remote network and I don’t have remote country IP. At the same time I am able to connect to OpenVPN server with Windows OpenVPN client on my laptop and I can ping machines located on remove network and I get remote country IP.
I am noob in networking stuff and I have spent 2 weeks digging documentation and forums, with some progress but without final result. And I am stuck for the moment. I hope you guys can help me to setup OpenVPN client on my dd-wrt router to let my family enjoy TV with the language that we can understand. Thanks in advance!
Below you can find my setup and logs.
Setup:
I have WDSL modem (with embedded router) configured as dumb modem (Bridge). My dd-wrt router is connected to modem with Ethernet cable and setup with WAN in PPPOE mode. SPI Firewall is disabled on the router and SSH is enabled. Router has IP address: 10.10.0.1 with mask: 255.255.0.0. No iptables configuration.
Router: Cisco Linksys E900
Firmware: DD-WRT v24-sp2 (05/27/13) big (SVN revision 21676)
OpenVPN client config on dd-wrt:
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tap1
proto udp
cipher bf-cbc
auth sha1
remote 95.158.60.152 12655
comp-lzo yes
tls-client
tun-mtu 1500
mtu-disc yes
fast-io
float
redirect-gateway
OpenVPN client log on dd-wrt:
State:
Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: Remote Address:
Log:
Serverlog Clientlog 20141013 13:59:09 I OpenVPN 2.3.1 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 27 2013
20141013 13:59:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20141013 13:59:09 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20141013 13:59:09 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20141013 13:59:09 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20141013 13:59:09 Socket Buffers: R=[114688->131072] S=[114688->131072]
20141013 13:59:09 I UDPv4 link local: [undef]
20141013 13:59:09 I UDPv4 link remote: [AF_INET]95.158.60.152:12655
20141013 13:59:09 TLS: Initial packet from [AF_INET]95.158.60.152:12655 sid=1528f2b4 e5db5353
20141013 13:59:10 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:10 VERIFY OK: depth=1 C=UA ST=NO L=Kyiv O=SomeTechnologies OU=changeme CN=OpenVPN name=changeme emailAddress=info@sometec.com
20141013 13:59:10 VERIFY OK: depth=0 C=UA ST=NO L=Kyiv O=SomeTechnologies OU=changeme CN=server name=changeme emailAddress=info@sometec.com
20141013 13:59:10 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:11 D MANAGEMENT: CMD 'state'
20141013 13:59:11 MANAGEMENT: Client disconnected
20141013 13:59:12 N TLS Error: local/remote TLS keys are out of sync: [AF_INET]95.158.60.152:12655 [0]
20141013 13:59:12 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:12 D MANAGEMENT: CMD 'log 500'
20141013 13:59:12 MANAGEMENT: Client disconnected
20141013 13:59:12 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20141013 13:59:12 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20141013 13:59:12 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
20141013 13:59:12 NOTE: --mute triggered...
20141013 13:59:12 2 variation(s) on previous 3 message(s) suppressed by --mute
20141013 13:59:12 I [server] Peer Connection Initiated with [AF_INET]95.158.60.152:12655
20141013 13:59:14 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20141013 13:59:14 PUSH: Received control message: 'PUSH_REPLY dhcp-option WINS 192.168.0.1 route-gateway dhcp ping 10 ping-restart 120'
20141013 13:59:14 OPTIONS IMPORT: timers and/or timeouts modified
20141013 13:59:14 NOTE: --mute triggered...
20141013 13:59:14 2 variation(s) on previous 3 message(s) suppressed by --mute
20141013 13:59:14 ROUTE_GATEWAY 62.235.215.1
20141013 13:59:14 I TUN/TAP device tap1 opened
20141013 13:59:14 TUN/TAP TX queue length set to 100
20141013 13:59:14 W NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
20141013 13:59:14 I Initialization Sequence Completed
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:17 D MANAGEMENT: CMD 'state'
20141013 13:59:17 MANAGEMENT: Client disconnected
20141013 13:59:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:18 D MANAGEMENT: CMD 'log 500'
20141013 13:59:18 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'state'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:23 D MANAGEMENT: CMD 'log 500'
20141013 13:59:23 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:27 D MANAGEMENT: CMD 'state'
20141013 13:59:27 MANAGEMENT: Client disconnected
20141013 13:59:28 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:28 D MANAGEMENT: CMD 'log 500'
20141013 13:59:28 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'state'
20141013 13:59:47 MANAGEMENT: Client disconnected
20141013 13:59:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141013 13:59:47 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
OpenVPN client config on Windows OpenVPN client:
This config I received from OpenVPN server admin and it is working fine on the OpenVPN Windows client. I can ping remote machines, but not always get remote country IP (don’t know why).
client
float
comp-lzo
float
nobind
persist-key
persist-tun
dev tap
tun-mtu 1500
remote 95.158.60.152 12655
proto udp
ca "ca.crt"
cert "nino_punto.crt"
key "nino_punto.key"
mssfix
route-method exe
verb 3
route-delay 2
mute 20
redirect-gateway
OpenVPN log on Windows OpenVPN client:
Mon Oct 13 14:29:55 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Mon Oct 13 14:29:55 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Oct 13 14:29:55 2014 Need hold release from management interface, waiting...
Mon Oct 13 14:29:56 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'state on'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'log all on'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'hold off'
Mon Oct 13 14:29:56 2014 MANAGEMENT: CMD 'hold release'
Mon Oct 13 14:29:56 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 13 14:29:56 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 13 14:29:56 2014 UDPv4 link local: [undef]
Mon Oct 13 14:29:56 2014 UDPv4 link remote: [AF_INET]95.158.60.152:12655
Mon Oct 13 14:29:56 2014 MANAGEMENT: >STATE:1413203396,WAIT,,,
Mon Oct 13 14:29:56 2014 MANAGEMENT: >STATE:1413203396,AUTH,,,
Mon Oct 13 14:29:56 2014 TLS: Initial packet from [AF_INET]95.158.60.152:12655, sid=d8c683fa 2bf7bd7f
Mon Oct 13 14:29:56 2014 VERIFY OK: depth=1, C=UA, ST=NO, L=Kyiv, O=SomeTechnologies, OU=changeme, CN=OpenVPN, name=changeme, emailAddress=info@sometec.com
Mon Oct 13 14:29:56 2014 VERIFY OK: depth=0, C=UA, ST=NO, L=Kyiv, O=SomeTechnologies, OU=changeme, CN=server, name=changeme, emailAddress=info@sometec.com
Mon Oct 13 14:29:57 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 13 14:29:57 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 13 14:29:57 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 13 14:29:57 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 13 14:29:57 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Oct 13 14:29:57 2014 [server] Peer Connection Initiated with [AF_INET]95.158.60.152:12655
Mon Oct 13 14:29:58 2014 MANAGEMENT: >STATE:1413203398,GET_CONFIG,,,
Mon Oct 13 14:29:59 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 13 14:29:59 2014 PUSH: Received control message: 'PUSH_REPLY,dhcp-option WINS 192.168.0.1,route-gateway dhcp,ping 10,ping-restart 120'
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: route-related options modified
Mon Oct 13 14:29:59 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 13 14:29:59 2014 open_tun, tt->ipv6=0
Mon Oct 13 14:29:59 2014 TAP-WIN32 device [Ïîäêëþ÷åíèå ïî ëîêàëüíîé ñåòè] opened: \\.\Global\{413EFBCD-2317-4B9F-BD93-5734D1647AAC}.tap
Mon Oct 13 14:29:59 2014 TAP-Windows Driver Version 9.9
Mon Oct 13 14:29:59 2014 Successful ARP Flush on interface [28] {413EFBCD-2317-4B9F-BD93-5734D1647AAC}
Mon Oct 13 14:29:59 2014 Extracted DHCP router address: 192.168.0.1
Mon Oct 13 14:30:01 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe ADD 95.158.60.152 MASK 255.255.255.255 10.10.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.10.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 192.168.0.1
Mon Oct 13 14:30:01 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Oct 13 14:30:01 2014 Initialization Sequence Completed
Mon Oct 13 14:30:01 2014 MANAGEMENT: >STATE:1413203401,CONNECTED,SUCCESS,,95.158.60.152
Mon Oct 13 14:30:02 2014 Extracted DHCP router address: 192.168.0.1 |
|