Openvpn help

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
antont17
DD-WRT Novice


Joined: 20 Sep 2016
Posts: 2
PostPosted: Wed Sep 21, 2016 0:46    Post subject: Openvpn help Reply with quote
Hi All,
I have two asus ac56u routers that im trying to connect via openvpn. The tunnel is up, but I cant get any traffic across it and cannot ping the tun0 interface (or any other device) on the other network. I enabled pinging from anonymous wan addresses under the firewall tab. I want all traffic from the client to route through the server

router1 (server) network - 192.168.1.0/24

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
# Config for Site-to-Site SiteA-SiteB
echo "
proto udp
port 1194
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
persist-tun
keepalive 15 60
daemon
" > SiteA-SiteB.conf
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
KEY
-----END OpenVPN Static key V1-----
" > static.key
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up
# Create routes
route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.2
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf



Firewall
iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT
iptables -I FORWARD 1 –source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT




router2 (client) network - 192.168.2.0/24



# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
remote REMOTEADDR
proto udp
port 1194
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
persist-tun
persist-key
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
STATIC KEY
-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.0.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf



Firewall

iptables -I INPUT 2 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT


LOGS --- router 1

root@DD-WRT:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 br0
10.0.0.0 * 255.255.255.0 U 0 0 0 tun0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.2.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun0

/var/log/messages

Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Socket Buffers: R=[180224->131072] S=[180224->131072]
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: Preserving previous TUN/TAP instance: tun0
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: UDPv4 link local (bound): [undef]
Sep 21 00:02:21 DD-WRT daemon.notice openvpn[1786]: UDPv4 link remote: [undef]
Sep 21 00:02:45 DD-WRT daemon.notice openvpn[1786]: Peer Connection Initiated with [AF_INET]192.168.1.1:1194
Sep 21 00:02:46 DD-WRT daemon.notice openvpn[1786]: Initialization Sequence Completed
S

router 2 (client):

root@DD-WRT-2:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.2 0.0.0.0 UG 0 0 0 vlan2
10.0.0.0 * 255.255.255.0 U 0 0 0 tun0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.1.0 10.0.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0



Sep 21 00:03:03 DD-WRT-2 daemon.notice openvpn[1666]: Peer Connection Initiated with [AF_INET]IPADDR:1194
Sep 21 00:03:03 DD-WRT-2 daemon.notice openvpn[1666]: Initialization Sequence Completed
root@DD-WRT-2:~#


Im really not sure what else to try -- Thanks in advance Laughing
Back to top View user's profile Send private message
Sponsor
antont17
DD-WRT Novice


Joined: 20 Sep 2016
Posts: 2
PostPosted: Wed Sep 21, 2016 3:13    Post subject: UPDATE Reply with quote
Update :
I added the line :
push "route 192.168.1.0 255.255.255.0"

to my server config and when both devices are connected to my home router (internal test) everything seems to work flawlessly -- in my log on the client router I can see that eth0 eth1 eth2 and br0 entered a forwarding state and when I do a tracert in windows I can indeed see that traffic is being forwarded through the vpn server, im also able to ping both the other endpoint on both IP's and my modem.
the only issue now is that it doesnt work when the client is on an external connection .
i dont see the route in the routing table and I dont get the entered forwarding state in the log
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum