dd-wrt openvpn client can't connect to OpenVPN server

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
beaucn
DD-WRT Novice


Joined: 29 Aug 2017
Posts: 2

PostPosted: Tue Aug 29, 2017 14:31    Post subject: dd-wrt openvpn client can't connect to OpenVPN server Reply with quote
I've created an OpenVPN server using the following directions:
https://www.comparitech.com/blog/vpn-privacy/how-to-make-your-own-free-vpn-using-amazon-web-services/

The Sever config is:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
tls-server
tls-auth /etc/openvpn/keys/pfs.key

I've tested it using the tunnelblick VPN client and everything works great.


I would like to use my Linksys E3000 as an OpenVPN client. I'm using this firmware:
Firmware: DD-WRT v24-sp2 (06/07/14) vpnkong

My working tunnelblick client config is:

client
dev tun
proto udp
remote XX.XX.XX.XXX 1194
ca ca.crt
cert client.crt
key client.key
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA512
resolv-retry infinite
auth-retry none
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
tls-client
tls-auth pfs.key


Ive tried to configured the OpenVPN client on the dd-wrt copying the working client config info, but to no avail. I keep getting the following error:

Serverlog Clientlog 20170829 10:21:55 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1400)
20170829 10:21:55 Socket Buffers: R=[114688->131072] S=[114688->131072]
20170829 10:21:55 I UDPv4 link local: [undef]
20170829 10:21:55 I UDPv4 link remote: [AF_INET]XX.XX.XX.XXX:1194
20170829 10:21:55 N TLS_ERROR: BIO read tls_read_plaintext error: error:140830B5:lib(20):func(131):reason(181)
20170829 10:21:55 N TLS Error: TLS object -> incoming plaintext read error
20170829 10:21:55 N TLS Error: TLS handshake failed
20170829 10:21:55 I SIGUSR1[soft tls-error] received process restarting
20170829 10:21:55 Restart pause 2 second(s)
20170829 10:21:57 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

I've attached a screenshot of my dd-wrt config.



Any help would be appreciated to help get it working.
Sponsor
beaucn
DD-WRT Novice


Joined: 29 Aug 2017
Posts: 2

PostPosted: Wed Sep 20, 2017 21:10    Post subject: Changes to make it work Reply with quote
To get the VPN connection working, I removed the TLS settings from my openvpn server:

The Sever config is:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3

And just set TLS Cipher to None on the dropdown and removed the TLS Auth Key.

This solved the connection issue, though I'm not sure how this affects the security of the connection. For my purposes it doesn't matter.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum