DDWRT Open VPN No Internet - Willing to pay tutor

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Sun Oct 08, 2017 22:01    Post subject: DDWRT Open VPN No Internet - Willing to pay tutor Reply with quote
So I have certs and everything handshaking correctly, but I cannot for the life of me get internet to pass through to the VPN or access to my DDWRT GUI.

Linksys WRT3200

Router IP: 10.217.64.186
VPN IP: 10.217.16.0

Config


Additional Config
Code:
log-append /var/log/openvpn.log
tcp-queue-limit 128
txqueuelen 2000
push "dhcp-option DNS 10.217.64.186"


Firewall
Code:
iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT
iptables -I FORWARD 1 –source 10.217.16.0/24 -j ACCEPT
iptables -I FORWARD -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -j ACCEPT
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.217.16.0/24 -j MASQUERADE


Client
Code:
client
dev tun
proto udp
remote [MYEXTERNALIP] 1194
nobind
persist-key
persist-tun
verb 4
float
tun-mtu 1500
auth SHA1
cipher AES-128-CBC


I was trying to follow multiple forum posts but nothing is working. Some even suggested that I should not need to edit iptables, that the new openvpn in ddwrt does it automatically.

I am honestly unsure what to do at the moment.

If someone can help me understand what is going on and where my mistake is in addition to helping fix it, I would definitely be willing to pay something.

I generally catch on pretty quickly, there is just so much conflicting information based on build changes that I have spent over 100 hours off and on trying to get this to work


Last edited by ngkrich on Mon Oct 09, 2017 0:28; edited 2 times in total
Sponsor
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 981
Location: Louisiana, USA

PostPosted: Sun Oct 08, 2017 22:41    Post subject: Reply with quote
I don’t have too much experience with OpenVPN Server so I probably wouldn’t be much help, however, there are plenty of Forum Members who I’m sure can & will help you.

I would encourage you not to offer money though. This Forum is a great place to get help and to pass on knowledge, but the second money gets involved - I’m afraid it would all go to $hit.

Good Luck!

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Sun Oct 08, 2017 22:44    Post subject: Reply with quote
Previously I haven't been able to get anyone to reply, trying to give the incentive somehow.
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 981
Location: Louisiana, USA

PostPosted: Sun Oct 08, 2017 23:00    Post subject: Reply with quote
ngkrich wrote:
Previously I haven't been able to get anyone to reply, trying to give the incentive somehow.


That’s what I figured! Mr. Green Sorry you haven’t been able to get help yet.

Setting up OpenVPN Server is one of those things that has been on my 'to do' list for awhile. The best I can offer is all the relevant info I’ve saved for when I finally get to it.

https://openvpn.net/index.php/open-source/documentation/howto.html

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1069349

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310458

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=304754&sid=a9a46abfa46f81dacd0bb6515fbd6bc9

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310088

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=998690

https://torguard.net/knowledgebase.php?action=displayarticle&id=192

Most of these you’ve probably already read, but hopefully one or two can help.

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Mon Oct 09, 2017 0:25    Post subject: Reply with quote
spuriousoffspring wrote:
ngkrich wrote:
Previously I haven't been able to get anyone to reply, trying to give the incentive somehow.


That’s what I figured! Mr. Green Sorry you haven’t been able to get help yet.

Setting up OpenVPN Server is one of those things that has been on my 'to do' list for awhile. The best I can offer is all the relevant info I’ve saved for when I finally get to it.

https://openvpn.net/index.php/open-source/documentation/howto.html

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1069349

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310458

https://www.dd-wrt.com/phpBB2/viewtopic.php?t=304754&sid=a9a46abfa46f81dacd0bb6515fbd6bc9

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310088

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=998690

https://torguard.net/knowledgebase.php?action=displayarticle&id=192

Most of these you’ve probably already read, but hopefully one or two can help.


310458 looked the most applicable but I can't seem to make the suggestions work.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Oct 09, 2017 3:02    Post subject: Reply with quote
I don't have a Marvell device but I'll assume the ovpn server should work .... I know lots that run the ovpn client on them.

Be helpful to know what build you are running.
Also be much to your advantage if using, at least as recent, dd-wrt build of last few months.
If using build newer than r33006 openSSL was updated and no longer supports key certs made using md5.
All certs must be made using RSA security.

Does this router have a public WAN connection?
If NO --- is the 1194 port opened to this device from whatever device holds public WAN?

If this device is setup as a WAP with WAN disabled --- need to know that. Still work but some things are different.
From your pic I see you do not have Recursive DNS Resolving enabled ... that's good. Is just a little bit different if using that.

So I'm going to make suggestions by what your pics show.

It is possible 1194 is blocked by your ISP.
You can try using something else if you want ... I'm partial to using UDP ports up higher than 40,000.
But then again they could be blocked -
You can set the ovpn server to use TCP 443, which should get you around anything being blocked.

Should have in correct place:
Public Server Cert only information between and including BEGIN CERTIFICATE & END CERTIFICATE example:
-----BEGIN CERTIFICATE-----
0pSNvZAvcf/dMLxUEeQI6kFQtalh16Evc0hYW0u2/GK9feposT/iCOhTsPDZLlx8
DPXgVn0h2LECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQD
this is my cert and obiously left a bunch out
BIHEMIHBgBSKf3EYatvOtmTpCkXQP8nFyIp9yaGBnaSBmjCBlzELMAkGA1UEBhMC
gAI65eM9ZiM6AxCfcEbaq47zZGC1ypxsINwBF48wL8UlqQDJ8xiLMeZshs44
-----END CERTIFICATE-----

Same for:
CA Cert
Private Server Key
DH PEM

Recommend using: (these will be common on whatever client you want to use)
Encryption Cipher = AES-256-CBC
don't use AES-512-CBC --- it don't work w/dd-wrt since new openSSL ... yea it shouldn't even show

Hash Algorithm = SHA256

Redirect default Gateway = Enabled

Tunnel UDP MSS-Fix = Enabled

In below suggestions I'm using info from pics in your first post

ovpn server page in Additional Config:
push "route 10.217.64.0 255.255.255.0"
push "dhcp-option DNS 10.217.64.186"


----

Is the ovpn server running? ..meaning does it even start?
In ...Status/OpenVPN top of page should say:
State
Server: CONNECTED SUCCESS
Local Address: 10.217.16.1
Remote Address: 10.217.16.1

If not running the log below that should give reason why.


using a recent build should not need all that mess in the firewall.
Only need:
iptables -t nat -A POSTROUTING -s 10.217.16.0/24 -j MASQUERADE

Services page in Additional DNSMasq Options need to put:
interface=tun2
This is so DNSMasq will recognize the new interface and it can be routed...(added to the routing table)

If server is running and all looks correct --
Another concern is what type client you are using to connect with?
Are you outside of your network trying to connect?
Are you using the router's WAN IP or is DDNS configured and working?
Are you using another router as an ovpn client?
Actually routers in general are very odd birds to use as ovpn clients ... nothing like a single client device Wink
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Mon Oct 09, 2017 4:05    Post subject: Reply with quote
mrjcd wrote:
I don't have a Marvell device but I'll assume the ovpn server should work .... I know lots that run the ovpn client on them.

Be helpful to know what build you are running.
Also be much to your advantage if using, at least as recent, dd-wrt build of last few months.
If using build newer than r33006 openSSL was updated and no longer supports key certs made using md5.
All certs must be made using RSA security.


I am using Firmware: DD-WRT v3.0-r33413 std (09/27/17)

I think I figured it out, LZO compression was disabled, which caused a strange log when the user connected to the server. Even with LZO not being mentioned in the client. So I set it to no instead and now things seems to be working!

Any tips for NAS? No matter what I do I cannot get read/write access. It refuses to let me have permission no matter how many times I edit the NAS settings or reset firmware fresh.

Edit: Apologies mrjcd I realized I PM'd you my NAS issue after replying here. It for some reason didn't click in my head.

Copy of the message here in case anyone else has the same issue.

Have you run into this NAS issue? I am on Firmware: DD-WRT v3.0-r33413 std (09/27/17).

Samba


USB


Permission


It is driving me absolutely mad. I have tried factory resetting multiple times, starting from scratch.
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 981
Location: Louisiana, USA

PostPosted: Mon Oct 09, 2017 4:21    Post subject: Reply with quote
I had the same issue, although OpenVPN Server wasn’t involved.

Try changing the Workgroup name to something else and then match the new name in DD-WRT - NAS.

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Oct 09, 2017 4:28    Post subject: Reply with quote
ngkrich wrote:
mrjcd wrote:
I don't have a Marvell device but I'll assume the ovpn server should work .... I know lots that run the ovpn client on them.

Be helpful to know what build you are running.
Also be much to your advantage if using, at least as recent, dd-wrt build of last few months.
If using build newer than r33006 openSSL was updated and no longer supports key certs made using md5.
All certs must be made using RSA security.


I am using Firmware: DD-WRT v3.0-r33413 std (09/27/17)

I think I figured it out, LZO compression was disabled, which caused a strange log when the user connected to the server. Even with LZO not being mentioned in the client. So I set it to no instead and now things seems to be working!

Any tips for NAS? No matter what I do I cannot get read/write access. It refuses to let me have permission no matter how many times I edit the NAS settings or reset firmware fresh.

compression should usually always be left on adaptive

An attached drive on router shouldn't be a problem. If you can access it locally should be able to across the TUN.
I've never had any issue connecting to USB drive across tunnel...same as I would locally.
This does not mean seeing windows shares....that doesn't work same.
But yea you can access windows shared directory or drives by IP or name if using local DNS and a good client.
If you want to connect thru the routed tunnel to .... example - a windows device you will have to put the ovpn server's network in the windows firewall to allow it's access.
10.217.16.0/24 would have to be allowed access
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Oct 09, 2017 4:42    Post subject: Reply with quote
Ok just now seen your pics.
No I never had a problem with that build on the EA8500.
ovpn server and SAMBA share all very good.... only difference I see I using FAT32 and you look like NTFS.....but that shouldn't be an issue.

All my ovpn clients are Android phones or tablet using various client apps.

Looks like your on a winders client .... probably something in the FW. You'll have to dig for the answers probably.

My workgroup is all same on my windows devices and all routers share devices .... and NO it ain't the default winders workgroup

Edit: before you get frustrated reboot the client computer Smile

I'm not a big winders user and don't know how to tell you more....but yea you can access the NAS across a TUN.
Needs to be regular SMB connection. I do it all time with the android Total Commander app w/LAN plugin.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Oct 09, 2017 11:38    Post subject: Reply with quote
Windows can only access an NTFS partition if it is the first partition on a disk, I do not know it this applies to an attached drive to DDWRT.
I have Samba running but on an R6400 with latest Kong build.
Maybe redundant but see instructions attached Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Mon Oct 09, 2017 13:20    Post subject: Reply with quote
To clarify, I cannot get NAS and SMB to work locally. It wont mount the drive R/W. The default linksys firmware works with it just fine if I reboot to the original firmware.

I realize I should be able to see it through OVPN, sorry for the confusion I should have clarified this better.

The partitions seem to be the master boot record as windows does not display them. It is worth noting the drive is GPT. I reformatted it just in case by deleting the partition and remaking it.



Last edited by ngkrich on Mon Oct 09, 2017 13:29; edited 1 time in total
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Mon Oct 09, 2017 13:25    Post subject: Reply with quote
ngkrich wrote:
To clarify, I cannot get NAS and SMB to work locally. It wont mount the drive R/W. The default linksys firmware works with it just fine if I reboot to the original firmware.

I realize I should be able to see it through OVPN, sorry for the confusion I should have clarified this better.

There were some USB issues with some routers concerning auto mount in last couple builds.
Not sure that applied to you.
Have to check your routers forum new build thread for more info on that.
ngkrich
DD-WRT Novice


Joined: 30 Apr 2017
Posts: 24

PostPosted: Mon Oct 09, 2017 13:31    Post subject: Reply with quote
mrjcd wrote:
ngkrich wrote:
To clarify, I cannot get NAS and SMB to work locally. It wont mount the drive R/W. The default linksys firmware works with it just fine if I reboot to the original firmware.

I realize I should be able to see it through OVPN, sorry for the confusion I should have clarified this better.

There were some USB issues with some routers concerning auto mount in last couple builds.
Not sure that applied to you.
Have to check your routers forum new build thread for more info on that.


Brainslayer said it should work, and others have reported NAS working in this build. I tried re-flashing DDWRT as well with no luck. Past validating that my settings seemed right Brainslayer was busy/moved on.

Edit: For some reason it works now after the refomat. I am super happy but unsatisfied lol. It seems more random issue than something I can learn from. Sad
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Oct 09, 2017 14:02    Post subject: Reply with quote
Glad it works, if you are still willing to pay you can always donate:

http://www.dd-wrt.com/site/community/donations

Very Happy

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum