thanks micleeso - seems to be working fine, with no errors from within the LAN. I'll take her for a spin and try from the WAN tomorrow. Still no dice with NetworkManager though - same 'times out' error with the TLS handshake failing.
@McKayCR - not sure how much memory 'management localhost 5001' option uses, but it doesn't seem to be much from what I can see. Can always set verb to '0' I suppose.
Currently posting this from an airport wireless hotspot routing my connection (automatically) using NetworkManager through my openVPN tunnel - look ma, no proxy or putty! Confirmed the correct routing using whatismyip.
Successfully mounted shares on my home PC and accessed the router via the 'LAN'. Excellent, just what I was wanting!
It seemed NetworkManager was choking on being inside the LAN while trying to run the VPN connection, but outside, connects just fine (as does the terminal), essentially using micleeso's configs - but I don't doubt McKayCR's would work too. My apologies to NetworkManager (although a more helpful error message would have been nice!).
SOS, sorry I didn't get back to you, I tried to export my networkmanager configs so we could compare notes, but I keep getting an error. And since I'm a linux noob, I didn't know where to manually find the configs. Glad you hear you got it to work though.
Now at a motel behind their wireless network. I can putty / ssh to my home router, and run firefox over the ssh connection using a SOCKS proxy, confimed with whatismyip. Good.
OpenVPN connects successfully using both the terminal and NetworkManager. I can browse files on my desktop at home from my laptop here at the motel. However, I can't browse the internet over the openVPN tunnel, as it times out when: "Looking up gmail.com..."
I suspect this is a gateway / DNS issue. If I can get this to work it'll be 100%. Configs as above. I tried adding:
[EDIT] All working now over the tunnel, using NetworkManager and the terminal.
duplicate-cn
push "route 192.168.1.0 255.255.255.0"
server 10.11.12.0 255.255.255.0
mode server
tls-server
port 1194
proto udp
dev tun0
push "dhcp-option DOMAIN xxxx.dyndns.org.local"
push "dhcp-option DNS 58.28.5.2"
push "redirect-gateway def1"
client-to-client
I followed the article from the wiki/this thread but ran into trouble. Hope someone here can give me a hint how to solve it.
I've made the steps from the wiki exactly to configure my WRT54GL and made sure i had enough NVRAM storage to begin with (before I start I reset the router to factory defaults). Certificates are made and pasted into the webpage, server config file is created, firewall configured and all settings are saved.
With these things in place i go to the services page and click on "apply settings", right after that my router crashes.
The PC I use for configuration is connected to the lan side and i notice the following symptoms, while doing a ping to the router:
- i reset the router manually
- after a while it comes up
- ping replies for about 20 seconds
- after that, no replies are received anymore
The only way to get my router alive is go back to factory defaults and i have to go all over again.
So far I used the v24-sp2 version (build 13064) and v24-sp1 (build 10020) but both gave the same results.
Since I only got about 20 seconds to get a connection to the router and i'm not linux-savvy enough i didn't try troubleshooting steps from telnet so far.
So anyone got a hint where to start ?
[EDIT] i pinpointed the problem a little further; i can configure anything i want and save/apply settings, until i change the VPN daemon from the setting start type "system" to "wan up", when i do this (after saving/applying), i lose connection to the router after about 20 seconds and the only way to get control of the router is to do a hard reset.
[EDIT2] This is really weird; i've read all the pages from this thread and noticed that just like some other guys experienced, i had no directory \tmp\openvpn on my router. I've pushed the save button a few times and after that this directory, with the data in it was created !
After that i changed the start type setting to "wan up" and it didn't crash ! So far as i can see now, the openvpn process runs (ps|grep openvpn).
Well, time for round 2 now ! :)
[EDIT3-Last one] Well I gave up; although it seemed i got the VPN server running i haven't been able to connect through a client. Furthermore, the most basic kind of administration, in my case adding ip-reservations for devices in my network that needed static ip's, resulted in a crashed router which only could be revived by going back to factory defaults.
Just flashed my router again with regular firmware and it seems i have to live without VPN. Well, let's have a look what logmein.com has to offer for me instead...
Last edited by Mario67 on Sat Jun 19, 2010 14:51; edited 1 time in total
Now at a motel behind their wireless network. I can putty / ssh to my home router, and run firefox over the ssh connection using a SOCKS proxy, confimed with whatismyip. Good.
OpenVPN connects successfully using both the terminal and NetworkManager. I can browse files on my desktop at home from my laptop here at the motel. However, I can't browse the internet over the openVPN tunnel, as it times out when: "Looking up gmail.com..."
I suspect this is a gateway / DNS issue. If I can get this to work it'll be 100%. Configs as above. I tried adding:
[EDIT] All working now over the tunnel, using NetworkManager and the terminal.
duplicate-cn
push "route 192.168.1.0 255.255.255.0"
server 10.11.12.0 255.255.255.0
mode server
tls-server
port 1194
proto udp
dev tun0
push "dhcp-option DOMAIN xxxx.dyndns.org.local"
push "dhcp-option DNS 58.28.5.2"
push "redirect-gateway def1"
client-to-client
I'm not sure what some of these settings do and whether any are redundant, but it ain't broke!
I'm hoping someone can help. I'm trying to do a ethernet bridging vpn AND route all the internet traffic over the vpn. I've gotten the vpn up and running with a bridge configuration but it won't send all the traffic through the vpn. I tried to make the changes sos referenced above but can't seem to get it right. It seems to be either bridge no all routing or all routing no bridge.
Joined: 16 Jun 2010 Posts: 8 Location: Cleveland, Ohio, USA
Posted: Fri Jun 25, 2010 17:13 Post subject: ca.crt not saving?
Is anyone having trouble getting their ca.crt to save? Using the webgui on a linksys wrt610n v1 running DD-WRT v24-sp2 (06/12/10) vpn - build 14594, I fill in all the boxes in the OpenVPN Daemon box and when i click save/apply settings, I get the applying settings loading box for a few seconds and when it reloads the ca.crt box is empty. I SSHed into the router and looked in the /tmp/openvpn folder and it returned: "cert.pem key.pem route-down.sh
dh.pem openvpn.conf route-up.sh". Any ideas? Should I just write the ca.crt file with a startup script or is there something I'm just missing?
Posted: Thu Aug 19, 2010 19:27 Post subject: ca.crt not saving?
I have been running OpenVPN on DD-WRT v24-sp2 (05/08/09) mega - build 12058 for more than a year, and recently had this problem when making a config change on the DHCP server, a seemingly unrelated change that should not have effected the VPN.
What I had to do to restore the VPN configuration and get the ca.crt to save:
- cleared all the configuration settings at the GUI
- disabled the VPN at the GUI
- saved, applied, power-off reboot, reset
- enable the VPN server at the GUI
- re-apply all the configuration settings including ca.crt
Posted: Thu Oct 28, 2010 22:08 Post subject: VPN still running great
So I have been running my VPN a year next month using both Ubuntu and windows. If anyone needs basic help setting it up PM me, I'm willing to jump on GTalk and help you through it.
The only concerns I have are these two errors. I searched google and I can't find what I'm looking for. Should I be concerned about these warnings? Can I make the go away?
W WARNING: file '/tmp/openvpn/key.pem' is group or others accessible
W WARNING: file '/tmp/openvpn/ta.key' is group or others accessible
And one last thing; My ca.crt in my router mysteriously disappeared again. I swear its cause I'm running out of memory. I tried putting the cert back but every time I saved the settings, the cert wouldn't stick. So I cleaned out old static IP address, cleaned up wireless MAC IP filters, removed old port forwarding rules, and the cert saved.
I'm still working on the VPN between two routers (but not very hard). I never have gotten it to stay up for more then 24 hours... _________________ WRT54G v3
WRT300N v1
Running DD-WRT v24-sp2 (11/21/10) std - build 15778 myself on a Dlink DIR-825 and trying to get things working using the "new Style" option any guide for that, it seems everything fails.
I'm not familiar with OpenVPN on DD-WRT so any help would be appreciated.
Posted: Tue Nov 30, 2010 1:34 Post subject: Re: VPN still running great
McKayCR wrote:
So I have been running my VPN a year next month using both Ubuntu and windows. If anyone needs basic help setting it up PM me, I'm willing to jump on GTalk and help you through it.
The only concerns I have are these two errors. I searched google and I can't find what I'm looking for. Should I be concerned about these warnings? Can I make the go away?
W WARNING: file '/tmp/openvpn/key.pem' is group or others accessible
W WARNING: file '/tmp/openvpn/ta.key' is group or others accessible
These warnings are due to permissions on the key.pem and ta.key files. For security reasons, you don't want anyone but the effective OpenVPN process' user account/group (root/root, or ones you create specifically for this purpose) to be able to access these. These can be safely ignored from a functionality perspective, but as a matter of good practice you should write a script that includes the following:
The above will set "read/write/no execute" access for the owner ("600"), and "no access whatsoever" for group members ("600") or anyone else ("600"). This will prevent additional warnings from hitting your logs.
I can't help with your other question because my OpenVPN config is done purely from the CLI, not the DD-WRT GUI.[/u]