Can't get OpenVPN server to work...

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 18:56    Post subject: Can't get OpenVPN server to work... Reply with quote
Hi guys,

Might be my first post here, but been lurking on this forum for a while now.
I have a WRT3200ACM here. First, I had the VPN setup throughout the Linksys firmware, which was pretty easy, a few buttons and you were done.

Now, however, on 34777, things are different.
I'm using the knowlegde of this document, shared here:
https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312064&highlight

Which helps me a lot. But still, it doesn't seem to work, that's why I've added the client log here too.

I have a modem, which has the IP of 192.168.2.254. My WRT is connected on it, LAN wise, with 192.168.2.1. The router has it's own subnet of 192.168.1.0, where the router is 192.168.1.1

Still, with in my opinion, proper settings, reading through the guide, it doesn't seem to work at all. I've tried it on 1194 and 443, same results. Keep getting TLS errors, I've searched for that, but can't get a straight answer out of that.

Are there certain settings that have to be made when having a modem in front of it? Am I missing something else?

Maybe somebody has the golden nugget.. I keep searching and trying..

Regards,

Jacco
Sponsor
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 19:15    Post subject: Reply with quote
Hi eibgrad,

For me, it's a clear story. Most of it, until it was not working..

So you're saying over there, the only thing to do is to add the NAT rule in the firwall, and push the local network in the Add Config?
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 19:38    Post subject: Reply with quote
This is what the OpenVPN log on the router is saying.
Seems to me, the server does see the host, but can't succeed.
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 19:57    Post subject: Reply with quote
Exactly. The RSA part is 'easy', hard to go south with that.

Just start with the basics. Not going to deep at first.
So to list it, the basic things I need are:

iptables -t nat -A POSTROUTING -j MASQUERADE
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"


Having too many firewall rules and Additional Configs will make it a lot harder, and more difficult. I agree in that.

Ah okay. Thought, might be usefull to add them anyway.. Only thing what triggers me is the TLS line, the fact the server is seeing the hosts WAN IP, and that it keeps restarting..
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 20:17    Post subject: Reply with quote
That's a clear story to me. And makes much more sense, since you only want the VPN to pass through, not all the other.. That's a good one.

Still, can't get it to work.. I don't see what I'm missing. Port on the first router has been forwarded as well..
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Tue Feb 20, 2018 21:04    Post subject: Reply with quote
As far as I can see, when I look at the OpenVPN status tab in the Web Gui, There is a client, which has the laptop's WAN address. It's only sending, not receiving.


Client Remote IP:Port Bytes Received Bytes Sent Connected Since
UNDEF 62.72.193.60:17113 0 70 160


I cannot change the firewall on the ISP's router, since it's fixed.

What should be blocking it, when I've opened the ports on both routers?

I'm gonna start chewing my shoe Smile
jaccovdzaag
DD-WRT Novice


Joined: 08 Jul 2017
Posts: 7

PostPosted: Wed Feb 21, 2018 13:23    Post subject: Reply with quote
I don't have that file, I only have nf_conntrack files.

I have tested it from the PC (where I made the keys and certs) and changed the WAN IP to the 192.168.1.1 and 192.168.2.1 IP's, and that worked both times.

So, to me it looks like the certs and stuff are okay, right? Otherwise, that wouldn't work either... But when I change the IP to my real WAN, then I get those TLS errors again..
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12835
Location: Netherlands

PostPosted: Wed Feb 21, 2018 17:53    Post subject: Reply with quote
The guide you were referring to has a couple of "weak points"
Most important are the missing parts in the client config:
Code:
ca ca.crt
cert client1.crt
key client1.key


Attached my notes maybe they are helpfull

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum