openvpn.conf being overwritten / ignored?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
justDIY
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 15
PostPosted: Thu Nov 23, 2006 17:05    Post subject: openvpn.conf being overwritten / ignored? Reply with quote
I'm trying to get openvpn client going ... the remote server requires

cipher DES-EDE-CBC

so I followed the wiki in regards to a custom configuration file ... I copy and pasted the example, changed things to be correct, and hit save startup

the router reboots, openvpn connects, but fails to open a tunnel ... cipher failed

checking /tmp/openvpn/openvpn.conf, I see the default configuration file, not the one echo'd by the startup script

Code:
echo "client
proto udp
dev tun
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/client.crt
key /tmp/openvpn/client.key
remote xxxxxxxxxxxxx.net 1194
cipher DES-EDE-CBC
comp-lzo
verb 3
mute 20
keepalive 10 120
persist-key
persist-tun
resolv-retry infinite
nobind" > /tmp/openvpn/openvpn.conf


to make sure the startup script is actually being run, I put a touch /tmp/openvpn/hello.world as the first line ... reboot ... sure enough hello.world is there!

so there must be something wrong with my ECHO or openvpn.conf is being overwritten after the startup script?

any ideas?
Back to top View user's profile Send private message Visit poster's website
Sponsor
justDIY
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 15
PostPosted: Fri Dec 01, 2006 16:47    Post subject: Reply with quote
any ideas anyone?
Back to top View user's profile Send private message Visit poster's website
Blackraven
DD-WRT User


Joined: 10 Jul 2006
Posts: 402
Location: NL
PostPosted: Fri Dec 01, 2006 16:59    Post subject: Reply with quote
cipher DES-EDE3-CBC -> Triple-DES

so it looks like you forgot to key in a '3' ?
_________________
EA6900 DD-WRT v3.0-r48305 std
EA6900 FreshTomato 2022.1
DIR825 B1 DD-WRT v3.0-r30949 std
retired:
WRT54GL v1.1 DD-WRT v24-SP2 vpn - build 10550
WRT610N v1 DD-WRT v24-preSP2 - build 14929 mega
Back to top View user's profile Send private message
justDIY
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 15
PostPosted: Fri Dec 01, 2006 19:35    Post subject: Reply with quote
the contents of the file aren't at issue, please read the original post:

for whatever reason, the firmware is over-writing the config file after the start-up script runs.

just for your peace of mind, the contents of configuration file is correct as I use the exact same on my desktop.
Back to top View user's profile Send private message Visit poster's website
drlava
DD-WRT Novice


Joined: 28 Nov 2006
Posts: 25
PostPosted: Fri Dec 01, 2006 20:30    Post subject: Reply with quote
as far as I know, the only writeable portion of the filesystem would be the jffs forlder with jffs2 running (or an smb mounted folder). Everything else is loaded from the ROM at bootup. If you saved your script to that and called lled it/configured openVPN to run it via a nvram setting, that would work. V24 will have a writeable file system but that's a ways off.
Back to top View user's profile Send private message
Blackraven
DD-WRT User


Joined: 10 Jul 2006
Posts: 402
Location: NL
PostPosted: Fri Dec 01, 2006 20:48    Post subject: Reply with quote
sorry, the cipher failed pushed me in the wrong direction.
I tried to recreate your problem, seems that I was unable to write to the openvpn subdir, however I was able to write to /tmp directly, so if you would echo it there, it should work...
_________________
EA6900 DD-WRT v3.0-r48305 std
EA6900 FreshTomato 2022.1
DIR825 B1 DD-WRT v3.0-r30949 std
retired:
WRT54GL v1.1 DD-WRT v24-SP2 vpn - build 10550
WRT610N v1 DD-WRT v24-preSP2 - build 14929 mega
Back to top View user's profile Send private message
JohnnyPrimus
DD-WRT User


Joined: 26 Oct 2006
Posts: 369
PostPosted: Fri Dec 01, 2006 22:01    Post subject: Reply with quote
From openvpn.c (dd-wrt_v23 sp2 vpn):

#ifdef HAVE_OPENVPN
int
start_openvpn (void)
{
if (nvram_invmatch ("openvpn_enable", "1"))
return -1;
mkdir ("/tmp/openvpn", 0700);
FILE *fp = fopen ("/tmp/openvpn/openvpn.conf", "wb");
if (fp == NULL)
return -1;
fprintf (fp, "client\n");
fprintf (fp, "dev tun\n");
...
...
}


this from bcmnvram.h:
/*
* Inversely match an NVRAM variable.
* @param name name of variable to match
* @param match value to compare against value of variable
* @return TRUE if variable is defined and its value is not string
* equal to invmatch or FALSE otherwise
*/
...
nvram_invmatch(char *name, char *invmatch)




So if the openvpn_enable is set to anything at all besides "1", you'll overwrite your config....since thats the only place that openvpn.conf is written to, I'd assume that your openvpn_enable is not set to 1. Try:

nvram set openvpn_enable="1"
nvram commit
reboot


And check to see if it fixes things...
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum