DD-WRT :: View topic - Openvpn hmac failing

Openvpn hmac failing

DD-WRT Forum Index -> Advanced Networking

View previous topic :: View next topic

Author

Message

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 3:12 Post subject: Openvpn hmac failing

I'm having issues with getting OpenVpn server working on my e3200. I've tried several settings, scoured the forums, but this is as far as I've gotten. Am I missing something, it looks like they are talking but fail on TLS.

Thanks in advance for your help.

Server Settings:

Code:

OpenVPN Server/Daemon
OpenVPN: Enable
Start Type: System
Config as: Server
Server mode: Router (TUN)
Network 192.168.42.0/24
Port (Default: 1194)
Tunnel Protocol (Default: UDP)
Encryption Cipher: AES-256-CBC
Hash Algorithm: MD5
Advanced Options: Enable
TLS Cipher: AES-256 SHA
LZO Compression: Adaptive
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Enable
Tunnel MTU setting (Default: 1500)
Tunnel UDP Fragment Blank
Tunnel UDP MSS-Fix: Disable

CCD-Dir DEFAULT file
----Blank----
Client connect script
----Blank----
Static Key
----Blank----
PKCS12 Key
----Blank----
Public Server Cert
----Key----
CA Cert
----Key----
Private Server Key
----Key----
DH PEM
----Key----
Additional Config
----Blank----
TLS Auth Key
----Key----

Client Settings

Code:

client
dev tun
proto udp
port 1194
remote www.mywebsite.com 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA256
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

Client log:

Code:

nm-openvpn[6236]: WARNING: file '/home/excalibrax/.cert/nm-openvpn/ta.key' is group or others accessible
nm-openvpn[6236]: OpenVPN 2.4.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
nm-openvpn[6236]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08
nm-openvpn[6236]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
nm-openvpn[6236]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[6236]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1554)
nm-openvpn[6236]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.254.254.254:1194 (Fake IP address, changed to protect it)
nm-openvpn[6236]: UDP link local: (not bound)
nm-openvpn[6236]: UDP link remote: [AF_INET]67.254.254.254:1194 (Fake IP address, changed to protect it)
nm-openvpn[6236]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[6236]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
nm-openvpn[6236]: TLS Error: TLS handshake failed
nm-openvpn[6236]: SIGUSR1[soft,tls-error] received, process restarting
nm-openvpn-serv[6232]: Connect timer expired, disconnecting.
nm-openvpn[6236]: SIGTERM[hard,init_instance] received, process exiting

Server Log:

Code:

Serverlog 20180517 22:06:41 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180517 22:06:41 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20180517 22:06:41 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
20180517 22:06:41 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180517 22:06:42 Diffie-Hellman initialized with 2048 bit key
20180517 22:06:42 W WARNING: file '/tmp/openvpn/ta.key' is group or others accessible
20180517 22:06:42 I Control Channel Authentication: using '/tmp/openvpn/ta.key' as a OpenVPN static key file
20180517 22:06:42 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
20180517 22:06:42 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
20180517 22:06:42 Socket Buffers: R=[114688->131072] S=[114688->131072]
20180517 22:06:42 I TUN/TAP device tun2 opened
20180517 22:06:42 TUN/TAP TX queue length set to 100
20180517 22:06:42 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20180517 22:06:42 I /sbin/ifconfig tun2 192.168.24.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.24.255
20180517 22:06:42 I UDPv4 link local (bound): [undef]
20180517 22:06:42 I UDPv4 link remote: [undef]
20180517 22:06:42 MULTI: multi_init called r=256 v=256
20180517 22:06:42 IFCONFIG POOL: base=192.168.24.2 size=252 ipv6=0
20180517 22:06:42 I Initialization Sequence Completed
20180517 22:37:13 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 22:37:13 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.215.211:13787 Changed this IP to protect the innocent
20180517 22:37:15 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 22:37:15 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.215.211:13787 Changed this IP to protect the innocent
20180517 22:37:20 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 22:37:20 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.215.211:13787 Changed this IP to protect the innocent
20180517 22:37:28 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 22:37:28 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.215.211:13787 Changed this IP to protect the innocent
20180517 22:37:44 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 22:37:44 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.215.211:13787 Changed this IP to protect the innocent
20180517 22:42:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 22:42:00 D MANAGEMENT: CMD 'state'
20180517 22:42:00 MANAGEMENT: Client disconnected
20180517 22:42:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 22:42:00 D MANAGEMENT: CMD 'state'
20180517 22:42:00 MANAGEMENT: Client disconnected
20180517 22:42:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 22:42:00 D MANAGEMENT: CMD 'state'
20180517 22:42:00 MANAGEMENT: Client disconnected
20180517 22:42:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 22:42:00 D MANAGEMENT: CMD 'status 2'
20180517 22:42:00 MANAGEMENT: Client disconnected
20180517 22:42:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 22:42:00 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Sponsor

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 4:08 Post subject:

So I changed the server config to use SHA256 to match the client. Then noticed that the TSL cipher was mismatched and changed server to AES 256 sha and client HMAC from Sha-512 to Sha-256, and got a new eror

Client Log after server change from md5 to sha

Code:

roci.lcl nm-openvpn[15616]: WARNING: file '/home/excalibrax/.cert/nm-openvpn/ta.key' is group or others accessible
roci.lcl nm-openvpn[15616]: OpenVPN 2.4.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
roci.lcl nm-openvpn[15616]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08
roci.lcl nm-openvpn[15616]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
roci.lcl nm-openvpn[15616]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
roci.lcl nm-openvpn[15616]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1554)
roci.lcl nm-openvpn[15616]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.254.254.254:1194
roci.lcl nm-openvpn[15616]: UDP link local: (not bound)
roci.lcl nm-openvpn[15616]: UDP link remote: [AF_INET]67.254.254.254:1194
roci.lcl nm-openvpn[15616]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
roci.lcl nm-openvpn[15616]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
roci.lcl nm-openvpn[15616]: TLS Error: TLS handshake failed
roci.lcl nm-openvpn[15616]: SIGUSR1[soft,tls-error] received, process restarting
roci.lcl nm-openvpn-serv[15612]: Connect timer expired, disconnecting.
roci.lcl nm-openvpn[15616]: SIGTERM[hard,init_instance] received, process exiting
roci.lcl nm-openvpn-serv[15612]: ((libnm/nm-vpn-service-plugin.c:199)): assertion '<dropped>' failed
roci.lcl nm-openvpn-serv[15612]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

Client log after client change tls cipher:

Code:

roci.lcl nm-openvpn[16578]: WARNING: file '/home/excalibrax/.cert/nm-openvpn/ta.key' is group or others accessible
roci.lcl nm-openvpn[16578]: OpenVPN 2.4.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
roci.lcl nm-openvpn[16578]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08
roci.lcl nm-openvpn[16578]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
roci.lcl nm-openvpn[16578]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
roci.lcl nm-openvpn[16578]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1554)
roci.lcl nm-openvpn[16578]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.254.254.254:1194
roci.lcl nm-openvpn[16578]: UDP link local: (not bound)
roci.lcl nm-openvpn[16578]: UDP link remote: [AF_INET]67.254.254.254:1194
roci.lcl nm-openvpn[16578]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
roci.lcl nm-openvpn[16578]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
roci.lcl nm-openvpn[16578]: TLS Error: TLS handshake failed
roci.lcl nm-openvpn[16578]: SIGUSR1[soft,tls-error] received, process restarting
roci.lcl nm-openvpn-serv[16575]: Connect timer expired, disconnecting.
roci.lcl nm-openvpn[16578]: SIGTERM[hard,init_instance] received, process exiting

Server Log:

Code:

Serverlog 20180517 23:50:26 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180517 23:50:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20180517 23:50:26 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
20180517 23:50:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180517 23:50:27 Diffie-Hellman initialized with 2048 bit key
20180517 23:50:27 W WARNING: file '/tmp/openvpn/ta.key' is group or others accessible
20180517 23:50:27 I Control Channel Authentication: using '/tmp/openvpn/ta.key' as a OpenVPN static key file
20180517 23:50:27 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20180517 23:50:27 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20180517 23:50:27 Socket Buffers: R=[114688->131072] S=[114688->131072]
20180517 23:50:27 I TUN/TAP device tun2 opened
20180517 23:50:27 TUN/TAP TX queue length set to 100
20180517 23:50:27 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20180517 23:50:27 I /sbin/ifconfig tun2 192.168.42.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.42.255
20180517 23:50:27 I UDPv4 link local (bound): [undef]
20180517 23:50:27 I UDPv4 link remote: [undef]
20180517 23:50:27 MULTI: multi_init called r=256 v=256
20180517 23:50:27 IFCONFIG POOL: base=192.168.42.2 size=252 ipv6=0
20180517 23:50:27 I Initialization Sequence Completed
20180517 23:50:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:50:36 D MANAGEMENT: CMD 'state'
20180517 23:50:36 MANAGEMENT: Client disconnected
20180517 23:50:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:50:36 D MANAGEMENT: CMD 'state'
20180517 23:50:36 MANAGEMENT: Client disconnected
20180517 23:50:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:50:36 D MANAGEMENT: CMD 'state'
20180517 23:50:36 MANAGEMENT: Client disconnected
20180517 23:50:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:50:36 D MANAGEMENT: CMD 'status 2'
20180517 23:50:36 MANAGEMENT: Client disconnected
20180517 23:50:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:50:36 D MANAGEMENT: CMD 'log 500'
20180517 23:50:36 MANAGEMENT: Client disconnected
20180517 23:51:04 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 23:51:04 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.254.254:13789
20180517 23:51:07 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 23:51:07 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.254.254:13789
20180517 23:51:12 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 23:51:12 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.254.254:13789
20180517 23:51:20 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 23:51:20 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.254.254:13789
20180517 23:51:36 N Authenticate/Decrypt packet error: packet HMAC authentication failed
20180517 23:51:36 N TLS Error: incoming packet authentication failed from [AF_INET]174.254.254.254:13789
20180517 23:54:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:54:43 D MANAGEMENT: CMD 'state'
20180517 23:54:43 MANAGEMENT: Client disconnected
20180517 23:54:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:54:43 D MANAGEMENT: CMD 'state'
20180517 23:54:43 MANAGEMENT: Client disconnected
20180517 23:54:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:54:43 D MANAGEMENT: CMD 'state'
20180517 23:54:43 MANAGEMENT: Client disconnected
20180517 23:54:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:54:43 D MANAGEMENT: CMD 'status 2'
20180517 23:54:43 MANAGEMENT: Client disconnected
20180517 23:54:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180517 23:54:43 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
20180517 23:59:53 174.221.15.71:13778 TLS: Initial packet from [AF_INET]174.221.15.71:13778 sid=15a440dd 29feb903
20180517 23:59:53 N 174.221.15.71:13778 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:lib(20):func(138):reason(193)
20180517 23:59:53 N 174.221.15.71:13778 TLS Error: TLS object -> incoming plaintext read error
20180517 23:59:53 N 174.221.15.71:13778 TLS Error: TLS handshake failed
20180517 23:59:53 174.221.15.71:13778 SIGUSR1[soft tls-error] received client-instance restarting
20180518 00:02:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:02:25 D MANAGEMENT: CMD 'state'
20180518 00:02:25 MANAGEMENT: Client disconnected
20180518 00:02:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:02:25 D MANAGEMENT: CMD 'state'
20180518 00:02:25 MANAGEMENT: Client disconnected
20180518 00:02:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:02:25 D MANAGEMENT: CMD 'state'
20180518 00:02:25 MANAGEMENT: Client disconnected
20180518 00:02:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:02:26 D MANAGEMENT: CMD 'status 2'
20180518 00:02:26 MANAGEMENT: Client disconnected
20180518 00:02:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:02:26 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 4:28 Post subject:

Thanks! I am one step further!

Well I'm connected now, recieve ip address of 192.168.42.2, but cannot ping inside the network. Router is .1

I'm showing a client a VPN client on the router, I haven't tried to ping from a client inside yet as I've just been unplugging a netjack in on a laptop to test.

End goal is to get full access to the 42 network to access a homelab on the road.

Client changes
Turn TLS to None

Client Log no TLS:

Code:

roci.lcl nm-openvpn[17956]: OpenVPN 2.4.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
roci.lcl nm-openvpn[17956]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08
roci.lcl nm-openvpn[17956]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
roci.lcl nm-openvpn[17956]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
roci.lcl nm-openvpn[17956]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1554)
roci.lcl nm-openvpn[17956]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.254.254.254:1194 ## IP CHANGED ###
roci.lcl nm-openvpn[17956]: UDP link local: (not bound)
roci.lcl nm-openvpn[17956]: UDP link remote: [AF_INET]67.254.254.254:1194 ## IP CHANGED ###
roci.lcl nm-openvpn[17956]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
roci.lcl nm-openvpn[17956]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1624', remote='link-mtu 1570'
roci.lcl nm-openvpn[17956]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1554', remote='tun-mtu 1500'
roci.lcl nm-openvpn[17956]: [server] Peer Connection Initiated with [AF_INET]67.254.254.254:1194 ## IP CHANGED ###
roci.lcl nm-openvpn[17956]: TUN/TAP device tun0 opened
roci.lcl nm-openvpn[17956]: /usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 17953 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_22 --tun -- tun0 1554 1624 192.168.42.2 255.255.255.0 init
roci.lcl nm-openvpn[17956]: GID set to nm-openvpn
roci.lcl nm-openvpn[17956]: UID set to nm-openvpn
roci.lcl nm-openvpn[17956]: Initialization Sequence Completed

Server changes:
Delete TLS key
TLS Cipher: none

Severlog No TLS:

Code:

Serverlog 20180518 00:14:29 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180518 00:14:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20180518 00:14:29 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
20180518 00:14:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180518 00:14:30 Diffie-Hellman initialized with 2048 bit key
20180518 00:14:30 Socket Buffers: R=[114688->131072] S=[114688->131072]
20180518 00:14:30 I TUN/TAP device tun2 opened
20180518 00:14:30 TUN/TAP TX queue length set to 100
20180518 00:14:30 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20180518 00:14:30 I /sbin/ifconfig tun2 192.168.42.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.42.255
20180518 00:14:30 I UDPv4 link local (bound): [undef]
20180518 00:14:30 I UDPv4 link remote: [undef]
20180518 00:14:30 MULTI: multi_init called r=256 v=256
20180518 00:14:30 IFCONFIG POOL: base=192.168.42.2 size=252 ipv6=0
20180518 00:14:30 I Initialization Sequence Completed
20180518 00:14:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:14:30 D MANAGEMENT: CMD 'state'
20180518 00:14:30 MANAGEMENT: Client disconnected
20180518 00:14:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:14:30 D MANAGEMENT: CMD 'state'
20180518 00:14:30 MANAGEMENT: Client disconnected
20180518 00:14:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:14:30 D MANAGEMENT: CMD 'state'
20180518 00:14:30 MANAGEMENT: Client disconnected
20180518 00:14:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:14:31 D MANAGEMENT: CMD 'status 2'
20180518 00:14:31 MANAGEMENT: Client disconnected
20180518 00:14:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:14:31 D MANAGEMENT: CMD 'log 500'
20180518 00:14:31 MANAGEMENT: Client disconnected
20180518 00:14:47 174.254.254.71:13778 TLS: Initial packet from [AF_INET]174.254.254.71:13778 sid=498a6434 9deb3c5f
20180518 00:14:48 174.254.254.71:13778 VERIFY OK: depth=1 CN=server
20180518 00:14:48 174.254.254.71:13778 VERIFY OK: depth=0 CN=client1
20180518 00:14:49 W 174.254.254.71:13778 WARNING: 'link-mtu' is used inconsistently local='link-mtu 1570' remote='link-mtu 1624'
20180518 00:14:49 W 174.254.254.71:13778 WARNING: 'tun-mtu' is used inconsistently local='tun-mtu 1500' remote='tun-mtu 1554'
20180518 00:14:49 174.254.254.71:13778 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20180518 00:14:49 174.254.254.71:13778 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20180518 00:14:49 174.254.254.71:13778 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20180518 00:14:49 174.254.254.71:13778 NOTE: --mute triggered...
20180518 00:14:49 174.254.254.71:13778 2 variation(s) on previous 3 message(s) suppressed by --mute
20180518 00:14:49 I 174.254.254.71:13778 [client1] Peer Connection Initiated with [AF_INET]174.254.254.71:13778
20180518 00:14:49 I client1/174.254.254.71:13778 MULTI_sva: pool returned IPv4=192.168.42.2 IPv6=(Not enabled)
20180518 00:14:49 client1/174.254.254.71:13778 MULTI: Learn: 192.168.42.2 -> client1/174.254.254.71:13778
20180518 00:14:49 client1/174.254.254.71:13778 MULTI: primary virtual IP for client1/174.254.254.71:13778: 192.168.42.2
20180518 00:14:50 client1/174.254.254.71:13778 PUSH: Received control message: 'PUSH_REQUEST'
20180518 00:14:50 I client1/174.254.254.71:13778 send_push_reply(): safe_cap=940
20180518 00:14:50 client1/174.254.254.71:13778 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 192.168.42.1 topology subnet ping 10 ping-restart 120 ifconfig 192.168.42.2 255.255.255.0' (status=1)
20180518 00:16:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:16:03 D MANAGEMENT: CMD 'state'
20180518 00:16:03 MANAGEMENT: Client disconnected
20180518 00:16:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:16:03 D MANAGEMENT: CMD 'state'
20180518 00:16:03 MANAGEMENT: Client disconnected
20180518 00:16:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:16:03 D MANAGEMENT: CMD 'state'
20180518 00:16:03 MANAGEMENT: Client disconnected
20180518 00:16:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:16:03 D MANAGEMENT: CMD 'status 2'
20180518 00:16:03 MANAGEMENT: Client disconnected
20180518 00:16:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:16:03 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 4:52 Post subject:

I did not, I assumed if I made them all the same network it would just work, so the 192.168.42.0/24 is the LAN, the WAN.
Was looking at the routing table and found this:

Code:

Destination LAN NET Subnet Mask Gateway Flags Metric Interface
192.168.42.0 255.255.255.0 0.0.0.0 U 0 LAN & WLAN
192.168.42.0 255.255.255.0 0.0.0.0 U 0 tun2
67.184.72.0 255.255.248.0 0.0.0.0 U 0 WAN
169.254.0.0 255.255.0.0 0.0.0.0 U 0 LAN & WLAN
0.0.0.0 0.0.0.0 67.254.254.1 UG 0 WAN

Which Looks wrong as no gateway anywhere?

Also this is the push in the server log,

Code:

SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 192.168.42.1 topology subnet ping 10 ping-restart 120 ifconfig 192.168.42.2 255.255.255.0' (status=1)

Should I have the TUN(openvpn) on a seperate network, and just push the 192.168.42.0 network then?

I get networking but that table looks bonkers to me, if I had the wireless hardware I'd just use a pfsense router as I've done all this there 2 years ago, but like having wifi.

Last edited by Wilken on Fri May 18, 2018 5:44; edited 1 time in total

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 5:11 Post subject:

I get you on the routing, was more hoping that if you set them the at least for the Tun/internal it would recognize it, but realize the folly there now with it being different interfaces.

So I've made the change on the Router to have a different network for the OpenVPN tun, and to push the route like you suggested. It fails near immediatly.

Routing Table:

Code:

192.168.42.0 255.255.255.0 0.0.0.0 U 0 LAN & WLAN
192.168.24.0 255.255.255.0 0.0.0.0 U 0 tun2
67.184.72.0 255.255.248.0 0.0.0.0 U 0 WAN
169.254.0.0 255.255.0.0 0.0.0.0 U 0 LAN & WLAN
0.0.0.0 0.0.0.0 67.254.254.1 UG 0 WAN

Client Log changed IP of TUN on Server:

Code:

May 17 23:59:37 roci.lcl nm-openvpn[21187]: OpenVPN 2.4.5 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018
May 17 23:59:37 roci.lcl nm-openvpn[21187]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08
May 17 23:59:37 roci.lcl nm-openvpn[21187]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 17 23:59:37 roci.lcl nm-openvpn[21187]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 17 23:59:37 roci.lcl nm-openvpn[21187]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.254.254.254:1194
May 17 23:59:37 roci.lcl nm-openvpn[21187]: UDP link local: (not bound)
May 17 23:59:37 roci.lcl nm-openvpn[21187]: UDP link remote: [AF_INET]67.254.254.254:1194
May 17 23:59:37 roci.lcl nm-openvpn[21187]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 17 23:59:39 roci.lcl nm-openvpn[21187]: [server] Peer Connection Initiated with [AF_INET]67.254.254.254:1194
May 17 23:59:40 roci.lcl nm-openvpn[21187]: TUN/TAP device tun0 opened
May 17 23:59:40 roci.lcl nm-openvpn[21187]: /usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 21184 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_29 --tun -- tun0 1500 1570 192.168.24.3 255.255.255.0 init
May 17 23:59:40 roci.lcl nm-openvpn[21187]: GID set to nm-openvpn
May 17 23:59:40 roci.lcl nm-openvpn[21187]: UID set to nm-openvpn
May 17 23:59:40 roci.lcl nm-openvpn[21187]: Initialization Sequence Completed
May 17 23:59:40 roci.lcl nm-openvpn[21187]: event_wait : Interrupted system call (code=4)
May 17 23:59:41 roci.lcl nm-openvpn[21187]: SIGTERM[hard,] received, process exiting

Server changes
Changed network to 192.168.24.0/24
added additional config:
push "route 192.168.42.0 255.255.255.0"

Server Log changed IP of TUN on Server:

Code:

Serverlog 20180518 00:57:02 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180518 00:57:02 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20180518 00:57:02 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
20180518 00:57:02 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180518 00:57:03 Diffie-Hellman initialized with 2048 bit key
20180518 00:57:03 Socket Buffers: R=[114688->131072] S=[114688->131072]
20180518 00:57:03 I TUN/TAP device tun2 opened
20180518 00:57:03 TUN/TAP TX queue length set to 100
20180518 00:57:03 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20180518 00:57:03 I /sbin/ifconfig tun2 192.168.24.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.24.255
20180518 00:57:03 I UDPv4 link local (bound): [undef]
20180518 00:57:03 I UDPv4 link remote: [undef]
20180518 00:57:03 MULTI: multi_init called r=256 v=256
20180518 00:57:03 IFCONFIG POOL: base=192.168.24.2 size=252 ipv6=0
20180518 00:57:03 I Initialization Sequence Completed
20180518 00:57:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:57:16 D MANAGEMENT: CMD 'state'
20180518 00:57:16 MANAGEMENT: Client disconnected
20180518 00:57:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:57:16 D MANAGEMENT: CMD 'state'
20180518 00:57:16 MANAGEMENT: Client disconnected
20180518 00:57:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:57:16 D MANAGEMENT: CMD 'state'
20180518 00:57:16 MANAGEMENT: Client disconnected
20180518 00:57:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:57:16 D MANAGEMENT: CMD 'status 2'
20180518 00:57:16 MANAGEMENT: Client disconnected
20180518 00:57:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 00:57:16 D MANAGEMENT: CMD 'log 500'
20180518 00:57:16 MANAGEMENT: Client disconnected
20180518 00:58:25 174.254.254.71:13778 TLS: Initial packet from [AF_INET]174.254.254.71:13778 sid=825f6b19 0d184556
20180518 00:58:27 174.254.254.71:13778 VERIFY OK: depth=1 CN=server
20180518 00:58:27 174.254.254.71:13778 VERIFY OK: depth=0 CN=client1
20180518 00:58:28 W 174.254.254.71:13778 WARNING: 'link-mtu' is used inconsistently local='link-mtu 1570' remote='link-mtu 1624'
20180518 00:58:28 W 174.254.254.71:13778 WARNING: 'tun-mtu' is used inconsistently local='tun-mtu 1500' remote='tun-mtu 1554'
20180518 00:58:28 174.254.254.71:13778 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20180518 00:58:28 174.254.254.71:13778 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20180518 00:58:28 174.254.254.71:13778 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20180518 00:58:28 174.254.254.71:13778 NOTE: --mute triggered...
20180518 00:58:28 174.254.254.71:13778 2 variation(s) on previous 3 message(s) suppressed by --mute
20180518 00:58:28 I 174.254.254.71:13778 [client1] Peer Connection Initiated with [AF_INET]174.254.254.71:13778
20180518 00:58:28 I client1/174.254.254.71:13778 MULTI_sva: pool returned IPv4=192.168.24.2 IPv6=(Not enabled)
20180518 00:58:28 client1/174.254.254.71:13778 MULTI: Learn: 192.168.24.2 -> client1/174.254.254.71:13778
20180518 00:58:28 client1/174.254.254.71:13778 MULTI: primary virtual IP for client1/174.254.254.71:13778: 192.168.24.2
20180518 00:58:29 client1/174.254.254.71:13778 PUSH: Received control message: 'PUSH_REQUEST'
20180518 00:58:29 I client1/174.254.254.71:13778 send_push_reply(): safe_cap=940
20180518 00:58:29 client1/174.254.254.71:13778 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route 192.168.42.0 255.255.255.0 route-gateway 192.168.24.1 topology subnet ping 10 ping-restart 120 ifconfig 192.168.24.2 255.255.255.0' (status=1)
20180518 00:59:33 174.221.15.71:13781 TLS: Initial packet from [AF_INET]174.221.15.71:13781 sid=91061d55 1f023fa4
20180518 00:59:34 174.221.15.71:13781 VERIFY OK: depth=1 CN=server
20180518 00:59:34 174.221.15.71:13781 VERIFY OK: depth=0 CN=client1
20180518 00:59:35 174.221.15.71:13781 NOTE: --mute triggered...
20180518 00:59:35 174.221.15.71:13781 5 variation(s) on previous 3 message(s) suppressed by --mute
20180518 00:59:35 I 174.221.15.71:13781 [client1] Peer Connection Initiated with [AF_INET]174.221.15.71:13781
20180518 00:59:35 I client1/174.221.15.71:13781 MULTI_sva: pool returned IPv4=192.168.24.3 IPv6=(Not enabled)
20180518 00:59:35 client1/174.221.15.71:13781 MULTI: Learn: 192.168.24.3 -> client1/174.221.15.71:13781
20180518 00:59:35 client1/174.221.15.71:13781 MULTI: primary virtual IP for client1/174.221.15.71:13781: 192.168.24.3
20180518 00:59:37 client1/174.221.15.71:13781 PUSH: Received control message: 'PUSH_REQUEST'
20180518 00:59:37 I client1/174.221.15.71:13781 send_push_reply(): safe_cap=940
20180518 00:59:37 client1/174.221.15.71:13781 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route 192.168.42.0 255.255.255.0 route-gateway 192.168.24.1 topology subnet ping 10 ping-restart 120 ifconfig 192.168.24.3 255.255.255.0' (status=1)
20180518 01:01:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:01:35 D MANAGEMENT: CMD 'state'
20180518 01:01:35 MANAGEMENT: Client disconnected
20180518 01:01:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:01:35 D MANAGEMENT: CMD 'state'
20180518 01:01:35 MANAGEMENT: Client disconnected
20180518 01:01:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:01:35 D MANAGEMENT: CMD 'state'
20180518 01:01:35 MANAGEMENT: Client disconnected
20180518 01:01:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:01:35 D MANAGEMENT: CMD 'status 2'
20180518 01:01:35 MANAGEMENT: Client disconnected
20180518 01:01:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:01:35 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Server log without the push

Code:

Serverlog 20180518 01:06:46 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180518 01:06:46 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20180518 01:06:46 W WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
20180518 01:06:46 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180518 01:06:47 Diffie-Hellman initialized with 2048 bit key
20180518 01:06:47 Socket Buffers: R=[114688->131072] S=[114688->131072]
20180518 01:06:47 I TUN/TAP device tun2 opened
20180518 01:06:47 TUN/TAP TX queue length set to 100
20180518 01:06:47 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20180518 01:06:47 I /sbin/ifconfig tun2 192.168.24.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.24.255
20180518 01:06:47 I UDPv4 link local (bound): [undef]
20180518 01:06:47 I UDPv4 link remote: [undef]
20180518 01:06:47 MULTI: multi_init called r=256 v=256
20180518 01:06:47 IFCONFIG POOL: base=192.168.24.2 size=252 ipv6=0
20180518 01:06:47 I Initialization Sequence Completed
20180518 01:06:50 174.221.15.71:13768 TLS: Initial packet from [AF_INET]174.221.15.71:13768 sid=3564ae07 571fdb48
20180518 01:06:52 174.221.15.71:13768 VERIFY OK: depth=1 CN=server
20180518 01:06:52 174.221.15.71:13768 VERIFY OK: depth=0 CN=client1
20180518 01:06:53 174.221.15.71:13768 NOTE: --mute triggered...
20180518 01:06:53 174.221.15.71:13768 5 variation(s) on previous 3 message(s) suppressed by --mute
20180518 01:06:53 I 174.221.15.71:13768 [client1] Peer Connection Initiated with [AF_INET]174.221.15.71:13768
20180518 01:06:53 I client1/174.221.15.71:13768 MULTI_sva: pool returned IPv4=192.168.24.2 IPv6=(Not enabled)
20180518 01:06:53 client1/174.221.15.71:13768 MULTI: Learn: 192.168.24.2 -> client1/174.221.15.71:13768
20180518 01:06:53 client1/174.221.15.71:13768 MULTI: primary virtual IP for client1/174.221.15.71:13768: 192.168.24.2
20180518 01:06:55 client1/174.221.15.71:13768 PUSH: Received control message: 'PUSH_REQUEST'
20180518 01:06:55 I client1/174.221.15.71:13768 send_push_reply(): safe_cap=940
20180518 01:06:55 client1/174.221.15.71:13768 SENT CONTROL [client1]: 'PUSH_REPLY redirect-gateway def1 route-gateway 192.168.24.1 topology subnet ping 10 ping-restart 120 ifconfig 192.168.24.2 255.255.255.0' (status=1)
20180518 01:09:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:09:43 D MANAGEMENT: CMD 'state'
20180518 01:09:43 MANAGEMENT: Client disconnected
20180518 01:09:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:09:43 D MANAGEMENT: CMD 'state'
20180518 01:09:43 MANAGEMENT: Client disconnected
20180518 01:09:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:09:43 D MANAGEMENT: CMD 'state'
20180518 01:09:43 MANAGEMENT: Client disconnected
20180518 01:09:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:09:43 D MANAGEMENT: CMD 'status 2'
20180518 01:09:43 MANAGEMENT: Client disconnected
20180518 01:09:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20180518 01:09:43 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 5:40 Post subject:

So new weird error.
I restarted both the client and the router, just because turn it off and on again. I am using Fedora network manager for the VPN connection.

This is with the push additionally added and new network.

So client says

Code:

nm-openvpn[7108]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7108]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
nm-openvpn[7108]: TLS Error: TLS handshake failed
nm-openvpn[7108]: SIGUSR1[soft,tls-error] received, process restarting
nm-openvpn-serv[7105]: Connect timer expired, disconnecting.
nm-openvpn[7108]: SIGTERM[hard,init_instance] received, process exiting

And server says, and tried 3x connect

Code:

19700101 00:04:04 N 174.221.15.71:13775 VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=server
19700101 00:04:04 N 174.221.15.71:13775 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
19700101 00:04:04 N 174.221.15.71:13775 TLS Error: TLS object -> incoming plaintext read error
19700101 00:04:04 174.221.15.71:13775 NOTE: --mute triggered...
19700101 00:04:04 174.221.15.71:13775 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:04:04 174.221.15.71:13775 SIGUSR1[soft tls-error] received client-instance restarting
19700101 00:05:56 174.254.254.71:13778TLS: Initial packet from [AF_INET]174.254.254.71:13778sid=e607de6a b3f1253e
19700101 00:05:58 N 174.254.254.71:13778VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=server
19700101 00:05:58 N 174.254.254.71:13778TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
19700101 00:05:58 N 174.254.254.71:13778TLS Error: TLS object -> incoming plaintext read error
19700101 00:05:58 174.254.254.71:13778NOTE: --mute triggered...
19700101 00:05:58 174.254.254.71:137781 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:05:58 174.254.254.71:13778SIGUSR1[soft tls-error] received client-instance restarting
19700101 00:07:47 174.221.15.71:13762 TLS: Initial packet from [AF_INET]174.221.15.71:13762 sid=74cc6a68 0215b879
19700101 00:07:48 N 174.221.15.71:13762 VERIFY ERROR: depth=1 error=certificate is not yet valid: CN=server
19700101 00:07:48 N 174.221.15.71:13762 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
19700101 00:07:48 N 174.221.15.71:13762 TLS Error: TLS object -> incoming plaintext read error
19700101 00:07:48 174.221.15.71:13762 NOTE: --mute triggered...
19700101 00:07:48 174.221.15.71:13762 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:07:48 174.221.15.71:13762 SIGUSR1[soft tls-error] received client-instance restarting

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 5:47 Post subject:
DOH, ok checking clock, If that doesn't fix it, I'm going to pick this back up tommorow. Time for Sleep!!, Thanks for all your help!

Wilken
DD-WRT Novice

Joined: 18 May 2018
Posts: 8

Posted: Fri May 18, 2018 5:53 Post subject:
Ok, Once I fixed the clock, IT WORKED!!!!!!! Also just for note for future reference for anyone, The additional config needed after the whole tls and Clock buggery was: push "route 192.168.42.0 255.255.255.0 192.168.24.1" push "route LAN Mask TUN-Gateway" I'm happy and can go on my business trip in peace next week. Thanks so much for your patience and help!

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

Openvpn hmac failing

Quick Links

Log in