Posted: Sat Apr 20, 2019 18:50 Post subject: Tap bridge setup Windows firewall
Thx for a nice guide
When using tap bridge setup remember to add OpenVPNGUI.exe on client to firewall.
I spend a lot of time trying to connect from LAN to client.
Client to VPN (Pc and router) was working fine.
Only thing you have to do , add firewall rule inn windows from client pc.
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Sat Apr 20, 2019 19:09 Post subject:
Ivar thanks for your comment, you will have firewall problems when using TAP setup.
One way to mitigate this is setting the profile on the TAP adapter, from the guide:
Quote:
The TAP Network Adapter will have a Public Network profile and thus will be firewalled.
Disable the firewall or set the TAP adapter on a private profile:
Run cmd as administrator and do:
powershell.exe -ExecutionPolicy Bypass
to get the name of the TAP adapter: Get-NetConnectionProfile
Set-NetConnectionProfile -Name "[Name of TAP adapter]" -NetworkCategory Private
The default name is Unidentified Network in that case use:
Set-NetConnectionProfile -Name "Unidentified Network" -NetworkCategory Private
Check with Get-NetConnectionProfile to see if the Network Adapter is changed from Public to Private
Posted: Sun Apr 21, 2019 10:24 Post subject: Firewall
Changing from Public to Private network did not help me. Inn W10 y can do this by right clicking network icon (bottom right corner). I then disabled firewall , everything worked. I think y should add to guide recommend disable windows firewall for troubleshoot.
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Mon Apr 22, 2019 6:51 Post subject:
Ok I can see where you possibly went wrong.
With right clicking on the adapter you can change the Connection Profile of the Ethernet or Wifi adapter, but you have to change the Connection Profile of the TAP adapter.
You have to use the powershell scripts I provided to do this.
thx for the guide, its very helpfull.
in my client.ovpn file i needed to add 'comp-lzo no'.
without that line i got error messages upon connecting
Code:
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
i checked the /tmp/openvpn/openvpn.conf on the router and that had the same line in it
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Thu May 02, 2019 7:39 Post subject:
Thanks for your comment and glad you got it working.
Because of the Voracle bug it is better to not use LZO compression.
You should leave it out on the client and set the server as Disabled for LZO-compression
According to your log the server is set as adaptive
From the guide (latest version):
Quote:
comp-lzo is removed be sure to disable it also in the OVPN server
Thanks for your comment and glad you got it working.
Because of the Voracle bug it is better to not use LZO compression.
You should leave it out on the client and set the server as Disabled for LZO-compression
According to your log the server is set as adaptive
From the guide (latest version):
Quote:
comp-lzo is removed be sure to disable it also in the OVPN server
thx, i had it set to 'no' before, but with disabled i also removed the line from my client ovpn file
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Mon May 27, 2019 11:58 Post subject:
griphook wrote:
Thanks for a awesome guide on this! I have a question. I don't have access to a windows machine only Linux. How can I use this guide using linux?
Actually it is not much different, windows (easy RSA 2) uses batch files to invoke openssl with its parameters and on linux you are actually doing the same although a batch file is called a script
Posted: Wed May 29, 2019 18:35 Post subject: OpenVPN problems/changes with recent dd-wrt builds
Router Model TP-Link ARCHER-C7 v4
Firmware Version DD-WRT v3.0-r39866 std (05/27/19)
Kernel Version Linux 3.18.140 #41832 Mon May 27 04:52:15 CEST 2019 mips
I had complete success setting up OpenVPN server on build r37305 (many thanks for the guide!!) but build problems prevented the wifi from working with any security.
Trying newer and most recent builds (38159 39866, plus others) I could get at least one (2.4) radio to work with some security, but OpenVPN tab is different. No VPN network info (address and subnet mask) or button for Advanced Options to set Redirect Default Gateway: Enable
Has something changed in the OpenVPN config, or are these loads just broke or not working with my router.
I did ask same question on the r39866 thread but thought you may be aware of the OpenVPN specific issue with these newer loads.
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Thu Jun 13, 2019 8:04 Post subject:
veekay wrote:
So I have things work great, but had a question. With OpenVPN is there a way to route only certain local traffic through versus all internet?
My ultimate goal is using this for remote desktop so ideally I'd like only that traffic to use the vpn, versus having to route *everything*.
Example - say I'm on 192.168.0.1 and the vpn network is 10.0.0.1 - can I have it only allow access to 10.0.0.x items when on the vpn?
If you only want to access your OVPN servers network then Disable "Redirect default Gateway" in the OVPN servers GUI.
Instead you have to push a route to the OVPN's servers network, assuming your OVPN server sits on a router with 192.168.1.1 as its IP (as is used in the example in the guide) you add the following in the Additional Config:
If you only want to access your OVPN servers network then Disable "Redirect default Gateway" in the OVPN servers GUI.
Thanks - eventually got it working. I'm using tap, so only two networks. I had to disable dhcp proxy mode, redirect and add that code and everything seems to be working perfectly.