OpenVPN server setup on WRT1200AC [solved]

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
Szellem
DD-WRT Novice


Joined: 14 Sep 2012
Posts: 16

PostPosted: Fri May 17, 2019 15:32    Post subject: Reply with quote
As a next step, I tried using the same configuration from the DD-WRT UI, but couldn't get it to work.



The generated config:
Code:

# cat /tmp/openvpn/openvpn.conf
secret /tmp/openvpn/static.key
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto udp4
cipher none
auth none
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo no
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
fast-io
tun-mtu 1500
mtu-disc yes
server 
dev tun2
ifconfig 10.8.0.1 10.8.0.2


And the server refuses to start:
Code:

May 17 15:13:35 bns-wrt user.info : openvpn : OpenVPN daemon (Server) starting/restarting...
May 17 15:13:35 bns-wrt daemon.err openvpn[8897]: Options error: --server and --secret cannot be used together (you must use SSL/TLS keys)


So it looks like I need to dive into TLS again to run this next test.
Sponsor
Szellem
DD-WRT Novice


Joined: 14 Sep 2012
Posts: 16

PostPosted: Fri May 17, 2019 21:41    Post subject: Reply with quote
Finally got it! Phew!

tl;dr I had to manually forward port 1194:


After rebuilding all of the PKI keys and certs and stuff, I got back to the same errors that I saw before. I did some more digging, and found a few resources like this: https://unix.stackexchange.com/questions/417113/openvpn-tls-handshake-hangs-at-p-control-hard-reset-server-v2-not-received

The gist of all of them is "The server isn't responding, something's up with the network side of things." With possible solutions from iptables to using the 'local' config word on the server to bind to a specific address. I toyed around with a few of them until finally just forwarding the port specifically, and was able to connect.

My current config:



Thank you all for the help! It took a few months, but we got it!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat May 18, 2019 8:37    Post subject: Reply with quote
Great that it is working, but I assume that the OVPN server is running on a secondary router?

If it is running on your primary router (connected to the internet a port forward is not necessary (DDWRT opens up the corresponding port on the INPUT chain)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Szellem
DD-WRT Novice


Joined: 14 Sep 2012
Posts: 16

PostPosted: Sat May 18, 2019 16:33    Post subject: Reply with quote
egc wrote:
Great that it is working, but I assume that the OVPN server is running on a secondary router?

If it is running on your primary router (connected to the internet a port forward is not necessary (DDWRT opens up the corresponding port on the INPUT chain)


Thanks egc. This is the main/only router for the network, its upstream IP is the WAN from my ISP.
Szellem
DD-WRT Novice


Joined: 14 Sep 2012
Posts: 16

PostPosted: Sat May 18, 2019 16:49    Post subject: Reply with quote
Well, and now I'm sitting at a coffee shop and cannot connect again. Same 'P_CONTROL_HARD_RESET_CLIENT_V2' errors as before.

Previously I'd been testing from a school wireless network, so I wouldn't expect just switching networks to cause trouble.
Szellem
DD-WRT Novice


Joined: 14 Sep 2012
Posts: 16

PostPosted: Wed May 22, 2019 17:27    Post subject: Reply with quote
The VPN didn't work at the coffee shop, but does at my office. It appears to be working OK, except that I cannot query the dd-wrt router for DNS names of local machines. I have dnsmasq set up as the DHCP host and also have local name resolution enabled.

Just in case it was a bug, last night I upgraded the router to v3.0-r39827 std (05/20/19)

But I still cannot resolve names:
Code:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
[...]
192.168.13.0    192.168.14.1    255.255.255.0   UG    50     0        0 tun0
192.168.14.0    0.0.0.0         255.255.255.0   U     50     0        0 tun0

$ drill bns-wrt.bns @192.168.13.1
Error: error sending query: Could not send or receive, because of network error


*Edit: I also cannot resolve DNS from inside the network, with a local machine. So this isn't a openvpn issue, but dnsmasq one instead.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum