openvpn on MX4300

Post new topic   Reply to topic    DD-WRT Forum Index -> Qualcomm Atheros based Hardware
Author Message
minchinghowrt
DD-WRT Novice


Joined: 17 Sep 2024
Posts: 25

PostPosted: Fri Nov 08, 2024 8:38    Post subject: openvpn on MX4300 Reply with quote
I'm testing openvpn on my MX4300 running v3.0-r58627 std (11/02/24) on it.
I have connected my MX4300 to my main router for test purpose.

MX4300(192.168.10.123, connect WAN port to my router) <-> main router (with WAN) 192.168.10.1 <-> test laptop 192.168.10.10

I tested around 10 times, it only worked twice (which proves my configuration was correct). When I use Wireshark to monitor my traffic (with filter ip.addr == 192.168.10.123 ), I see no traffic when openvpn fails to connect. but, I still can connect to MX4300's web interface through the same ip address.

I tried to change openvpn protocol from UDP to TCP and it does not really help. Does anyone try Openvpn on MX4300 with the latest release build? I'm not sure it is my laptop causes the problem or there is something wrong on the router.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13559
Location: Netherlands

PostPosted: Fri Nov 08, 2024 10:29    Post subject: Reply with quote
I do not have any K6.1/K6.6 router let alone your specific router so I cannot say anything about your specific router

But the proper way to setup OpenVPN is detailed in the OpenVPN guides which are a sticky in the Advanced Networking forum

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 899
Location: Pittsburgh, PA USA

PostPosted: Fri Nov 08, 2024 14:04    Post subject: Reply with quote
All of your devices are in the same subnet (assuming you used a mask of /24 or 255.255.25.0), so your laptop can access the MX4300's GUI since it can go straight to it.

For example, my ISP gives me a WAN address of 100.7.x.x/24 (it's DHCP so it changes, but it's always a /24 bitmask). My internal network from my main router is 192.168.6.x/24. I would give the internal LAN on the MX4300 a completely different subnet, such as 10.10.10.x/24. In my hypothetical scenario, the WAN port on the MX4300 would get a 192.168.6.x IP address (yours would get a 192.168.10.x based on your description), and in my case I could hardcode it or give it a DHCP reservation, such as 192.168.6.254.

Now from the laptop, I'd make the VPN endpoint 192.168.6.254. Once the laptop connects to it, I should be able to hit http://10.10.10.1 (the LAN IP of the MX4300). I'd also put something like another laptop on the LAN side of the MX4300 with a file share or FTP server, something I could use to test access to resources on the LAN.

Personally, I have OpenVPN on my main router and I test after every build update by connecting my laptop to the access point on my phone so I'm going through T-Mobile, then I connect to my router via dynamic DNS entry, and see if I can access my network file share. I'd rather make sure it works when I'm sitting at home than when I'm on the road trying to connect back.

_________________
__________________________
Linksys MR7350
DD-WRT v3.0 STD
minchinghowrt
DD-WRT Novice


Joined: 17 Sep 2024
Posts: 25

PostPosted: Fri Nov 08, 2024 16:50    Post subject: Reply with quote
I already used Ip range: 10.8.0.0/24.
I think the problem is I did not see any attempt to connect to the device happens when I check Wireshark log.
This is a test setup before I replace the main router. we need internet to get paycheck and I don't want to ruin it. :p
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 899
Location: Pittsburgh, PA USA

PostPosted: Fri Nov 08, 2024 16:55    Post subject: Reply with quote
Again, please check the thread that egc indicated. You also have no indication of your actual configuration on the client or the MX4300.
_________________
__________________________
Linksys MR7350
DD-WRT v3.0 STD
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6785
Location: UK, London, just across the river..

PostPosted: Fri Nov 08, 2024 18:01    Post subject: Reply with quote
To me its very unclear what the OP is testing...if you are trying to run VPN server or just client to a VPN provider...it seams you are struggling but in both cases(client/server) follow the egc advise to read the guides...
also testing with WShk should be done not on the 192.168.10.123 WAN as VPN would be on different
IP either the internal VPN range or the External IP that it is connected to...so that is why it is important to provide more details what you are trying...but anyway read the guide and come back..
also i rather test it whit TCPDUMP...router side..if so...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 58184 WAP
TP-Link WR1043NDv2 -DD-WRT 59369 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 59369 Gateway/DoT,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 59582 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 59582 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 59582
Broadcom
Netgear R7000 --DD-WRT 59582 Gateway/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
minchinghowrt
DD-WRT Novice


Joined: 17 Sep 2024
Posts: 25

PostPosted: Sat Nov 09, 2024 6:33    Post subject: Reply with quote
Thank you for your feedback.

TL;DR
The problem seems relating to how I test it. After I set port forwarding on my main router to forward 1194 to my MX4300 and use a phone
hotspot for my computer (without wifi or ethernet). It works reliably.


I thought I can just test my MX4300 and laptop under the same ip range. In theory, it should be like their "wan ip" even both of them have 192.168.10.x. Within MX4300, I set the ip range to 192.168.100.x and the VPN ip range was set to 10.8.0.0. I use my laptop 192.168.10.10 connect to MX4300's WAN port IP, which is 192.168.10.123, using open VPN. Hope my laptop will be able to access anything underneath MX4300 with 192.168.100.x ip address. I must miss something and it was not working reliably for me. As I said, it did work twice that my laptop can get into MX4300 and access other device using 192.168.100.x ip underneath MX4300.


Min-Ching Ho
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13559
Location: Netherlands

PostPosted: Sat Nov 09, 2024 7:25    Post subject: Reply with quote
From the first page of the OpenVPN Server setup guide in bold Smile :

Quote:
Note:
1. If you use the default TUN setup which is a routed solution, the servers subnet, the OpenVPN's subnet (10.8.0.0) and the clients subnet must all be different!
So better not use 192.168.1.0/24 or 192.168.0.0/24 for the OpenVPN servers subnet.
2. Testing can only be done from outside e.g. with your phone or laptop on cellular data or from a friends/neighbours internet.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
GuitsBoy
DD-WRT Novice


Joined: 26 Jul 2012
Posts: 10

PostPosted: Tue Nov 12, 2024 18:24    Post subject: Reply with quote
I guess it's already been confirmed to be an issue with the testing method and overlapping subnets. For what it's worth, I can confirm OpenVPN is working in the latest three builds on my MX4300s. I'm remoted into my home PC from work over the OpenVPN connection right now. Its been working very well.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Qualcomm Atheros based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum