BRIDGED OpenVPN v24 sp1 gui setup guide (OS X hints)

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
rmeytin
DD-WRT Novice


Joined: 04 Sep 2008
Posts: 2

PostPosted: Fri Sep 05, 2008 6:48    Post subject: BRIDGED OpenVPN v24 sp1 gui setup guide (OS X hints) Reply with quote
Hello,

1st of all big thanks to dereks who authored the very excellent thread on setting up OpenVPN routed version. This worked well for me and got me on my way, however I quickly realized that the routed version has some serious limitations. A big one for me is that iTunes does not detect my iTunes streaming server; they do after all exist on two different subnets. What good are the intertubes if you can not stream sweet, delicious, beats. So I have ammended his work to create a bridged version.


Step #1: Create all the necessary keys and certificates. This is covered in a number of other guides. The easiest way is to use easy-rsa scripts on either Windows or Linux. If you have a good OS X solutions please post here. I was forced to load up XP in parallels, because I could not find one. That seems silly.

After this step you will have these important files:
    ca.crt
    server.key
    server.crt
    client.key
    client.crt
    dh1024.pem


Step #2) Load up DD-WRT webmin, login, and go to the Services Tab. Default tab under that is services.

*) enable Start OpenVPN
*) set Start Type to WAN
*) paste the keys from step1 in the following boxes:
Code:
Public Server Cert            > ca.crt
Certificate Revoke List (CRL) > (blank)
Public Client Cert            > server.crt
Private Client Key            > server.key
DH PEM                        > dh1024.pem
OpenVPN TLS Auth              > (blank)


NOTE: Only paste in the sections that appear between
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
in the text files, including the two ---BEGIN/END CERTIFICATE--- lines above. Do not paste all the descriptive stuff above that section.

Step 3) for OpenVPN Config paste:
Code:
mode server
client-to-client
tls-server
dev tap0
proto udp
server-bridge 192.168.69.40 255.255.255.0 192.168.69.41 192.168.69.49
keepalive 10 120
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem


note: the server-bridge line sets up a DHCP pool for the VPN. However, in my experiece, at best, the client would only end up getting the IP from the DHCP server running on the router for WLAN/LAN and not from this pool. Besides on OS X DHCP for OpenVPN is a bit buggy (see bellow). So I ended up deleting this line, but everyone else seems to like it, so I kept it here for now.

Step 4)
Go to Administration -> Commands and open the OpenVPN port in the Firewall. Paste into firewall:

Code:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT


(note: my set up uses UDP and on port 1194)

Step 5)
(this is a bit of a hack and will hopefully be fixed by dd-wrt folks)

Go to the Administration -> Commands tab and the following to the Startup (thank you klystron for initial idea!):

Code:
sleep 45
brctl addif br0 tap0 
ifconfig tap0 0.0.0.0 promisc up


Please note that you need the sleep time so that the interfaced is bridged after openVPN has time to run. I randomly guessed at 45 second. Also note that adding this to route-up.sh file (which is a tricky feat) did not work!

---Client Side:
This is it! If you follow this you can set up a pretty good, bridged firewall. And listen to iTunes! How you handle the client is up to you. I use OS X and Viscocity. My client file looks like this:

Code:
remote **REPLACE_SERVER_PUBLIC_IP_HERE** 1194
persist-key
tls-client
proto udp
ca ca.crt
nobind
persist-tun
cert cert.crt
comp-lzo
dev tap
key key.key
ns-cert-type server
resolv-retry infinite



Static IP/ OSX Fix:
One final irritation. Is if you use OS X on the client side, then you need to run this command on the desktop to get DHCP to work:
Code:
sudo /usr/sbin/ipconfig set tap0 DHCP


you can of course automate this. But i decided to use a static IP instead of dealing with it on the client. To assign a static IP:

Create a client-specific file on jffs partition like so:
/jffs/openvpn/ccd/client
(**note: the file should be named whatever you name the client key when you generated it in step1. This is how the server recognizes the client!.)

this file should contain 1 line:
Code:
ifconfig-push 192.168.69.122 255.255.255.0


(replace IP address with whatever static IP you want)

Now go back to Services->Services in webmin GUI and add this line to the OpenVPN Config box:
Code:
client-config-dir /jffs/openvpn/ccd


Go to your client machine and add this line to your openvpn config file:
Code:
pull



If you follow this guide you should have a much easier time setting up bridged OpenVPN using the Web Gui.

If you figure out how to better handle step 5, please post it here. Also if you know how to generate the necessary keys under OS X, please clue me in as well! Other advice suggestions for setting up a bridged openvpn server / client? ... please contribute!

Thanks!

Roman Meytin
[/i][url][/url]
Sponsor
ptruman
DD-WRT User


Joined: 14 May 2008
Posts: 155

PostPosted: Fri Sep 05, 2008 10:06    Post subject: Reply with quote
Good guide.

Using the GUI is nicer than the command prompt, but yes, "Step 5" is a pain.

I've got around this by creating the following script :

/jffs/etc/config/startopenvpn.wanup

Code:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config /jffs/openvpn/openvpn.conf


My openvpn.conf file is basically the same content as is supplied in the GUI - but you could modify the above script to pull the value from the nvram variable openvpn_config - and maybe add your sleep variable in at the start of this script.

What happens if you change the openvpn GUI startup type to system, rather than WANUP?
-ULK-
DD-WRT Novice


Joined: 07 Jul 2008
Posts: 17

PostPosted: Sat Sep 06, 2008 1:07    Post subject: Reply with quote
(sorry for my english)
Thank you for this "step 5 trick", this made my VPN to work Cool

BTW are these firewall rules...

Code:
/usr/sbin/iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i tap0 -o br0 -j ACCEPT


...no longer necessary ?
rdavids
DD-WRT Novice


Joined: 06 Sep 2008
Posts: 1

PostPosted: Sat Sep 06, 2008 2:43    Post subject: Reply with quote
I have a bridged OpenVPN network setup on a wrt600n router that uses info from this thread and others. Mine is very similar to rmeytin's above.
My question is : How can I definitively tell if all Internet traffic is securely routed from my client, through any nonsecure environment (StarBucks, ...) to my home router before being dumped onto the open Internet? Is there a test that reveals this status or do I just use the bridging parameters and hope it is secure?
rscutaru
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 3

PostPosted: Tue Sep 16, 2008 12:48    Post subject: Reply with quote
This is what I get on my client... I'm clueless to why this is happening. My server config is the same as in this post except for the IPs.

    root@DD-WRT:/tmp/var/log# cat messages | grep openvpn
    Sep 16 08:40:19 DD-WRT daemon.notice openvpn[738]: OpenVPN 2.1_rc7 mipsel-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Jul 27 2008
    Sep 16 08:40:19 DD-WRT daemon.warn openvpn[738]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sep 16 08:40:19 DD-WRT daemon.warn openvpn[738]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
    Sep 16 08:40:19 DD-WRT daemon.notice openvpn[738]: LZO compression initialized
    Sep 16 08:40:19 DD-WRT daemon.notice openvpn[742]: UDPv4 link local: [undef]
    Sep 16 08:40:19 DD-WRT daemon.notice openvpn[742]: UDPv4 link remote: 207.112.107.21:1194
    Sep 16 08:40:21 DD-WRT daemon.notice openvpn[742]: [OpenVPN-CA] Peer Connection Initiated with 207.112.107.21:1194
    Sep 16 08:40:22 DD-WRT daemon.warn openvpn[742]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warnin
    Sep 16 08:40:22 DD-WRT daemon.notice openvpn[742]: TUN/TAP device tun0 opened
    Sep 16 08:40:22 DD-WRT daemon.notice openvpn[742]: /sbin/ifconfig tun0 192.168.0.17 pointopoint 255.255.255.0 mtu 1500
    Sep 16 08:40:22 DD-WRT daemon.err openvpn[742]: Linux ifconfig failed: shell command exited with error status: 1
    Sep 16 08:40:22 DD-WRT daemon.notice openvpn[742]: Exiting
rscutaru
DD-WRT Novice


Joined: 12 Sep 2008
Posts: 3

PostPosted: Wed Sep 17, 2008 1:49    Post subject: Reply with quote
Could this be done between two ddwrt routers? What is the client config for the client router?
dncwebmaster
DD-WRT Novice


Joined: 24 Sep 2008
Posts: 1

PostPosted: Wed Sep 24, 2008 19:57    Post subject: Reply with quote
I have an ASUS 500G Premium Version 2 running dd-wrt v24 sp1 and am trying to get the openVPN set up as a bridge. I had a setup similar to the first post in this thread and had it working but it stopped for some reason. Here are my current settings. I have generated and regenerated my certs and keys. Maybe I am missing something stupid but I am about to pull my hair out trying to get this to work and have people waiting on the connection.

Setting in Router:
Start OpenVPN Enable
Start type Wan Up
--(Certificates placed as in first post)--
OpenVPN Config

server
tls-server
proto udp
port 1194
dev tap0
keepalive 15 60
daemon
verb 5
comp-lzo
cipher AES-256-CBC
client-to-client
ca /tmp/openvpn/ca.crt
dh /tmp/openvpn/dh.pem
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Startup Command:
sleep 45
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT

Client:
client
tls-client
dev tap0
proto udp
remote myname.myddns.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
ns-cert-type server
comp-lzo
verb 5

Here is the log from the router openvpn entries:
Sep 24 15:02:02 openvpn[2581]: Initialization Sequence Completed
Sep 24 15:02:02 openvpn[2581]: MULTI: multi_init called, r=256 v=256
Sep 24 15:02:02 openvpn[2581]: UDPv4 link remote: [undef]
Sep 24 15:02:02 openvpn[2581]: UDPv4 link local (bound): [undef]:1194
Sep 24 15:02:02 openvpn[2581]: Socket Buffers: R=[109568->131072] S=[109568->131072]
Sep 24 15:02:02 openvpn[2546]: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sep 24 15:02:02 openvpn[2546]: TUN/TAP TX queue length set to 100
Sep 24 15:02:02 openvpn[2546]: TUN/TAP device tap0 opened
Sep 24 15:02:02 openvpn[2546]: TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 24 15:02:02 openvpn[2546]: Diffie-Hellman initialized with 1024 bit key
Sep 24 15:02:01 openvpn[2546]: OpenVPN 2.1_rc7 mipsel-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Jul 27 2008

This is what I get on the client side when I try to connect.

Wed Sep 24 15:45:44 2008 us=934153 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Sep 24 15:45:44 2008 us=935221 LZO compression initialized
Wed Sep 24 15:45:44 2008 us=935305 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 24 15:45:45 2008 us=34018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Sep 24 15:45:45 2008 us=34072 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Sep 24 15:45:45 2008 us=34084 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Sep 24 15:45:45 2008 us=34113 Local Options hash (VER=V4): 'c6c7c21a'
Wed Sep 24 15:45:45 2008 us=34130 Expected Remote Options hash (VER=V4): '1a6d5c5d'
Wed Sep 24 15:45:45 2008 us=34157 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 24 15:45:45 2008 us=36228 UDPv4 link local: [undef]
Wed Sep 24 15:45:45 2008 us=36254 UDPv4 link remote: xx.xx.xx.xx:1194
Wed Sep 24 15:45:45 2008 us=41827 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:47 2008 us=459283 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:48 2008 us=669430 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

...then finally...

Wed Sep 24 15:46:44 2008 us=951774 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 24 15:46:44 2008 us=951816 TLS Error: TLS handshake failed
Wed Sep 24 15:46:44 2008 us=953389 TCP/UDP: Closing socket
Wed Sep 24 15:46:44 2008 us=953803 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 24 15:46:44 2008 us=953822 Restart pause, 2 second(s)

and it starts back over.

Maybe there is somewhere else to look for errors. It just seems like it's not connecting. The sys log does not even show an attempt to establish a connection.
Can someone please help with this??

Thanks
nicholaswc
DD-WRT Novice


Joined: 03 Jun 2008
Posts: 31

PostPosted: Thu Oct 02, 2008 7:16    Post subject: Reply with quote
firmware: dd-wrt v24 vpn (build 9526)
Router: WRT54G

I can enable the start openvpn in service tab.
1. I can't found Start type WAN up function.
2. I can't found a place that the dh1024 file can be placed.

am I using a incorrect version to configure the OpenVPN server function?

Thanks,
Nicholas
ColdBrew
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 17
Location: USA

PostPosted: Thu Nov 20, 2008 16:56    Post subject: Reply with quote
Thanks for the guide! I was able to get it working with your help.
slgta
DD-WRT User


Joined: 09 Jan 2008
Posts: 92

PostPosted: Thu Nov 20, 2008 20:26    Post subject: Reply with quote
Check if your DMZ is enabled.
I found that the only way to get my bridged VPN to connect is to disable DMZ.


dncwebmaster wrote:
I have an ASUS 500G Premium Version 2 running dd-wrt v24 sp1 and am trying to get the openVPN set up as a bridge. I had a setup similar to the first post in this thread and had it working but it stopped for some reason. Here are my current settings. I have generated and regenerated my certs and keys. Maybe I am missing something stupid but I am about to pull my hair out trying to get this to work and have people waiting on the connection.

Setting in Router:
Start OpenVPN Enable
Start type Wan Up
--(Certificates placed as in first post)--
OpenVPN Config

server
tls-server
proto udp
port 1194
dev tap0
keepalive 15 60
daemon
verb 5
comp-lzo
cipher AES-256-CBC
client-to-client
ca /tmp/openvpn/ca.crt
dh /tmp/openvpn/dh.pem
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Startup Command:
sleep 45
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT

Client:
client
tls-client
dev tap0
proto udp
remote myname.myddns.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
ns-cert-type server
comp-lzo
verb 5

Here is the log from the router openvpn entries:
Sep 24 15:02:02 openvpn[2581]: Initialization Sequence Completed
Sep 24 15:02:02 openvpn[2581]: MULTI: multi_init called, r=256 v=256
Sep 24 15:02:02 openvpn[2581]: UDPv4 link remote: [undef]
Sep 24 15:02:02 openvpn[2581]: UDPv4 link local (bound): [undef]:1194
Sep 24 15:02:02 openvpn[2581]: Socket Buffers: R=[109568->131072] S=[109568->131072]
Sep 24 15:02:02 openvpn[2546]: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sep 24 15:02:02 openvpn[2546]: TUN/TAP TX queue length set to 100
Sep 24 15:02:02 openvpn[2546]: TUN/TAP device tap0 opened
Sep 24 15:02:02 openvpn[2546]: TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 24 15:02:02 openvpn[2546]: Diffie-Hellman initialized with 1024 bit key
Sep 24 15:02:01 openvpn[2546]: OpenVPN 2.1_rc7 mipsel-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Jul 27 2008

This is what I get on the client side when I try to connect.

Wed Sep 24 15:45:44 2008 us=934153 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Sep 24 15:45:44 2008 us=935221 LZO compression initialized
Wed Sep 24 15:45:44 2008 us=935305 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 24 15:45:45 2008 us=34018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Sep 24 15:45:45 2008 us=34072 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Sep 24 15:45:45 2008 us=34084 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Sep 24 15:45:45 2008 us=34113 Local Options hash (VER=V4): 'c6c7c21a'
Wed Sep 24 15:45:45 2008 us=34130 Expected Remote Options hash (VER=V4): '1a6d5c5d'
Wed Sep 24 15:45:45 2008 us=34157 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 24 15:45:45 2008 us=36228 UDPv4 link local: [undef]
Wed Sep 24 15:45:45 2008 us=36254 UDPv4 link remote: xx.xx.xx.xx:1194
Wed Sep 24 15:45:45 2008 us=41827 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:47 2008 us=459283 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:48 2008 us=669430 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

...then finally...

Wed Sep 24 15:46:44 2008 us=951774 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 24 15:46:44 2008 us=951816 TLS Error: TLS handshake failed
Wed Sep 24 15:46:44 2008 us=953389 TCP/UDP: Closing socket
Wed Sep 24 15:46:44 2008 us=953803 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 24 15:46:44 2008 us=953822 Restart pause, 2 second(s)

and it starts back over.

Maybe there is somewhere else to look for errors. It just seems like it's not connecting. The sys log does not even show an attempt to establish a connection.
Can someone please help with this??

Thanks
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Fri Nov 21, 2008 1:08    Post subject: Re: BRIDGED OpenVPN v24 sp1 gui setup guide (OS X hints) Reply with quote
rmeytin wrote:
If you have a good OS X solutions please post here.
I think I almost got it but the keys I made didn't work. Can someone please advise?

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=42744

rmeytin wrote:

This is it! If you follow this you can set up a pretty good, bridged firewall. And listen to iTunes! How you handle the client is up to you. I use OS X and Viscocity.
What would I do if I want the client to be another router, similar to the command line method offered on the wiki at http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_Bridged_VPN_Between_Two_Routers ? I got the command line method working with a DHCP glitch I am still trying to fix at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=42743. I would like to try the GUI method with the client being a router, and then with the client being a Macintosh.


rmeytin wrote:
Create a client-specific file on jffs partition like so:
/jffs/openvpn/ccd/client
Where are you doing this step - on a client computer (and how)? The VPN server router?

Thanks in advance for any help!
rearden
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 46

PostPosted: Fri Nov 21, 2008 22:42    Post subject: Reply with quote
I have the same problem. and sometimes I don't get the "WSAECONNRESET" message. I can connect from withinside the network, but not from outside (the normal way). So I know it _must_ be a firewall issue, but I have set it up as described in here. I got it to work once (after much fiddling) and I thought the final key was the "brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
" portion. But that is doing the trick this time.
Any pointers? (I don't use a DMZ)
rearden



dncwebmaster wrote:

Wed Sep 24 15:45:45 2008 us=36254 UDPv4 link remote: xx.xx.xx.xx:1194
Wed Sep 24 15:45:45 2008 us=41827 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:47 2008 us=459283 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:48 2008 us=669430 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

...then finally...

Wed Sep 24 15:46:44 2008 us=951774 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 24 15:46:44 2008 us=951816 TLS Error: TLS handshake failed
Wed Sep 24 15:46:44 2008 us=953389 TCP/UDP: Closing socket
Wed Sep 24 15:46:44 2008 us=953803 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 24 15:46:44 2008 us=953822 Restart pause, 2 second(s)

and it starts back over.

Maybe there is somewhere else to look for errors. It just seems like it's not connecting. The sys log does not even show an attempt to establish a connection.
Can someone please help with this??

Thanks
ColdBrew
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 17
Location: USA

PostPosted: Sat Nov 22, 2008 1:30    Post subject: Reply with quote
rearden wrote:
I have the same problem. and sometimes I don't get the "WSAECONNRESET" message. I can connect from withinside the network, but not from outside (the normal way). So I know it _must_ be a firewall issue, but I have set it up as described in here. I got it to work once (after much fiddling) and I thought the final key was the "brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
" portion. But that is doing the trick this time.
Any pointers? (I don't use a DMZ)
rearden



dncwebmaster wrote:

Wed Sep 24 15:45:45 2008 us=36254 UDPv4 link remote: xx.xx.xx.xx:1194
Wed Sep 24 15:45:45 2008 us=41827 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:47 2008 us=459283 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 24 15:45:48 2008 us=669430 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

...then finally...

Wed Sep 24 15:46:44 2008 us=951774 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 24 15:46:44 2008 us=951816 TLS Error: TLS handshake failed
Wed Sep 24 15:46:44 2008 us=953389 TCP/UDP: Closing socket
Wed Sep 24 15:46:44 2008 us=953803 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 24 15:46:44 2008 us=953822 Restart pause, 2 second(s)

and it starts back over.

Maybe there is somewhere else to look for errors. It just seems like it's not connecting. The sys log does not even show an attempt to establish a connection.
Can someone please help with this??

Thanks


Add a sleep command at the start of the script. I use 45 from a guide. Also turn off your firewall on the server and client to make sure there isn't an issue there.

I also had an issue where it wasn't receiving any packets to make the connection. Turns out I disabled the ethernet adapter and forgot to re enable it LOL.
Joseph_Shaw
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 1

PostPosted: Sat Nov 22, 2008 2:06    Post subject: Reply with quote
I'm having the same issue. It appears to be a firewall problem, but I can't see whats wrong. There is no firewall on my client, and I added the exception to the firewall in dd-wrt.
nemesisdb
DD-WRT User


Joined: 10 Oct 2006
Posts: 197

PostPosted: Sat Nov 22, 2008 3:26    Post subject: Reply with quote
I have had this working for a while using essentially the steps listed by the OP (I don't have a sleep command though).

I was wondering if anyone had tried using the "--server-bridge" command that was added to openVPN in 2.1 RC10? The command description seemed to offer the potential to remove some stuff from step #5.

The OpenVPN release notes offered the following:
Added "--server-bridge" (without parameters) to enableDHCP proxy mode: Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses.
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum