Posted: Sun Dec 04, 2011 18:32 Post subject: No help
Unfortunately I don't have an answer for you but I do have issues myself trying to get my setup working. I have been playing with OpenVPN and dd-wrt for years trying to get it to work for my road warrior activity but always end up giving up and using alternate but more tedious methods to communicate back home.
With the V24 sp2 iteration of OpenVPN and with the link below I finally got a server running and was able to VPN in from a remote laptop with no errors. Hooray!! I do have to run the server with the SPI firewall off but that is another issue for another long session of read, try to figure out what the hell they are talking about and attempt another guess to fix the problem.
I am confused on the instructions in the link you posted here and wonder first why the static.key creation is being called in the logon script if there is room for keys to be input on the web gui now itself? Again, I don't know much about this.
Regardless, here is the link that I used to finally get my first remote laptop to dd-wrt OpenVPN daemon setup working. It is a step by step process and worked for me:
My current frustration is trying to now set up another client, this time a dd-wrt client instead of a Vista laptop running OpenVPN, to link into this working configuration.
One problem I see with the OpenVPN Client piece of dd-wrt is there is no input area for a client profile - you have to trust one being created from the tic marks you select above the encryption key entry fields. As "finicky" as the server is, it seems like one needs this control (well obviously, actually). I am going to see if I can figure out how to write over the client.cfg (?) file from the startup script and try to match the same configuration options from my windows OpenVPN profile that works in that environment. Maybe that will supply the changes needed to allow it to work in unison as well as it does from Windows OpenVPN.
Posted: Sun Dec 04, 2011 18:59 Post subject: Tracing OpenVPN messages
Just a side note to other non Linux gurus out there, some info I found in another wiki about how one can fairly easily debug OpenVPN errors. Simply turn on syslogd with no need to specify a syslog server. Then ensure that ssh is enabled (with the password setting or if you desire then do the more complicated secure key access - if you can get the secure key to work). I then use the Windows program WinSCP to go into SCP mode on port 22 with the IP address of the dd-wrt machine and user of root, password of the web interface to look at the directory structure on the dd-wrt server. Once logged in with WinSCP, you have to click the up directory tic several times to show the whole directory file structure, then navigate to /var/log/messages. This will show you your OpenVPN errors.
Above, 192.168.158.0 is the submet of the LAN side of the dd-wrt box I am VPNing into. I can now go to url 192.168.158.1 and get the password prompt to access the VPN server router. Fantastic!!!
Here is my console. Not sure what the warnings mean but for now it works. I am not sure where the gw 10.0.1.1 came from put I am doing a lot of copy and paste programming it seems.
Dec 4 13:12:02 DD-WRT daemon.notice openvpn: OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Nov 2 2009
Dec 4 13:12:02 DD-WRT daemon.warn openvpn: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
Dec 4 13:12:02 DD-WRT daemon.notice openvpn: LZO compression initialized
Dec 4 13:12:02 DD-WRT daemon.notice openvpn: UDPv4 link local: [undef]
Dec 4 13:12:02 DD-WRT daemon.notice openvpn: UDPv4 link remote: 192.168.2.197:1194
Dec 4 13:12:04 DD-WRT daemon.notice openvpn: [server] Peer Connection Initiated with 192.168.2.197:1194
Dec 4 13:12:06 DD-WRT daemon.notice openvpn: TUN/TAP device tun0 opened
Dec 4 13:12:06 DD-WRT daemon.notice openvpn: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Dec 4 13:12:07 DD-WRT daemon.notice openvpn: Initialization Sequence Completed
Again what I did to configure a dd-wrt OpenVPN server initially with a single windows client was go here:
1 - set up a dd-wrt OpenVPN server and a windows OpenVPN client as per this guide:
(note: be sure to create enough extra unique client keys to address future needs)
2 - pay attention to the comments at the end of the post and change your profiles to adjust for mistakes in the original article
3 - debug by using the syslogd and view via WinSCP as I pointed out before
4 - to set up now a dd-wrt client, refer to this wiki for client code under topic "Client Configuration - DD-WRT"
5 - use one of the extra client(x) series of client key files that you created in your initial key creation exercise. Copy them and paste them in the respective web gui for OpenVPN Client option.
6 - check the /var/log/messages file using WinSCP on the dd-wrt client OpenVPN router to see if you get a successful link as in my example above
7 - add the route statement with the OpenVPN servers subnet named to the login script of the dd-wrt OpenVPN client
8 - use run command from Admin first to see if it works, then if it does, then add permanently
9 - now ping addresses on the dd-wrt OpenVPN server subnet
10 - edit note: the dd-wrt OpenVPN server has to have the SPI firewall set off in order for this configuration to work. I am still looking for something to put in the firewall script on the server that will allow it to be turned back on. Will update if I find it.
Again cut and paste programming at it's absolute best!