[droblesa]

I have an E4200 that I am trying to use as an OpenVPN Host. I am connecting to the router with the OpenVPN software. I am able to connect but I am not able to get to any devices on the other side of the router. I have followed the instructions in http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B. To no avail. I have even read http://www.dd-wrt.com/wiki/index.php/OpenVPN wiki. I have flashed and started from scratch a number of times and still no routing. I have even tried the sample configurations found on the OpenVPN website.

My current config is

#load openvpn as a daemon
daemon

#Cert Keys
dh /opt/etc/openvpn/dh1024.pem
ca /opt/etc/openvpn/ca.crt
cert /opt/etc/openvpn/cert.pem
key /opt/etc/openvpn/server.key

#logs and troubleshooting info
ifconfig-pool-persist /opt/etc/openvpn/ipp.txt
status /opt/etc/openvpn/openvpn-status.log
log /opt/etc/openvpn/openvpn.log
verb 5
mute 5

#Push routes
push "route 10.0.10.0 255.255.255.0"

#Server Specifics
mode server
proto udp
port 1194
dev tun0
server 10.0.20.0 255.255.255.0

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

keepalive 10 120
management 127.0.0.1 5002
management-log-cache 50
script-security 2
fast-io

and my current firewall rules are:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

any help is greatly appreciated.

[Sash]

upgrade and use the gui

[droblesa]

What is the best version to run. I'm running 18777

[droblesa]

I have entered all the pertinent information into the gui and openvpn will not start. If you go to the status/openvpn tab it is all blank and if I run top the process is not running after reboot. I have been having this problem for a while that's why I went to scripting the startup of OpenVPN. I have done 30/30/30 resets to the router, reflashed it, and started over it and still openvpn will not start if I use the gui. I have tried 18777 and 18946. I haven't tried any of the newer builds because I read openvpn is broke with one of the 19000 builds.

[slobodan]

After build 18777 certain combinations of encryption, hashing and authentication have been dropped by an OpenSSL update which misbehaves on Linux Mips. See e.g. http://www.myopenrouter.com/forum/thread/40292/New-Build-r19545-kong/

So, the idea is that if you use a build higher than 18777, very careful configuration of OpenVPN has to take place, otherwise it won't work. Besides, not all devices support such configurations, therefore OpenVPN may fail with certain VPN providers or clients.

For the combinations that do work in higher builds see http://svn.dd-wrt.com/ticket/2536 The best option seems to be:

tls-cipher EDH-RSA-DES-CBC3-SHA

Warning: many people think that DES is lame encryption.