OpenVPN not routing

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
droblesa
DD-WRT Novice


Joined: 01 Dec 2010
Posts: 26

PostPosted: Thu Sep 06, 2012 21:01    Post subject: OpenVPN not routing Reply with quote
I have an E4200 that I am trying to use as an OpenVPN Host. I am connecting to the router with the OpenVPN software. I am able to connect but I am not able to get to any devices on the other side of the router. I have followed the instructions in http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B. To no avail. I have even read http://www.dd-wrt.com/wiki/index.php/OpenVPN wiki. I have flashed and started from scratch a number of times and still no routing. I have even tried the sample configurations found on the OpenVPN website.

My current config is

#load openvpn as a daemon
daemon

#Cert Keys
dh /opt/etc/openvpn/dh1024.pem
ca /opt/etc/openvpn/ca.crt
cert /opt/etc/openvpn/cert.pem
key /opt/etc/openvpn/server.key

#logs and troubleshooting info
ifconfig-pool-persist /opt/etc/openvpn/ipp.txt
status /opt/etc/openvpn/openvpn-status.log
log /opt/etc/openvpn/openvpn.log
verb 5
mute 5

#Push routes
push "route 10.0.10.0 255.255.255.0"

#Server Specifics
mode server
proto udp
port 1194
dev tun0
server 10.0.20.0 255.255.255.0

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

keepalive 10 120
management 127.0.0.1 5002
management-log-cache 50
script-security 2
fast-io

and my current firewall rules are:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

any help is greatly appreciated.
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Thu Sep 06, 2012 21:44    Post subject: Reply with quote
upgrade and use the gui
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
droblesa
DD-WRT Novice


Joined: 01 Dec 2010
Posts: 26

PostPosted: Thu Sep 06, 2012 22:12    Post subject: Reply with quote
What is the best version to run. I'm running 18777
droblesa
DD-WRT Novice


Joined: 01 Dec 2010
Posts: 26

PostPosted: Thu Sep 06, 2012 22:34    Post subject: Reply with quote
I have entered all the pertinent information into the gui and openvpn will not start. If you go to the status/openvpn tab it is all blank and if I run top the process is not running after reboot. I have been having this problem for a while that's why I went to scripting the startup of OpenVPN. I have done 30/30/30 resets to the router, reflashed it, and started over it and still openvpn will not start if I use the gui. I have tried 18777 and 18946. I haven't tried any of the newer builds because I read openvpn is broke with one of the 19000 builds.
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1552
Location: Zwolle

PostPosted: Thu Sep 06, 2012 22:57    Post subject: Reply with quote
After build 18777 certain combinations of encryption, hashing and authentication have been dropped by an OpenSSL update which misbehaves on Linux Mips. See e.g. http://www.myopenrouter.com/forum/thread/40292/New-Build-r19545-kong/

So, the idea is that if you use a build higher than 18777, very careful configuration of OpenVPN has to take place, otherwise it won't work. Besides, not all devices support such configurations, therefore OpenVPN may fail with certain VPN providers or clients.

For the combinations that do work in higher builds see http://svn.dd-wrt.com/ticket/2536 The best option seems to be:

tls-cipher EDH-RSA-DES-CBC3-SHA

Warning: many people think that DES is lame encryption.

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)

Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum