client
dev tun0
proto tcp
remote xxxxxx.duckdns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert ClientCert1.crt
key ClientCert1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 5
And finally the OpenVPN Additional config on the router:
Code:
push "route 192.168.1.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
tls-auth ta.key 0
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT's OpenVPN Status web page to access the server's management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 16
I think the issue must be in my routing or subnet settings... but I am clueless in this area. My router IP is 192.168.1.1. I get the connection refused error immediately and it happens weather im on wifi on the same network and also when im on cellular data.
I am also concerned about the extra commands on the server config and the firewall? Do I really need those last three lines on the firewall commands? how about the "push" command and the "server" command on the openvpn addl config? isn't that taken care of in the above settings boxes already there in dd-wrt?
I removed the TLS Auth key and have gotten past the connection refused issue.
However I'm still not getting a useful connection.
Can't connect to my router IP (192.168.1.1) or mount smb shares.
I have tried every combination possible I can on the router and server commands, but I am just doing trial and error at this point.
I even removed ALL firewall commands, even the one opening UDP 1194, and the connection is occurring just fine according to the android client. lol
Here is where I am at now:
Server addl config:
Code:
server 10.0.10.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
route 192.168.2.0 255.255.255.0 10.0.10.2
dev tun
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
#tls-auth ta.key 0
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 16