Good guide but a couple of questions:
Shouldn't you have to do some kind of port forwarding on your main router that the DD-WRT server router connects to?
it just overwrote my vars.bat so if i run the previous notepad command the 2048 is now back at 4096. I'm assuming this is not desired?
Also, got stuck at step 4:
Certificate is to be certified until Nov 5 04:36:56 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find c:\Program Files\OpenVPN\easy-rsa\keys\*.old
c:\Program Files\OpenVPN\easy-rsa>
It created some client1 files but client1.crt is 0 file size so I guess I am completely stuck..
it just overwrote my vars.bat so if i run the previous notepad command the 2048 is now back at 4096. I'm assuming this is not desired?
This is why I included the step that has you open vars.bat with notepad from within the command prompt.
You are correct that the 4096 is not desirable, so change it while in the command prompt and in notepad and save it.
mercury187 wrote:
Also, got stuck at step 4:
Certificate is to be certified until Nov 5 04:36:56 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find c:\Program Files\OpenVPN\easy-rsa\keys\*.old
c:\Program Files\OpenVPN\easy-rsa>
It created some client1 files but client1.crt is 0 file size so I guess I am completely stuck..
When you get that error, it usually means that you started the process and then bounced out of the command prompt somehow. That happened to me a few times while I was figuring all of this out. I was always able to get it to succeed by to the "cd C:\Program Files\OpenVPN\easy-rsa" (enter) command and then immediately typing vars.bat (enter) again, and then running the build-key client1 command again.
When all else fails, exit completely out of the command prompt, then launch it again as administrator, and then just run: "cd C:\Program Files\OpenVPN\easy-rsa" (no quotes/enter) then "vars.bat" (no quotes/enter) followed by "build-key clientX" (no quotes/enter) commands and it will generally complete with no failed returns.
The system is set up so that you can come back in at any time and generate new client keys. Sometimes the command prompt gets hung up...
And the copied the data where it needed to be using your guide and I was able to successfully connect to my dd-wrt. One problem I have though is that I wish to have all my traffic going through the vpn link on the client side so when my client connects to the openvpn server I get the dd-wrt public IP address etc (nothing on the LAN side). Does anyone know how to accomplish this?
On the WAP disable the firewall and use the firewall rule from @mrjcd for natting the VPN.
One thing I am not sure about is setting the WAP as a router, I always leave it in gateway mode, seems to work also
Yea usually work either way but proper WAP should be 'router' mode.
Prolly doesn't matter -- there is nothing there to NAT if left in gateway mode and any added interface outside of its LAN would have to be setup thru DNSMasq anyways.
Yes (although there were versions which were empty because of a bug, but I do not think this is one of them), when it stays empty the server does not start indicating a serious error in your settings, the first thing to look at are the certificates
Thank you
I used this tutorial:
With the same version of openVPN.
I tried several other ways, but nothing appears in STATUS
Is it a bug in this version?
Yea they were a string of builds that had NO working ovpn status but AFAIK that has been
resolved on all routers with build after r32170.
If you have the ovpn router setup as a WAP make sure its
Start Type = 'System' a WAP has NO WAN so it cannot very well start at 'WAN Up'
For an ovpn server embedded somewheres within your network the WAP solution is probably the best
and easiest and also allows you the extra wifi for clients on same subnet as main plus extra switch ports.
You can also use any router that supports ovpn and run it as regular gateway anywhere within your main network with a LAN cable plugged into its WAN. Conf is a bit different but objective is still same ... you can access all your main LAN devices this way.... but this point is really mute when using dd-wrt the WAP is a better solution for an ovpn server for many reasons.....
.... if you don't won't to run ovpn server on the main router
Does anyone know how to "send all traffic over vpn" ? Currently connected client can access devices on the vpn server network but the internet goes out the client wan and not the wan on the vpn side. How do you make all client traffic go through the vpn and then go online through the server wan?
HI
My OPENVPN worked 2 days ago
But now it doesnt want to work.
It seems that the port is closed
But the port was already open in the firewall
Here is my firewall config
Thanks for the guide Boogalooz! I'm trying to set up OpenVPN on my primary router, but this is still helpful. However I noticed a typo on page 4 of the guide, in this paragraph:
Quote:
Back in Notepad++, locate and open the “server.key” file from the same (keys) directory. Click anywhere in the window and right click, select all, then copy and paste the contents into the “Public Server Key” window, in DD-WRT as seen in the “Services-VPN.2”
Thanks for the guide Boogalooz! I'm trying to set up OpenVPN on my primary router, but this is still helpful. However I noticed a typo on page 4 of the guide, in this paragraph:
Quote:
Back in Notepad++, locate and open the “server.key” file from the same (keys) directory. Click anywhere in the window and right click, select all, then copy and paste the contents into the “Public Server Key” window, in DD-WRT as seen in the “Services-VPN.2”
Shouldn't it read "Private Server Key" window?
You are absolutely correct sir, and THANK YoU for pointing that out. I have revised the guide and replaced it in the OP.
Joined: 11 Nov 2017 Posts: 19 Location: Canada, Vancouver Island.
Posted: Thu Nov 16, 2017 20:28 Post subject: Where is the .pdf?
The guide sounds like just what I need but I cannot seem to find it in this thread.
Did it get deleted during the edits or am I just missing it?
Thanks.
Posted: Thu Nov 16, 2017 20:56 Post subject: Re: Where is the .pdf?
L J wrote:
The guide sounds like just what I need but I cannot seem to find it in this thread.
Did it get deleted during the edits or am I just missing it?
Thanks.
It's in the first post as an attachment _________________ R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS) R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS) R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS) R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)
Posted: Sun Nov 26, 2017 21:12 Post subject: Error
So i followed your guide but when i want to connect it gives me an error,
this is in the log file
Options error: You must define CA file (--ca) or CA path (--capath)
also doesn't work when manually adding ca line in config.