Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Aug 16, 2018 15:22 Post subject:
YES, that is why in my guide it is said that you better use a network addres which is not frequently used (e.g. 192.168.22.1) for you rown home network.
Open VPN in TUN mode has to have 3 different subnets, home subnet, VPN subnet and clients subnet. otherwise it gets confused and does not know where to route.
from my guide first paragraph:
Quote:
I have set the router up as default so the router's IP is 192.168.1.1. This is not recommended, as the routers subnet (192.168.1.0) , the OpenVPN's subnet (10.8.0.0) and the clients subnet must all be different it is advised to use a subnet for the router which is not often used, so a better choice for the router's IP/subnet would be something like 192.168.49.1/255.255.255.0
I changed my main router to 192.168.22.1, and the other OpenVPN router to 192.168.22.2 as suggested. Cameras are on 192.168.22.200+
1) works fantastic on wifi and mobile data from my friend's house on my phone. I can connect on OpenVPN no problem, and can see my cameras and can surf the net via my home network. everything is solved on my cellphone.
2) using my mac laptop on wifi at my friends, it cannot see my devices nor access the web. I'm pretty sure I'm using the same opvn. There must be some setting on Viscosity which is blocking me. I will dig some more.
Posted: Mon Nov 19, 2018 22:16 Post subject: Server settings
Hey guys, please excuse the networking ignorance but would appreciate some guidance here (I've changed some of the digits around):
My router's address and LAN IP is 192.168.20.10 with DHCP from 30-60 (i.e. 192.168.20.30, 192.168.20.31, etc) and the OpenVPN network I'd like to use is 192.168.21.0
1. So given the above, which from the below is correct:
a) push "route 192.168.20.10 255.255.255.0"
b) push "route 192.168.20.0 255.255.255.0"
c) push "route 192.168.20.30 255.255.255.0"
2. This is correct right?
server 192.168.21.0 255.255.255.0
3. Should I use public DNS servers or IP of my router?
a) push "dhcp-option DNS 208.67.222.22"
a) push "dhcp-option DNS 208.67.220.220"
b) push "dhcp-option DNS 192.168.20.1 (.0 .1 or .10)
4. Include this as well?
push “redirect-gateway def1”
#This would be correct --
push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 192.168.20.10"
#will use the same DNS as the router uses
#or if you want different DNS
push "dhcp-option DNS 208.67.222.22"
push "dhcp-option DNS 208.67.220.220"
#or better
push "dhcp-option DNS 9.9.9.9"
push "dhcp-option DNS 149.112.112.112"
#the last two are QUAD9 DNS servers
Quote:
push “redirect-gateway def1”
Should have 'Advanced Options' Enabled and just Enable the 'Redirect default Gateway' in GUI
First off, thank you to @Boogalooz for putting together this guide. However, I am hoping a fine person would be able to help me with my own setup.
Here is what I am trying to achieve:
Code:
Offsite device(To OpenVPN Server)
↕
Internet
↕
Router(Running OpenVPN client to AirVPN (policy based to Rpi) and OpenVPN Server)
↕
Rpi(AirVPN) + Other devices on LAN
So far i got my OpenVPN client working and policy routed to my Rpi which is on the LAN. What i'd like is to have an offsite device (like my smartphone) VPN to the server on the router to be able to connect to the other devices on the LAN (i have some other devices including the pi running web services only available to the LAN). I'd possibly like to have the option to have the offsite device access the internet through the OpenVPN server on the router.
The status page says the client and server is connected, but i cannot connect my phone (i disabled WiFi to test through the carrier network) to the VPN server. Apologies if this seems extremely n00bish/way in over my head, but i like to learn. Any help is appreciated. Code and screenshots below:
Posted: Sun Dec 16, 2018 17:13 Post subject: Thanks for the Updated guide
@egc,
Thanks so much for the updated guide! I agree that running it in daemon mode made things much harder. I decided to start from scratch and follow the guide and it worked!
After i got it working, i wanted to try and add TLS authentication for extra security. To accomplish this in the command prompt:
Code:
cd C:\Program Files\OpenVPN\bin
openvpn --genkey --secret ta.key
I then copied the contents of ta.key into the "TLS Auth Key" field in the OpenVPN Server/Daemon page. On that page i also changed the setting "TLS cipher" to "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"
I also added the line:
Code:
tls-auth "ta.key" 1
at the end of the client1.ovpn file. This all worked as well.
To answer your other question, yes my EA6900 is equipped with the XVortex CFE to solve the 32KB bug. Right now my NVRAM is 45 KB / 64 KB.
I am wondering though if i were to generate the keys/certificates by keeping the key size in the vars.bat file default (4096), if it would overload my NVRAM. If not, do you think i would have to change the cipher type in the settings?
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sun Dec 16, 2018 17:30 Post subject:
Glad you got it working.
Keysize of 2048 is more than adequate, and of course a longer keysize will take up more Ram but not that much.
So your Ram is probably not a problem if you want a keyzise of 4096.
Yea, the more I thought of it, the more i think it'll be fine. I've spent the last few days getting up to the point of it working, so now i will go forward with "if it ain't broke, don't fix it"
Posted: Tue Dec 25, 2018 7:38 Post subject: Re: DD-WRT OpenVPN guide for complete dummies
Boogalooz wrote:
I have compiled an OpenVPN guide for complete dummies (like me), as a pdf.
The information is scattered around this website and others, but not a single guide I was able to dig up, had all of the information I needed to get my router (Linksys WRT-1900AC v2) up and running with OpenVPN.
I decided it was worth the time to compile the data I found into one easy to reference guide, that could be downloaded and shared.
Hopefully, this guide will save about a week of your life. That is how much time it took me to try and fail over and over to make OpenVPN work on my router.
I would really like feedback here. If you try this guide out, and you find any issues that prevent you from establishing an OpenVPN connection on your computer using the settings I have included in the guide, PLEASE let me know. I will amend the guide and put up a new revision.
As you will see in the guide, this method assumes that your DD-WRT router is secondary to your primary internet facing router. I do not go into detail on the methods for setting up a DD-WRT router as the primary WAN/DHCP router on your network. If this guide gets any traction, we can discuss those methods and amend the guide accordingly.
The idea here is to make it easy for people to find the information they need to get OpenVPN up and running without having to scour the internet for easter eggs.
Let me know what you think.
I see your post but can't find the guide you are talking about. I am having trouble getting OpenVPN to connect using IPVanish settings. Thank you.