Posted: Sun Apr 01, 2018 4:02 Post subject: moving from Build 21061 to latest 35531. OpenVPN Trouble.
So I want to move to a later Build I have OpenVPN up and running on the older build.
I know that there are updated configurations but not sure where to put some of the new commands. Any thoughts?
Cisco E3000 Mega Build 21061
30-30-30 and loaded Mega Build 35531 and retyped the setup did not just reload a saved config.
The Following OpenVPN configuration works on the 21061 but not on the 35531.
The one thing I don't know is where to put mtu-disc yes.
I know Certs are fine. I am running in Daemon and not server GUI. It is pretty much the sample server and client config for OpenVPN 2.0 I did update UDP to UDP4 in both server and client config and Firewall config to confirm working on older build.
Router Server Info.
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DNS 192.168.20.1"
server 192.168.20.0 255.255.255.0
keepalive 10 120
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001
# Try to preserve some state across restarts.
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
# Set log file verbosity.
# Silence repeating messages
Configuration: _________________ WRT600n BS Mega r15962 --Broadband Router
WRT600n BS Mega r15962 --Repeater Bridge
WRT54G-TM BS Mega r15962 --Broadband Router and OpenVPN Server
WRT54G-TM BS Mega r15962 --Broadband Router
WRT54G v2.0 EKO Std r15943_VINT --Idle
WRT54G v1.1 --Idle
WRT54GS V6.0 BS VPN r15962 --Idle