OpenVPN server: client connects but timeout for all trafic

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
FTP
DD-WRT User


Joined: 01 Jul 2012
Posts: 61

PostPosted: Sun Dec 09, 2018 17:20    Post subject: OpenVPN server: client connects but timeout for all trafic Reply with quote
Hi,

I've setup an OpenVPN server on my DD-WRT router (Asus RT-AC66U).
But when I try to connect to the router from an OpenVPN client on a laptop under Windows 10, it works, the client connects to the server, some trafic is working (like the TresorIt cloud sync software), but it's an exception, I can't get any traffic for the web, I don't have access to the web admin of my NAS on my local network and I don't have access to the shared folder too, they all end up in timeout Rolling Eyes

However I can ping internal and external addresses.
Like I can ping my NAS on 192.168.0.10 and I can ping google.com.
But from a browser, I can't go on any of them. Timeout Sad

Here are configs and logs...

  • My WAN IP address has been replaced by 82.0.0.0
  • The client IP address has been replaced by 37.0.0.0
  • My OpenVPN username has been replaced by MyUsername


Server side
OpenVPN server of DD-WRT build 36995.

Config...



Firewall...
Code:
iptables -t nat -A POSTROUTING -o $(nvram get wan_iface) -j MASQUERADE


Log...
Quote:
Serverlog:
20181208 16:40:17 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20181208 16:40:17 I OpenVPN 2.4.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 19 2018
20181208 16:40:17 I library versions: OpenSSL 1.1.1 11 Sep 2018 LZO 2.09
20181208 16:40:17 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20181208 16:40:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20181208 16:40:17 Diffie-Hellman initialized with 2048 bit key
20181208 16:40:17 I TUN/TAP device tun2 opened
20181208 16:40:17 TUN/TAP TX queue length set to 100
20181208 16:40:17 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20181208 16:40:17 I /sbin/ifconfig tun2 10.1.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.1.0.255
20181208 16:40:17 Socket Buffers: R=[172032->172032] S=[172032->172032]
20181208 16:40:17 I UDPv4 link local (bound): [AF_INET][undef]:1194
20181208 16:40:17 I UDPv4 link remote: [AF_UNSPEC]
20181208 16:40:17 MULTI: multi_init called r=256 v=256
20181208 16:40:17 IFCONFIG POOL: base=10.1.0.2 size=252 ipv6=0
20181208 16:40:17 I ifconfig_pool_read() in='MyUsername 10.1.0.2' TODO: IPv6
20181208 16:40:17 I succeeded -> ifconfig_pool_set()
20181208 16:40:17 IFCONFIG POOL LIST
20181208 16:40:17 MyUsername 10.1.0.2
20181208 16:40:17 I Initialization Sequence Completed
20181208 16:40:30 37.0.0.0:21709 TLS: Initial packet from [AF_INET]37.0.0.0:21709 sid=f5b847ec 74e5fa49
20181208 16:40:31 37.0.0.0:21709 VERIFY OK: depth=1 C=FR ST=74 L=Location O=ET OU=changeme CN=OpenVPN-ET name=changeme emailAddress=MyEmail
20181208 16:40:31 37.0.0.0:21709 VERIFY OK: depth=0 C=FR ST=74 L=Location O=ET OU=changeme CN=MyUsername name=changeme emailAddress=MyEmail
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_VER=2.4.6
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_PLAT=win
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_PROTO=2
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_NCP=2
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_LZ4=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_LZ4v2=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_LZO=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_COMP_STUB=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_COMP_STUBv2=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_TCPNL=1
20181208 16:40:31 I 37.0.0.0:21709 peer info: IV_GUI_VER=OpenVPN_GUI_11
20181208 16:40:31 37.0.0.0:21709 Control Channel: TLSv1.2 cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 4096 bit RSA
20181208 16:40:31 I 37.0.0.0:21709 [MyUsername] Peer Connection Initiated with [AF_INET]37.0.0.0:21709
20181208 16:40:31 I MyUsername/37.0.0.0:21709 MULTI_sva: pool returned IPv4=10.1.0.2 IPv6=(Not enabled)
20181208 16:40:31 MyUsername/37.0.0.0:21709 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_01a461763fd38d62.tmp
20181208 16:40:31 MyUsername/37.0.0.0:21709 MULTI: Learn: 10.1.0.2 -> MyUsername/37.0.0.0:21709
20181208 16:40:31 MyUsername/37.0.0.0:21709 MULTI: primary virtual IP for MyUsername/37.0.0.0:21709: 10.1.0.2
20181208 16:40:32 MyUsername/37.0.0.0:21709 PUSH: Received control message: 'PUSH_REQUEST'
20181208 16:40:32 MyUsername/37.0.0.0:21709 SENT CONTROL [MyUsername]: 'PUSH_REPLY redirect-gateway def1 route 192.168.0.0 255.255.255.0 dhcp-option DNS 10.1.0.1 redirect-gateway def1 route-gateway 10.1.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.1.0.2 255.255.255.0 peer-id 0 cipher AES-256-GCM' (status=1)
20181208 16:40:32 MyUsername/37.0.0.0:21709 Data Channel: using negotiated cipher 'AES-256-GCM'
20181208 16:40:32 MyUsername/37.0.0.0:21709 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20181208 16:40:32 MyUsername/37.0.0.0:21709 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 D MANAGEMENT: CMD 'state'
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 D MANAGEMENT: CMD 'state'
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 D MANAGEMENT: CMD 'state'
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 NOTE: --mute triggered...
20181208 16:40:43 1 variation(s) on previous 3 message(s) suppressed by --mute
20181208 16:40:43 D MANAGEMENT: CMD 'status 2'
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 D MANAGEMENT: CMD 'status 2'
20181208 16:40:43 MANAGEMENT: Client disconnected
20181208 16:40:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20181208 16:40:43 D MANAGEMENT: CMD 'log 500'


Client
OpenVPN 2.4.6-I602 on Windows 10.

Config...
Code:
client
dev tun
proto udp
remote 82.0.0.0 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 4
float
tun-mtu 1500
auth-nocache

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>


Log...
Quote:
Sat Dec 08 16:40:22 2018 us=669850 Current Parameter Settings:
Sat Dec 08 16:40:22 2018 us=670921 config = 'Home_VPN_MyUsername.ovpn'
Sat Dec 08 16:40:22 2018 us=670921 mode = 0
Sat Dec 08 16:40:22 2018 us=670921 show_ciphers = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 show_digests = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 show_engines = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 genkey = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 key_pass_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 show_tls_ciphers = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 connect_retry_max = 0
Sat Dec 08 16:40:22 2018 us=670921 Connection profiles [0]:
Sat Dec 08 16:40:22 2018 us=670921 proto = udp
Sat Dec 08 16:40:22 2018 us=670921 local = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 local_port = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 remote = '82.0.0.0'
Sat Dec 08 16:40:22 2018 us=670921 remote_port = '1194'
Sat Dec 08 16:40:22 2018 us=670921 remote_float = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 bind_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 bind_local = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 bind_ipv6_only = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 connect_retry_seconds = 5
Sat Dec 08 16:40:22 2018 us=670921 connect_timeout = 120
Sat Dec 08 16:40:22 2018 us=670921 socks_proxy_server = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 socks_proxy_port = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 tun_mtu = 1500
Sat Dec 08 16:40:22 2018 us=670921 tun_mtu_defined = ENABLED
Sat Dec 08 16:40:22 2018 us=670921 link_mtu = 1500
Sat Dec 08 16:40:22 2018 us=670921 link_mtu_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 tun_mtu_extra = 0
Sat Dec 08 16:40:22 2018 us=670921 tun_mtu_extra_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 mtu_discover_type = -1
Sat Dec 08 16:40:22 2018 us=670921 fragment = 0
Sat Dec 08 16:40:22 2018 us=670921 mssfix = 1450
Sat Dec 08 16:40:22 2018 us=670921 explicit_exit_notification = 0
Sat Dec 08 16:40:22 2018 us=670921 Connection profiles END
Sat Dec 08 16:40:22 2018 us=670921 remote_random = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 ipchange = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 dev = 'tun'
Sat Dec 08 16:40:22 2018 us=670921 dev_type = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 dev_node = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 lladdr = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 topology = 1
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_local = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_remote_netmask = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_noexec = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_nowarn = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_ipv6_local = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_ipv6_netbits = 0
Sat Dec 08 16:40:22 2018 us=670921 ifconfig_ipv6_remote = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 shaper = 0
Sat Dec 08 16:40:22 2018 us=670921 mtu_test = 0
Sat Dec 08 16:40:22 2018 us=670921 mlock = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 keepalive_ping = 0
Sat Dec 08 16:40:22 2018 us=670921 keepalive_timeout = 0
Sat Dec 08 16:40:22 2018 us=670921 inactivity_timeout = 0
Sat Dec 08 16:40:22 2018 us=670921 ping_send_timeout = 0
Sat Dec 08 16:40:22 2018 us=670921 ping_rec_timeout = 0
Sat Dec 08 16:40:22 2018 us=670921 ping_rec_timeout_action = 0
Sat Dec 08 16:40:22 2018 us=670921 ping_timer_remote = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 remap_sigusr1 = 0
Sat Dec 08 16:40:22 2018 us=670921 persist_tun = ENABLED
Sat Dec 08 16:40:22 2018 us=670921 persist_local_ip = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 persist_remote_ip = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 persist_key = ENABLED
Sat Dec 08 16:40:22 2018 us=670921 passtos = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 resolve_retry_seconds = 1000000000
Sat Dec 08 16:40:22 2018 us=670921 resolve_in_advance = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 username = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 groupname = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 chroot_dir = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 cd_dir = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 writepid = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 up_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 down_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=670921 down_pre = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 up_restart = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 up_delay = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 daemon = DISABLED
Sat Dec 08 16:40:22 2018 us=670921 inetd = 0
Sat Dec 08 16:40:22 2018 us=671914 log = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 suppress_timestamps = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 machine_readable_output = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 nice = 0
Sat Dec 08 16:40:22 2018 us=671914 verbosity = 4
Sat Dec 08 16:40:22 2018 us=671914 mute = 0
Sat Dec 08 16:40:22 2018 us=671914 gremlin = 0
Sat Dec 08 16:40:22 2018 us=671914 status_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 status_file_version = 1
Sat Dec 08 16:40:22 2018 us=671914 status_file_update_freq = 60
Sat Dec 08 16:40:22 2018 us=671914 occ = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 rcvbuf = 0
Sat Dec 08 16:40:22 2018 us=671914 sndbuf = 0
Sat Dec 08 16:40:22 2018 us=671914 sockflags = 0
Sat Dec 08 16:40:22 2018 us=671914 fast_io = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 comp.alg = 0
Sat Dec 08 16:40:22 2018 us=671914 comp.flags = 0
Sat Dec 08 16:40:22 2018 us=671914 route_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 route_default_gateway = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 route_default_metric = 0
Sat Dec 08 16:40:22 2018 us=671914 route_noexec = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 route_delay = 5
Sat Dec 08 16:40:22 2018 us=671914 route_delay_window = 30
Sat Dec 08 16:40:22 2018 us=671914 route_delay_defined = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 route_nopull = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 route_gateway_via_dhcp = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 allow_pull_fqdn = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 management_addr = '127.0.0.1'
Sat Dec 08 16:40:22 2018 us=671914 management_port = '25340'
Sat Dec 08 16:40:22 2018 us=671914 management_user_pass = 'stdin'
Sat Dec 08 16:40:22 2018 us=671914 management_log_history_cache = 250
Sat Dec 08 16:40:22 2018 us=671914 management_echo_buffer_size = 100
Sat Dec 08 16:40:22 2018 us=671914 management_write_peer_info_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 management_client_user = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 management_client_group = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 management_flags = 6
Sat Dec 08 16:40:22 2018 us=671914 shared_secret_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 key_direction = not set
Sat Dec 08 16:40:22 2018 us=671914 ciphername = 'AES-256-CBC'
Sat Dec 08 16:40:22 2018 us=671914 ncp_enabled = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Dec 08 16:40:22 2018 us=671914 authname = 'SHA256'
Sat Dec 08 16:40:22 2018 us=671914 prng_hash = 'SHA1'
Sat Dec 08 16:40:22 2018 us=671914 prng_nonce_secret_len = 16
Sat Dec 08 16:40:22 2018 us=671914 keysize = 0
Sat Dec 08 16:40:22 2018 us=671914 engine = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 replay = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 mute_replay_warnings = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 replay_window = 64
Sat Dec 08 16:40:22 2018 us=671914 replay_time = 15
Sat Dec 08 16:40:22 2018 us=671914 packet_id_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 use_iv = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 test_crypto = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 tls_server = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 tls_client = ENABLED
Sat Dec 08 16:40:22 2018 us=671914 key_method = 2
Sat Dec 08 16:40:22 2018 us=671914 ca_file = '[[INLINE]]'
Sat Dec 08 16:40:22 2018 us=671914 ca_path = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 dh_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 cert_file = '[[INLINE]]'
Sat Dec 08 16:40:22 2018 us=671914 extra_certs_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 priv_key_file = '[[INLINE]]'
Sat Dec 08 16:40:22 2018 us=671914 pkcs12_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 cryptoapi_cert = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 cipher_list = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 tls_cert_profile = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 tls_verify = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 tls_export_cert = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 verify_x509_type = 0
Sat Dec 08 16:40:22 2018 us=671914 verify_x509_name = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 crl_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 ns_cert_type = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_ku[i] = 0
Sat Dec 08 16:40:22 2018 us=671914 remote_cert_eku = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 ssl_flags = 0
Sat Dec 08 16:40:22 2018 us=671914 tls_timeout = 2
Sat Dec 08 16:40:22 2018 us=671914 renegotiate_bytes = -1
Sat Dec 08 16:40:22 2018 us=671914 renegotiate_packets = 0
Sat Dec 08 16:40:22 2018 us=671914 renegotiate_seconds = 3600
Sat Dec 08 16:40:22 2018 us=671914 handshake_window = 60
Sat Dec 08 16:40:22 2018 us=671914 transition_window = 3600
Sat Dec 08 16:40:22 2018 us=671914 single_session = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 push_peer_info = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 tls_exit = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 tls_auth_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 tls_crypt_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_protected_authentication = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_private_mode = 00000000
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_cert_private = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_pin_cache_period = -1
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_id = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 pkcs11_id_management = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 server_network = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 server_netmask = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 server_network_ipv6 = ::
Sat Dec 08 16:40:22 2018 us=671914 server_netbits_ipv6 = 0
Sat Dec 08 16:40:22 2018 us=671914 server_bridge_ip = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 server_bridge_netmask = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 server_bridge_pool_start = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 server_bridge_pool_end = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_start = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_end = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_netmask = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_pool_persist_refresh_freq = 600
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_ipv6_pool_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_ipv6_pool_base = ::
Sat Dec 08 16:40:22 2018 us=671914 ifconfig_ipv6_pool_netbits = 0
Sat Dec 08 16:40:22 2018 us=672926 n_bcast_buf = 256
Sat Dec 08 16:40:22 2018 us=672926 tcp_queue_limit = 64
Sat Dec 08 16:40:22 2018 us=672926 real_hash_size = 256
Sat Dec 08 16:40:22 2018 us=672926 virtual_hash_size = 256
Sat Dec 08 16:40:22 2018 us=672926 client_connect_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 learn_address_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 client_disconnect_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 client_config_dir = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 ccd_exclusive = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 tmp_dir = 'C:\Users\MyUsername\AppData\Local\Temp\'
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_local = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_remote_netmask = 0.0.0.0
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_ipv6_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_ipv6_local = ::/0
Sat Dec 08 16:40:22 2018 us=672926 push_ifconfig_ipv6_remote = ::
Sat Dec 08 16:40:22 2018 us=672926 enable_c2c = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 duplicate_cn = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 cf_max = 0
Sat Dec 08 16:40:22 2018 us=672926 cf_per = 0
Sat Dec 08 16:40:22 2018 us=672926 max_clients = 1024
Sat Dec 08 16:40:22 2018 us=672926 max_routes_per_client = 256
Sat Dec 08 16:40:22 2018 us=672926 auth_user_pass_verify_script = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 auth_user_pass_verify_script_via_file = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 auth_token_generate = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 auth_token_lifetime = 0
Sat Dec 08 16:40:22 2018 us=672926 client = ENABLED
Sat Dec 08 16:40:22 2018 us=672926 pull = ENABLED
Sat Dec 08 16:40:22 2018 us=672926 auth_user_pass_file = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 show_net_up = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 route_method = 3
Sat Dec 08 16:40:22 2018 us=672926 block_outside_dns = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 ip_win32_defined = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 ip_win32_type = 3
Sat Dec 08 16:40:22 2018 us=672926 dhcp_masq_offset = 0
Sat Dec 08 16:40:22 2018 us=672926 dhcp_lease_time = 31536000
Sat Dec 08 16:40:22 2018 us=672926 tap_sleep = 0
Sat Dec 08 16:40:22 2018 us=672926 dhcp_options = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 dhcp_renew = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 dhcp_pre_release = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 domain = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 netbios_scope = '[UNDEF]'
Sat Dec 08 16:40:22 2018 us=672926 netbios_node_type = 0
Sat Dec 08 16:40:22 2018 us=672926 disable_nbt = DISABLED
Sat Dec 08 16:40:22 2018 us=672926 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Dec 08 16:40:22 2018 us=672926 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Dec 08 16:40:22 2018 us=672926 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Dec 08 16:40:22 2018 us=673580 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Dec 08 16:40:22 2018 us=673580 Need hold release from management interface, waiting...
Sat Dec 08 16:40:23 2018 us=137330 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Dec 08 16:40:23 2018 us=239998 MANAGEMENT: CMD 'state on'
Sat Dec 08 16:40:23 2018 us=239998 MANAGEMENT: CMD 'log all on'
Sat Dec 08 16:40:23 2018 us=368896 MANAGEMENT: CMD 'echo all on'
Sat Dec 08 16:40:23 2018 us=369930 MANAGEMENT: CMD 'bytecount 5'
Sat Dec 08 16:40:23 2018 us=373397 MANAGEMENT: CMD 'hold off'
Sat Dec 08 16:40:23 2018 us=374435 MANAGEMENT: CMD 'hold release'
Sat Dec 08 16:40:31 2018 us=640862 MANAGEMENT: CMD 'password [...]'
Sat Dec 08 16:40:31 2018 us=643855 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Dec 08 16:40:31 2018 us=643855 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Dec 08 16:40:31 2018 us=644850 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Sat Dec 08 16:40:31 2018 us=644850 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Sat Dec 08 16:40:31 2018 us=644850 TCP/UDP: Preserving recently used remote address: [AF_INET]82.0.0.0:1194
Sat Dec 08 16:40:31 2018 us=644850 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Dec 08 16:40:31 2018 us=644850 UDP link local: (not bound)
Sat Dec 08 16:40:31 2018 us=644850 UDP link remote: [AF_INET]82.0.0.0:1194
Sat Dec 08 16:40:31 2018 us=644850 MANAGEMENT: >STATE:1544283631,WAIT,,,,,,
Sat Dec 08 16:40:31 2018 us=721213 MANAGEMENT: >STATE:1544283631,AUTH,,,,,,
Sat Dec 08 16:40:31 2018 us=721213 TLS: Initial packet from [AF_INET]82.0.0.0:1194, sid=d3d608d1 e6c22d86
Sat Dec 08 16:40:32 2018 us=687415 VERIFY OK: depth=1, C=FR, ST=74, L=Location, O=ET, OU=changeme, CN=OpenVPN-ET, name=changeme, emailAddress=MyEmail
Sat Dec 08 16:40:32 2018 us=687415 VERIFY OK: depth=0, C=FR, ST=74, L=Location, O=ET, OU=changeme, CN=server, name=changeme, emailAddress=MyEmail
Sat Dec 08 16:40:32 2018 us=872282 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sat Dec 08 16:40:32 2018 us=872282 [server] Peer Connection Initiated with [AF_INET]82.0.0.0:1194
Sat Dec 08 16:40:34 2018 us=102269 MANAGEMENT: >STATE:1544283634,GET_CONFIG,,,,,,
Sat Dec 08 16:40:34 2018 us=102269 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Dec 08 16:40:34 2018 us=201522 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 192.168.0.0 255.255.255.0,dhcp-option DNS 10.1.0.1,redirect-gateway def1,route-gateway 10.1.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.1.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: route options modified
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: route-related options modified
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: peer-id set
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: adjusting link_mtu to 1624
Sat Dec 08 16:40:34 2018 us=201522 OPTIONS IMPORT: data channel crypto options modified
Sat Dec 08 16:40:34 2018 us=201522 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Dec 08 16:40:34 2018 us=202569 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Sat Dec 08 16:40:34 2018 us=202569 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 08 16:40:34 2018 us=202569 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 08 16:40:34 2018 us=202569 interactive service msg_channel=120
Sat Dec 08 16:40:34 2018 us=218858 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=24 HWADDR=de:0c:5c:b6:23:2d
Sat Dec 08 16:40:34 2018 us=245784 open_tun
Sat Dec 08 16:40:34 2018 us=246779 TAP-WIN32 device [Ethernet 6] opened: \\.\Global\{1080A922-06F8-4829-943D-67CF56869E96}.tap
Sat Dec 08 16:40:34 2018 us=247778 TAP-Windows Driver Version 9.21
Sat Dec 08 16:40:34 2018 us=247778 TAP-Windows MTU=1500
Sat Dec 08 16:40:34 2018 us=249775 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.0.0/10.1.0.2/255.255.255.0 [SUCCEEDED]
Sat Dec 08 16:40:34 2018 us=249775 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.0.2/255.255.255.0 on interface {1080A922-06F8-4829-943D-67CF56869E96} [DHCP-serv: 10.1.0.254, lease-time: 31536000]
Sat Dec 08 16:40:34 2018 us=249775 DHCP option string: 06040a01 0001
Sat Dec 08 16:40:34 2018 us=249775 Successful ARP Flush on interface [5] {1080A922-06F8-4829-943D-67CF56869E96}
Sat Dec 08 16:40:34 2018 us=258705 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 08 16:40:34 2018 us=258705 MANAGEMENT: >STATE:1544283634,ASSIGN_IP,,10.1.0.2,,,,
Sat Dec 08 16:40:39 2018 us=353351 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Dec 08 16:40:39 2018 us=353351 C:\Windows\system32\route.exe ADD 82.0.0.0 MASK 255.255.255.255 172.20.10.1
Sat Dec 08 16:40:39 2018 us=355346 Route addition via service succeeded
Sat Dec 08 16:40:39 2018 us=355346 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.1.0.1
Sat Dec 08 16:40:39 2018 us=358145 Route addition via service succeeded
Sat Dec 08 16:40:39 2018 us=358145 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.1.0.1
Sat Dec 08 16:40:39 2018 us=360647 Route addition via service succeeded
Sat Dec 08 16:40:39 2018 us=360647 MANAGEMENT: >STATE:1544283639,ADD_ROUTES,,,,,,
Sat Dec 08 16:40:39 2018 us=360647 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.1.0.1
Sat Dec 08 16:40:39 2018 us=363000 Route addition via service succeeded
Sat Dec 08 16:40:39 2018 us=363000 Initialization Sequence Completed
Sat Dec 08 16:40:39 2018 us=363000 MANAGEMENT: >STATE:1544283639,CONNECTED,SUCCESS,10.1.0.2,82.0.0.0,1194,,

Any idea?
Thanks for your help! Smile


Last edited by FTP on Tue Jul 30, 2019 7:33; edited 5 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3765
Location: Netherlands

PostPosted: Sun Dec 09, 2018 22:04    Post subject: Reply with quote
A couple of ideas Smile

As this seems a server connected to the WAN it should be set up as "Wan up"

LZO compression is disabled this can be right (actually it is the most safest) but you have to make sure the client side is set the same.
When in doubt use LZO compression: No, but probably "Disabled" seems right at the moment

The only firewall you need is:
Code:
iptables -t nat -I POSTROUTING -s 10.1.0.0/24 -o $(nvram get wan_iface) -j MASQUERADE
get rid of all the others

The entries in the additional config are either redundant or wrong
push route 192.168.0.0 etc is redundant because you are pushing a redirect default gateway
push dhcpoption 10.1.0.1 is wrong (and could be the cause of your trouble)
push redirect default gateway etc is redundant, because you have enabled that in the gui

So remove all entries

It is getting late but I hope that this helps, otherwise I will have a fresh look in the morning

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
FTP
DD-WRT User


Joined: 01 Jul 2012
Posts: 61

PostPosted: Sun Dec 09, 2018 22:57    Post subject: Reply with quote
Hi egc,

I'm quite happy you answered as I was at the same time reading your interesting guide...
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1146876
Thanks for posting it!

So I already applied some of your recommendations below Wink

egc wrote:
As this seems a server connected to the WAN it should be set up as "Wan up"

Done!
I also saw the recommendation 1h ago on the Wiki here...
https://wiki.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24+#Troubleshooting

egc wrote:
LZO compression is disabled this can be right (actually it is the most safest) but you have to make sure the client side is set the same.
When in doubt use LZO compression: No, but probably "Disabled" seems right at the moment

Yes, I also saw the recommendation from OpenVPN here...
https://community.openvpn.net/openvpn/wiki/VORACLE
...so I completely disabled it, it's not activated on the client side) and it works.
I also tested your suggestion "No"/"No", it also works, but there's 2 additional mention of the compression in the logs (compared to the "Disabled" option) so I chose to keep "Disabled".

egc wrote:
The only firewall you need is:
Code:
iptables -t nat -I POSTROUTING -s 10.1.0.0/24 -o $(nvram get wan_iface) -j MASQUERADE
get rid of all the others

Yep, saw it in your guide and applied it.

egc wrote:
The onlyThe entries in the additional config are either redundant or wrong
push route 192.168.0.0 etc is redundant because you are pushing a redirect default gateway
push dhcpoption 10.1.0.1 is wrong (and could be the cause of your trouble)
push redirect default gateway etc is redundant, because you have enabled that in the gui

So remove all entries

Same, saw it in your guide and applied it.

But... unfortunately no improvement.
I agree, all those advises work and make a cleaner setup, but it still not solve the issue Sad

The clients connect, I can ping everything (LAN and WAN), but in a browser everything finishes in timeout.

egc wrote:
It is getting late but I hope that this helps, otherwise I will have a fresh look in the morning

Thanks. Good night! I'm on the same time zone as you Wink

P.S. 1: I've also added "remote-cert-tls server" in the client config.
It solved the only warning I had in the client log.
P.S. 2: I've updated screen shots and config above to make it easier for tomorrow.
FTP
DD-WRT User


Joined: 01 Jul 2012
Posts: 61

PostPosted: Mon Dec 10, 2018 10:11    Post subject: Reply with quote
Ok, I've found the issue! Smile
All the settings above are correct.

But the full story is... before I installed my DD-WRT router back on my local network, the routing/firewal was done by my ISP box. And I used to access my NAS via it's own OpenVPN access (with the port 1194 open on the box).

Then I decided it would be safer to switch my ISP box to bridge mode, add the DD-WRT router right behind it and setup OpenVPN directly on the router and not on the NAS any more.

So I added the DD-WRT router on the network, updated the cabling, did all the setup (box, router & OpenVPN) and ended-up with those trafic issues.

But running tests to try to find the issue, I among other switched to the default OpenVPN network (10.8.0.0), to see if it would make any difference.
It was worst.

So I thought it was probably worst because it was creating a conflict with the NAS OpenVPN network (which was setup on 10.8.0.0 - that's also the reason why I originally chose 10.1.0.0 for the DD-WRT OpenVPN).
But in fact, I also realized everything was still up and running on the NAS, OpenVPN and the NAS firewall rules. I never disabled them Sad

So that's what I did, rebooted the NAS and all the conflicts were gone, OpenVPN on DD-WRT started to work as expected! Very Happy

That's it. Thanks again for your guide!
It's very up-to-date, with a lot of very useful explanations, which is sometimes missing on those forums where some people tend to give answers without any explanation regarding why we do it and what will be the effects/consequences Smile
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3765
Location: Netherlands

PostPosted: Mon Dec 10, 2018 10:44    Post subject: Reply with quote
Glad you found the issue.
A lot of guides are out of date unfortunately.
But it is difficult to keep track of all the changes and updates.

But that is what's the forum is for Smile

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum