That client log suggests you are trying to connect the OpenVPN server @ 10.8.0.1, which makes no sense. That's the local IP of the tunnel (wrt the server), which only gets established once your remote OpenVPN client using its *public* IP to connect to your router's WAN using its *public* IP.
As a side note, not a good idea to use the well-known port of 1194 for your own OpenVPN server. That just makes it an obvious target for hackers. Better to use something more obscure, like 11327 or whatever.
Does the dd-wrt OpenVPN server log at least show an *attempt* by the OpenVPN client to connect to the server, even if that ultimately fails? Because if it doesn't, then you're not even reaching the server for some reason. That's the first hurdle. Once reached, THEN you can worry about why the two sides can't complete the connection (e.g., misconfiguration by one side or the other).
20210120 19:44:50 N 192.168.1.100:49276 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.100:49276
20210120 19:44:51 N 192.168.1.100:49276 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1611197084) 2021-01-20 19:44:44 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
The connection attempt by the OpenVPN client is coming from a *private* IP!
20210120 19:44:50 N 192.168.1.100:49276 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.100:49276
Why? This should normally be a *public* IP, from a client on the internet.
[remote ovpn client: public IP = 199.199.199.199]<-internet->[your router: wan/public ip = 188.188.188.188]
The connection attempt in the server log would then display 199.199.199.199 (using my arbitrary example) rather than 192.168.1.100
I'm getting the impression you're attempting to connect to the OpenVPN server from an OpenVPN client that is *inside* the same local network (specifically 192.168.1.100), which won't work! The OpenVPN client *must* be outside the local network, on the internet, w/ its own public IP.
yes , my laptop is connected to the wifi router, the same router that has openvpn enabled. Can I connect to openvpn from inside the network? or route all the traffic through the vpn in my network?
yes , my laptop is connected to the wifi router, the same router that has openvpn enabled. Can I connect to openvpn from inside the network? or route all the traffic through the vpn in my network?
Again, the OpenVPN client can NOT be accessing the OpenVPN server from inside the same local network. That client *must* be located outside that network, normally the internet. This is because a VPN is unique when it comes to remote access. The VPN changes the routing tables on the client, and you end up w/ the client having ambiguous routing information. The remote network the client is trying to reach (e.g., 192.168.1.x) via the VPN is the same one it's already on locally! So how should references to 192.168.1.x be routed? Locally or over the VPN? It's ambiguous. And so you're going to have endless problems if you insist on trying to access your OpenVPN server from the same local network.
Joined: 18 Mar 2014 Posts: 12887 Location: Netherlands
Posted: Thu Jan 21, 2021 7:19 Post subject:
The main problem is already tackled by @eibgrad
So just some remarks.
You did not install the latest version (that is not the problem at this moment) but have a look at the forum guidelines which will tell you everything to know to get a good start at DDWRT (e.g. where to find the latest builds and that you should always state router model and build number to get the best support):
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
There are also some settings which need attention.
I would start with Enabling "Redirect default Gateway" on the server side, at this moment you seem not have any route set.
Furthermore using compression is not safe so I would turn that off.
All these things can be found in the manuals and trouble shooting guide (also that you cannot test from inside your network)
So why not head over to the documentation
A vpn server is used to connect back to your home network LAN when your outside, say sat on a beech, airport, pub etc to reach your home network for files etc.
seems to me you may have your wires crossed and want to encrypt you data to stop your isp seeing what your doing?
If that's the case most people would subscribe to a commercial vpn server eg NordVPN or others you then configure a vpn client. _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
