Help setting up OpenVPN on Cellular Modem

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3  Next
Author Message
tiestobob
DD-WRT Novice


Joined: 09 Feb 2021
Posts: 16

PostPosted: Wed Feb 10, 2021 6:16    Post subject: Help setting up OpenVPN on Cellular Modem Reply with quote
Hi all!

A newbie here to IT/networking please bear with me. I have to setup this cellular modem to basically be able to remote into field devices from my laptop. I've configured the sim card, apn settings, and all that so there is internet connectivity when I hook up an ethernet cable to the cellular modem so I'm able to get an internet connection.

Now I'm trying to setup an OpenVPN server on this cellular modem and I was made aware that my particular modem (YF325) is using the DD-WRT firmware. The cellular modem sim also has a static IP address that I purchased for this purpose.

I generated my certificates using EasyRSA 3 using key length 2048 and rsa algorithm.

So my server side configuration on the modem's config page looks like the attached pic.

And on my client side I have the .ovpn file like this (just headers are shown; ca & client certificate & key are pasted below it but not shown here)

Code:

client
proto tcp
#explicit-exit-notify
remote 96.1.40.179 443
#dev tun
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
#verify-x509-name server_6zpFDoSKSTcAC3nz name
auth SHA256
auth-nocache
#cipher AES-128-GCM
cipher AES-256-CBC
tls-client
tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA256
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
comp-lzo
verb 5


And here is my openvpn log file output:

Code:
Wed Feb 10 01:07:21 2021 us=210224 Current Parameter Settings:
Wed Feb 10 01:07:21 2021 us=211220   config = 'og.ovpn'
Wed Feb 10 01:07:21 2021 us=211220   mode = 0
Wed Feb 10 01:07:21 2021 us=211220   show_ciphers = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   show_digests = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   show_engines = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   genkey = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   key_pass_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   show_tls_ciphers = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   connect_retry_max = 0
Wed Feb 10 01:07:21 2021 us=211220 Connection profiles [0]:
Wed Feb 10 01:07:21 2021 us=211220   proto = tcp-client
Wed Feb 10 01:07:21 2021 us=211220   local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   local_port = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   remote = '96.1.40.179'
Wed Feb 10 01:07:21 2021 us=211220   remote_port = '443'
Wed Feb 10 01:07:21 2021 us=211220   remote_float = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   bind_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   bind_local = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   bind_ipv6_only = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   connect_retry_seconds = 5
Wed Feb 10 01:07:21 2021 us=211220   connect_timeout = 120
Wed Feb 10 01:07:21 2021 us=211220   socks_proxy_server = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   socks_proxy_port = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   tun_mtu = 1500
Wed Feb 10 01:07:21 2021 us=211220   tun_mtu_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211220   link_mtu = 1500
Wed Feb 10 01:07:21 2021 us=211220   link_mtu_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   tun_mtu_extra = 32
Wed Feb 10 01:07:21 2021 us=211220   tun_mtu_extra_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211220   mtu_discover_type = -1
Wed Feb 10 01:07:21 2021 us=211220   fragment = 0
Wed Feb 10 01:07:21 2021 us=211220   mssfix = 1450
Wed Feb 10 01:07:21 2021 us=211220   explicit_exit_notification = 0
Wed Feb 10 01:07:21 2021 us=211220 Connection profiles END
Wed Feb 10 01:07:21 2021 us=211220   remote_random = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   ipchange = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   dev = 'tap'
Wed Feb 10 01:07:21 2021 us=211220   dev_type = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   dev_node = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   lladdr = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   topology = 1
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_remote_netmask = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_noexec = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_nowarn = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_ipv6_local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_ipv6_netbits = 0
Wed Feb 10 01:07:21 2021 us=211220   ifconfig_ipv6_remote = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220   shaper = 0
Wed Feb 10 01:07:21 2021 us=211220   mtu_test = 0
Wed Feb 10 01:07:21 2021 us=211220   mlock = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   keepalive_ping = 0
Wed Feb 10 01:07:21 2021 us=211220   keepalive_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220   inactivity_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220   ping_send_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220   ping_rec_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220   ping_rec_timeout_action = 0
Wed Feb 10 01:07:21 2021 us=211220   ping_timer_remote = DISABLED
Wed Feb 10 01:07:21 2021 us=211220   remap_sigusr1 = 0
Wed Feb 10 01:07:21 2021 us=211220   persist_tun = ENABLED
Wed Feb 10 01:07:21 2021 us=211638   persist_local_ip = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   persist_remote_ip = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   persist_key = ENABLED
Wed Feb 10 01:07:21 2021 us=211638   passtos = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   resolve_retry_seconds = 1000000000
Wed Feb 10 01:07:21 2021 us=211638   resolve_in_advance = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   username = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   groupname = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   chroot_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   cd_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   writepid = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   up_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   down_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   down_pre = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   up_restart = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   up_delay = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   daemon = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   inetd = 0
Wed Feb 10 01:07:21 2021 us=211638   log = ENABLED
Wed Feb 10 01:07:21 2021 us=211638   suppress_timestamps = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   machine_readable_output = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   nice = 0
Wed Feb 10 01:07:21 2021 us=211638   verbosity = 5
Wed Feb 10 01:07:21 2021 us=211638   mute = 0
Wed Feb 10 01:07:21 2021 us=211638   gremlin = 0
Wed Feb 10 01:07:21 2021 us=211638   status_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   status_file_version = 1
Wed Feb 10 01:07:21 2021 us=211638   status_file_update_freq = 60
Wed Feb 10 01:07:21 2021 us=211638   occ = ENABLED
Wed Feb 10 01:07:21 2021 us=211638   rcvbuf = 0
Wed Feb 10 01:07:21 2021 us=211638   sndbuf = 0
Wed Feb 10 01:07:21 2021 us=211638   sockflags = 0
Wed Feb 10 01:07:21 2021 us=211638   fast_io = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   comp.alg = 2
Wed Feb 10 01:07:21 2021 us=211638   comp.flags = 1
Wed Feb 10 01:07:21 2021 us=211638   route_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   route_default_gateway = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   route_default_metric = 0
Wed Feb 10 01:07:21 2021 us=211638   route_noexec = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   route_delay = 5
Wed Feb 10 01:07:21 2021 us=211638   route_delay_window = 30
Wed Feb 10 01:07:21 2021 us=211638   route_delay_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211638   route_nopull = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   route_gateway_via_dhcp = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   allow_pull_fqdn = DISABLED
Wed Feb 10 01:07:21 2021 us=211638   management_addr = '127.0.0.1'
Wed Feb 10 01:07:21 2021 us=211638   management_port = '25340'
Wed Feb 10 01:07:21 2021 us=211638   management_user_pass = 'stdin'
Wed Feb 10 01:07:21 2021 us=211638   management_log_history_cache = 250
Wed Feb 10 01:07:21 2021 us=211638   management_echo_buffer_size = 100
Wed Feb 10 01:07:21 2021 us=211638   management_write_peer_info_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   management_client_user = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   management_client_group = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638   management_flags = 6
Wed Feb 10 01:07:21 2021 us=211638   shared_secret_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   key_direction = not set
Wed Feb 10 01:07:21 2021 us=212218   ciphername = 'AES-256-CBC'
Wed Feb 10 01:07:21 2021 us=212218   ncp_enabled = ENABLED
Wed Feb 10 01:07:21 2021 us=212218   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Feb 10 01:07:21 2021 us=212218   authname = 'SHA256'
Wed Feb 10 01:07:21 2021 us=212218   prng_hash = 'SHA1'
Wed Feb 10 01:07:21 2021 us=212218   prng_nonce_secret_len = 16
Wed Feb 10 01:07:21 2021 us=212218   keysize = 0
Wed Feb 10 01:07:21 2021 us=212218   engine = DISABLED
Wed Feb 10 01:07:21 2021 us=212218   replay = ENABLED
Wed Feb 10 01:07:21 2021 us=212218   mute_replay_warnings = DISABLED
Wed Feb 10 01:07:21 2021 us=212218   replay_window = 64
Wed Feb 10 01:07:21 2021 us=212218   replay_time = 15
Wed Feb 10 01:07:21 2021 us=212218   packet_id_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   use_iv = ENABLED
Wed Feb 10 01:07:21 2021 us=212218   test_crypto = DISABLED
Wed Feb 10 01:07:21 2021 us=212218   tls_server = DISABLED
Wed Feb 10 01:07:21 2021 us=212218   tls_client = ENABLED
Wed Feb 10 01:07:21 2021 us=212218   key_method = 2
Wed Feb 10 01:07:21 2021 us=212218   ca_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218   ca_path = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   dh_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   cert_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218   extra_certs_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   priv_key_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218   pkcs12_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   cryptoapi_cert = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   cipher_list = 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256'
Wed Feb 10 01:07:21 2021 us=212218   cipher_list_tls13 = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   tls_cert_profile = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   tls_verify = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   tls_export_cert = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   verify_x509_type = 0
Wed Feb 10 01:07:21 2021 us=212218   verify_x509_name = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   crl_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218   ns_cert_type = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 65535
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691   remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691   remote_cert_eku = 'TLS Web Server Authentication'
Wed Feb 10 01:07:21 2021 us=212691   ssl_flags = 192
Wed Feb 10 01:07:21 2021 us=212691   tls_timeout = 2
Wed Feb 10 01:07:21 2021 us=212691   renegotiate_bytes = -1
Wed Feb 10 01:07:21 2021 us=212691   renegotiate_packets = 0
Wed Feb 10 01:07:21 2021 us=212691   renegotiate_seconds = 3600
Wed Feb 10 01:07:21 2021 us=212691   handshake_window = 60
Wed Feb 10 01:07:21 2021 us=212691   transition_window = 3600
Wed Feb 10 01:07:21 2021 us=212691   single_session = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   push_peer_info = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   tls_exit = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   tls_auth_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   tls_crypt_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_pin_cache_period = -1
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_id = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   pkcs11_id_management = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   server_network = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   server_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   server_network_ipv6 = ::
Wed Feb 10 01:07:21 2021 us=212691   server_netbits_ipv6 = 0
Wed Feb 10 01:07:21 2021 us=212691   server_bridge_ip = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   server_bridge_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   server_bridge_pool_start = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   server_bridge_pool_end = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_start = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_end = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_pool_persist_refresh_freq = 600
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_ipv6_pool_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_ipv6_pool_base = ::
Wed Feb 10 01:07:21 2021 us=212691   ifconfig_ipv6_pool_netbits = 0
Wed Feb 10 01:07:21 2021 us=212691   n_bcast_buf = 256
Wed Feb 10 01:07:21 2021 us=212691   tcp_queue_limit = 64
Wed Feb 10 01:07:21 2021 us=212691   real_hash_size = 256
Wed Feb 10 01:07:21 2021 us=212691   virtual_hash_size = 256
Wed Feb 10 01:07:21 2021 us=212691   client_connect_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   learn_address_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   client_disconnect_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   client_config_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691   ccd_exclusive = DISABLED
Wed Feb 10 01:07:21 2021 us=212691   tmp_dir = 'C:\Users\HBUYUK~1\AppData\Local\Temp\'
Wed Feb 10 01:07:21 2021 us=212691   push_ifconfig_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   push_ifconfig_local = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=213218   push_ifconfig_remote_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=213218   push_ifconfig_ipv6_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   push_ifconfig_ipv6_local = ::/0
Wed Feb 10 01:07:21 2021 us=213218   push_ifconfig_ipv6_remote = ::
Wed Feb 10 01:07:21 2021 us=213218   enable_c2c = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   duplicate_cn = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   cf_max = 0
Wed Feb 10 01:07:21 2021 us=213218   cf_per = 0
Wed Feb 10 01:07:21 2021 us=213218   max_clients = 1024
Wed Feb 10 01:07:21 2021 us=213218   max_routes_per_client = 256
Wed Feb 10 01:07:21 2021 us=213218   auth_user_pass_verify_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218   auth_user_pass_verify_script_via_file = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   auth_token_generate = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   auth_token_lifetime = 0
Wed Feb 10 01:07:21 2021 us=213218   client = ENABLED
Wed Feb 10 01:07:21 2021 us=213218   pull = ENABLED
Wed Feb 10 01:07:21 2021 us=213218   auth_user_pass_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218   show_net_up = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   route_method = 0
Wed Feb 10 01:07:21 2021 us=213218   block_outside_dns = ENABLED
Wed Feb 10 01:07:21 2021 us=213218   ip_win32_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   ip_win32_type = 3
Wed Feb 10 01:07:21 2021 us=213218   dhcp_masq_offset = 0
Wed Feb 10 01:07:21 2021 us=213218   dhcp_lease_time = 31536000
Wed Feb 10 01:07:21 2021 us=213218   tap_sleep = 0
Wed Feb 10 01:07:21 2021 us=213218   dhcp_options = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   dhcp_renew = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   dhcp_pre_release = DISABLED
Wed Feb 10 01:07:21 2021 us=213218   domain = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218   netbios_scope = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218   netbios_node_type = 0
Wed Feb 10 01:07:21 2021 us=213218   disable_nbt = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Wed Feb 10 01:07:21 2021 us=213218 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Feb 10 01:07:21 2021 us=213218 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Wed Feb 10 01:07:21 2021 us=214214 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Feb 10 01:07:21 2021 us=214214 Need hold release from management interface, waiting...
Wed Feb 10 01:07:21 2021 us=709626 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Feb 10 01:07:21 2021 us=831176 MANAGEMENT: CMD 'state on'
Wed Feb 10 01:07:21 2021 us=831494 MANAGEMENT: CMD 'log all on'
Wed Feb 10 01:07:21 2021 us=974944 MANAGEMENT: CMD 'echo all on'
Wed Feb 10 01:07:21 2021 us=975941 MANAGEMENT: CMD 'bytecount 5'
Wed Feb 10 01:07:21 2021 us=977936 MANAGEMENT: CMD 'hold off'
Wed Feb 10 01:07:21 2021 us=978965 MANAGEMENT: CMD 'hold release'
Wed Feb 10 01:07:22 2021 us=521 LZO compression initializing
Wed Feb 10 01:07:22 2021 us=833 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Feb 10 01:07:22 2021 us=833 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Wed Feb 10 01:07:22 2021 us=833 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Feb 10 01:07:22 2021 us=833 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Feb 10 01:07:22 2021 us=1841 TCP/UDP: Preserving recently used remote address: [AF_INET]96.1.40.179:443
Wed Feb 10 01:07:22 2021 us=2020 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Feb 10 01:07:22 2021 us=2020 Attempting to establish TCP connection with [AF_INET]96.1.40.179:443 [nonblock]
Wed Feb 10 01:07:22 2021 us=2020 MANAGEMENT: >STATE:1612937242,TCP_CONNECT,,,,,,
Wed Feb 10 01:09:23 2021 us=15487 TCP: connect to [AF_INET]96.1.40.179:443 failed: Unknown error
Wed Feb 10 01:09:23 2021 us=26070 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Feb 10 01:09:23 2021 us=26070 MANAGEMENT: >STATE:1612937363,RECONNECTING,init_instance,,,,,
Wed Feb 10 01:09:23 2021 us=26070 Restart pause, 5 second(s)
Wed Feb 10 01:09:28 2021 us=81760 Re-using SSL/TLS context
Wed Feb 10 01:09:28 2021 us=81760 LZO compression initializing
Wed Feb 10 01:09:28 2021 us=81760 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Feb 10 01:09:28 2021 us=81760 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Wed Feb 10 01:09:28 2021 us=82102 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Feb 10 01:09:28 2021 us=82102 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Feb 10 01:09:28 2021 us=82102 TCP/UDP: Preserving recently used remote address: [AF_INET]96.1.40.179:443
Wed Feb 10 01:09:28 2021 us=82251 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Feb 10 01:09:28 2021 us=82251 Attempting to establish TCP connection with [AF_INET]96.1.40.179:443 [nonblock]
Wed Feb 10 01:09:28 2021 us=82251 MANAGEMENT: >STATE:1612937368,TCP_CONNECT,,,,,,
Wed Feb 10 01:10:27 2021 us=566793 TCP/UDP: Closing socket
Wed Feb 10 01:10:27 2021 us=566954 SIGTERM[hard,init_instance] received, process exiting
Wed Feb 10 01:10:27 2021 us=567128 MANAGEMENT: >STATE:1612937427,EXITING,init_instance,,,,,


I've been at this for a week now. Can someone help please? I can't seem to get it to connect. It seems like everything is in place. I've disabled the firewall on my machine as well as the one on the cellular modem. It seems like its not even trying to connect based on my research. So what could be causing that?

Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 7:34    Post subject: Reply with quote
I see you're using port 443, which I don't generally recommend for home servers. It's quite common for ISPs to block inbound ports 80 and 443, esp. for NON business customers. Or something else on the router might already be bound to that same port (e.g., the GUI). At the very least, I would try something less likely to have conflicts, like port 10000 or above. Even if 443 worked, you'd end up having that port pounded all day by hackers looking for vulnerabilities.
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 7:59    Post subject: Reply with quote
P.S. Another word of caution.

I also see you're using the bridged (TAP) version of OpenVPN, and you've specified dhcp-proxy mode. I've never been able to get dhcp-proxy mode to work on the router (I suspect because it's only available on certain OS platforms, and Linux is probably not one of them). I've always had to disable it and specify an IP pool (something you reserve outside the scope of the DHCP server on the OpenVPN server's network).

You can certainly try dhcp-proxy mode. And I'd be interested if it worked (been a long time since I've tried it myself, things could have changed). But if it gives you problems (iirc, it won't assign a default gateway), that may be the reason.

Of course, this is only a matter of concern once you get past your current connection issues.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Feb 10, 2021 9:19    Post subject: Reply with quote
It was something like the DHCP proxy mode is for clients using the VPN client itself and not for the LAN clients behind.
The LAN clients should just use the tunnel to get a DHCP request but the DHCP proxy was interfering with this (or something like that)

Long story short do not use DHCP proxy mode Smile

See OpenVPN server setup guide page 24 which gives some pointers about setting up a TAP connection

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 10:30    Post subject: Reply with quote
egc wrote:
It was something like the DHCP proxy mode is for clients using the VPN client itself and not for the LAN clients behind.
The LAN clients should just use the tunnel to get a DHCP request but the DHCP proxy was interfering with this (or something like that)


You may be right there egc. It's been way too long since I've messed w/ a bridged OpenVPN. Perhaps it wasn't a problem for the OpenVPN client itself, but only for clients behind it that want to be initialized directly over the tunnel by the remote network's DHCP server. I just don't recall. But given you don't always know where this type of configuration is going, it's probably safest to just not use dhcp-proxy mode.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Feb 10, 2021 10:33    Post subject: Reply with quote
Agreed Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 17:44    Post subject: Reply with quote
Also beware that bridged VPNs have traditionally NOT been supported on mobile platforms. In the case of my FT (FreshTomato) router, it's the reason I support both routed and bridged OpenVPN servers on my home network. But that's only possible because FT supports multiple OpenVPN server configurations. In the case of dd-wrt, you only have the one, meaning if you expect this to work w/ mobile devices too, you might want to consider a routed (TUN) configuration instead.

Also, a bridged VPN (if compromised) is significantly riskier than a routed VPN since you can't filter access. Since all clients are bridged, the firewall offers no protection. Basically, if someone gets in who isn't supposed to get in, they pretty much have total access to your network.

Bridged VPNs are *very* cool, and in some cases preferred, but users need to take these kinds of things into consideration when choosing between the two options.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
tiestobob
DD-WRT Novice


Joined: 09 Feb 2021
Posts: 16

PostPosted: Wed Feb 10, 2021 18:40    Post subject: Reply with quote
hey guys, thanks for the responses.

So not sure if I understood correctly but I changed the TCP port from 443 to 1088 and I disabled the DHCP server on the modem. Disabling the DHCP I'm confused about though. Isn't the DHCP used to assign clients an IP when they VPN in?

Anyhow, both of these didn't work regardless. Here's my settings now:

Code:

client
dev tun
proto tcp4
remote 96.1.40.179 1088
nobind
persist-key
persist-tun
remote-cert-tls server
auth-nocache
resolv-retry infinite
float
tun-mtu 1500
auth SHA256
cipher AES-256-CBC
#tls-cipher AES-256-GCM:AES-128-GCM:AES-256-CBC
#data-ciphers-fallback AES-128-CBC
verb 5

<ca>
-----BEGIN CERTIFICATE-----


The data-cipher was rejected by my openvpn 2.4.7 software so I had to comment it out. It was from your pdf file egc

Also, what do I put for the Network and Netmask? I didnt show those for security reasons since the forum is public so just wondering if it has to match that local ip on the setup page.





kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Feb 10, 2021 19:05    Post subject: Reply with quote
Okay, since nobody asked certain details and nobody interjected about image sizes:

1) What build number of DD-WRT?

2) Please refer to the forum rules and guidelines and stickies about image sizes.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 19:09    Post subject: Reply with quote
Now I'm confused. According to the Network setup page of dd-wrt that you just posted, this device is NOT in a routed configuration. IOW, it has its WAN disabled. To be honest, I'm not familiar w/ this particular device, but if it's serving as your primary router, it should be configured for routing, w/ the WAN enabled. Or else there's more going on here than we've been lead to believe (e.g., some other device is serving as the primary router).
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
tiestobob
DD-WRT Novice


Joined: 09 Feb 2021
Posts: 16

PostPosted: Wed Feb 10, 2021 19:10    Post subject: Reply with quote
kernel-panic69 wrote:
Okay, since nobody asked certain details and nobody interjected about image sizes:

1) What build number of DD-WRT?

2) Please refer to the forum rules and guidelines and stickies about image sizes.


Hi sorry about that.

The firmware is shown in the attached.

Also, on the VPN status page, it doesn't even show anything. Like it doesn't seem to be even set up as a server. I even tried to use this modem as a VPN client and it would show the page blank. And that VPN client should definitely work because it works for me when I connect to the server on my PC.
tiestobob
DD-WRT Novice


Joined: 09 Feb 2021
Posts: 16

PostPosted: Wed Feb 10, 2021 19:13    Post subject: Reply with quote
eibgrad wrote:
Now I'm confused. According to the Network setup page of dd-wrt that you just posted, this device is NOT in a routed configuration. IOW, it has its WAN disabled. To be honest, I'm not familiar w/ this particular device, but if it's serving as your primary router, it should be configured for routing, w/ the WAN enabled. Or else there's more going on here than we've been lead to believe (e.g., some other device is serving as the primary router).


Hi, I didn't post the full page of that page. Here's the top part of that page I posted earlier:
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Feb 10, 2021 19:17    Post subject: Reply with quote
What is the IP that has been assigned to the WAN?

Given this is a cellular modem, there's the possibility they have given you a NON public IP (e.g., 10.x.x.x, 192.168.x.x, 172.16.x.x.), or perhaps CGNAT (100.64.x.x), which means you can't remotely access it.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Feb 10, 2021 19:20    Post subject: Reply with quote
This router is not running any official DD-WRT firmware that I am aware of. If anything, it is a hacked version
and probably not running anything current as seen by the screenshots posted. So, any advice here may or may
not work. There has been a lot done since 2019 when it comes to OpenVPN patches, updates, and functionality in
DD-WRT. So, now I have to contact the developer to see what he thinks, and allow @egc and @eibgrad to decide
if they want a padlock put on this thing or not.

tiestobob wrote:
Now I'm trying to setup an OpenVPN server on this cellular modem and I was made aware that
my particular modem (YF325) is using the DD-WRT firmware.


http://www.yifanwireless.com/entry-level-wifi-router/yf325-series-gprs/3g/4g-wifi-router-with-sim-card-slot.html

https://dd-wrt.com/support/router-database/

https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices

https://wiki.dd-wrt.com/wiki/index.php/Known_incompatible_devices

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
tiestobob
DD-WRT Novice


Joined: 09 Feb 2021
Posts: 16

PostPosted: Wed Feb 10, 2021 19:28    Post subject: Reply with quote
eibgrad wrote:
What is the IP that has been assigned to the WAN?

Given this is a cellular modem, there's the possibility they have given you a NON public IP (e.g., 10.x.x.x, 192.168.x.x, 172.16.x.x.), or perhaps CGNAT (100.64.x.x), which means you can't remotely access it.


The static IP that we got from the cellular provider is 96.1.40.179. I assume this is the WAN IP. I'm not able to ping it, however.
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum