Posted: Wed Feb 10, 2021 6:16 Post subject: Help setting up OpenVPN on Cellular Modem
Hi all!
A newbie here to IT/networking please bear with me. I have to setup this cellular modem to basically be able to remote into field devices from my laptop. I've configured the sim card, apn settings, and all that so there is internet connectivity when I hook up an ethernet cable to the cellular modem so I'm able to get an internet connection.
Now I'm trying to setup an OpenVPN server on this cellular modem and I was made aware that my particular modem (YF325) is using the DD-WRT firmware. The cellular modem sim also has a static IP address that I purchased for this purpose.
I generated my certificates using EasyRSA 3 using key length 2048 and rsa algorithm.
So my server side configuration on the modem's config page looks like the attached pic.
And on my client side I have the .ovpn file like this (just headers are shown; ca & client certificate & key are pasted below it but not shown here)
Code:
client
proto tcp
#explicit-exit-notify
remote 96.1.40.179 443
#dev tun
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
#verify-x509-name server_6zpFDoSKSTcAC3nz name
auth SHA256
auth-nocache
#cipher AES-128-GCM
cipher AES-256-CBC
tls-client
tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA256
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
comp-lzo
verb 5
And here is my openvpn log file output:
Code:
Wed Feb 10 01:07:21 2021 us=210224 Current Parameter Settings:
Wed Feb 10 01:07:21 2021 us=211220 config = 'og.ovpn'
Wed Feb 10 01:07:21 2021 us=211220 mode = 0
Wed Feb 10 01:07:21 2021 us=211220 show_ciphers = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 show_digests = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 show_engines = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 genkey = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 key_pass_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 show_tls_ciphers = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 connect_retry_max = 0
Wed Feb 10 01:07:21 2021 us=211220 Connection profiles [0]:
Wed Feb 10 01:07:21 2021 us=211220 proto = tcp-client
Wed Feb 10 01:07:21 2021 us=211220 local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 local_port = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 remote = '96.1.40.179'
Wed Feb 10 01:07:21 2021 us=211220 remote_port = '443'
Wed Feb 10 01:07:21 2021 us=211220 remote_float = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 bind_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 bind_local = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 bind_ipv6_only = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 connect_retry_seconds = 5
Wed Feb 10 01:07:21 2021 us=211220 connect_timeout = 120
Wed Feb 10 01:07:21 2021 us=211220 socks_proxy_server = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 socks_proxy_port = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 tun_mtu = 1500
Wed Feb 10 01:07:21 2021 us=211220 tun_mtu_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211220 link_mtu = 1500
Wed Feb 10 01:07:21 2021 us=211220 link_mtu_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 tun_mtu_extra = 32
Wed Feb 10 01:07:21 2021 us=211220 tun_mtu_extra_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211220 mtu_discover_type = -1
Wed Feb 10 01:07:21 2021 us=211220 fragment = 0
Wed Feb 10 01:07:21 2021 us=211220 mssfix = 1450
Wed Feb 10 01:07:21 2021 us=211220 explicit_exit_notification = 0
Wed Feb 10 01:07:21 2021 us=211220 Connection profiles END
Wed Feb 10 01:07:21 2021 us=211220 remote_random = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 ipchange = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 dev = 'tap'
Wed Feb 10 01:07:21 2021 us=211220 dev_type = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 dev_node = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 lladdr = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 topology = 1
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_remote_netmask = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_noexec = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_nowarn = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_ipv6_local = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_ipv6_netbits = 0
Wed Feb 10 01:07:21 2021 us=211220 ifconfig_ipv6_remote = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211220 shaper = 0
Wed Feb 10 01:07:21 2021 us=211220 mtu_test = 0
Wed Feb 10 01:07:21 2021 us=211220 mlock = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 keepalive_ping = 0
Wed Feb 10 01:07:21 2021 us=211220 keepalive_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220 inactivity_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220 ping_send_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220 ping_rec_timeout = 0
Wed Feb 10 01:07:21 2021 us=211220 ping_rec_timeout_action = 0
Wed Feb 10 01:07:21 2021 us=211220 ping_timer_remote = DISABLED
Wed Feb 10 01:07:21 2021 us=211220 remap_sigusr1 = 0
Wed Feb 10 01:07:21 2021 us=211220 persist_tun = ENABLED
Wed Feb 10 01:07:21 2021 us=211638 persist_local_ip = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 persist_remote_ip = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 persist_key = ENABLED
Wed Feb 10 01:07:21 2021 us=211638 passtos = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 resolve_retry_seconds = 1000000000
Wed Feb 10 01:07:21 2021 us=211638 resolve_in_advance = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 username = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 groupname = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 chroot_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 cd_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 writepid = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 up_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 down_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 down_pre = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 up_restart = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 up_delay = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 daemon = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 inetd = 0
Wed Feb 10 01:07:21 2021 us=211638 log = ENABLED
Wed Feb 10 01:07:21 2021 us=211638 suppress_timestamps = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 machine_readable_output = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 nice = 0
Wed Feb 10 01:07:21 2021 us=211638 verbosity = 5
Wed Feb 10 01:07:21 2021 us=211638 mute = 0
Wed Feb 10 01:07:21 2021 us=211638 gremlin = 0
Wed Feb 10 01:07:21 2021 us=211638 status_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 status_file_version = 1
Wed Feb 10 01:07:21 2021 us=211638 status_file_update_freq = 60
Wed Feb 10 01:07:21 2021 us=211638 occ = ENABLED
Wed Feb 10 01:07:21 2021 us=211638 rcvbuf = 0
Wed Feb 10 01:07:21 2021 us=211638 sndbuf = 0
Wed Feb 10 01:07:21 2021 us=211638 sockflags = 0
Wed Feb 10 01:07:21 2021 us=211638 fast_io = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 comp.alg = 2
Wed Feb 10 01:07:21 2021 us=211638 comp.flags = 1
Wed Feb 10 01:07:21 2021 us=211638 route_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 route_default_gateway = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 route_default_metric = 0
Wed Feb 10 01:07:21 2021 us=211638 route_noexec = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 route_delay = 5
Wed Feb 10 01:07:21 2021 us=211638 route_delay_window = 30
Wed Feb 10 01:07:21 2021 us=211638 route_delay_defined = ENABLED
Wed Feb 10 01:07:21 2021 us=211638 route_nopull = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 route_gateway_via_dhcp = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 allow_pull_fqdn = DISABLED
Wed Feb 10 01:07:21 2021 us=211638 management_addr = '127.0.0.1'
Wed Feb 10 01:07:21 2021 us=211638 management_port = '25340'
Wed Feb 10 01:07:21 2021 us=211638 management_user_pass = 'stdin'
Wed Feb 10 01:07:21 2021 us=211638 management_log_history_cache = 250
Wed Feb 10 01:07:21 2021 us=211638 management_echo_buffer_size = 100
Wed Feb 10 01:07:21 2021 us=211638 management_write_peer_info_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 management_client_user = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 management_client_group = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=211638 management_flags = 6
Wed Feb 10 01:07:21 2021 us=211638 shared_secret_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 key_direction = not set
Wed Feb 10 01:07:21 2021 us=212218 ciphername = 'AES-256-CBC'
Wed Feb 10 01:07:21 2021 us=212218 ncp_enabled = ENABLED
Wed Feb 10 01:07:21 2021 us=212218 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Feb 10 01:07:21 2021 us=212218 authname = 'SHA256'
Wed Feb 10 01:07:21 2021 us=212218 prng_hash = 'SHA1'
Wed Feb 10 01:07:21 2021 us=212218 prng_nonce_secret_len = 16
Wed Feb 10 01:07:21 2021 us=212218 keysize = 0
Wed Feb 10 01:07:21 2021 us=212218 engine = DISABLED
Wed Feb 10 01:07:21 2021 us=212218 replay = ENABLED
Wed Feb 10 01:07:21 2021 us=212218 mute_replay_warnings = DISABLED
Wed Feb 10 01:07:21 2021 us=212218 replay_window = 64
Wed Feb 10 01:07:21 2021 us=212218 replay_time = 15
Wed Feb 10 01:07:21 2021 us=212218 packet_id_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 use_iv = ENABLED
Wed Feb 10 01:07:21 2021 us=212218 test_crypto = DISABLED
Wed Feb 10 01:07:21 2021 us=212218 tls_server = DISABLED
Wed Feb 10 01:07:21 2021 us=212218 tls_client = ENABLED
Wed Feb 10 01:07:21 2021 us=212218 key_method = 2
Wed Feb 10 01:07:21 2021 us=212218 ca_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218 ca_path = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 dh_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 cert_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218 extra_certs_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 priv_key_file = '[[INLINE]]'
Wed Feb 10 01:07:21 2021 us=212218 pkcs12_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 cryptoapi_cert = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 cipher_list = 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256'
Wed Feb 10 01:07:21 2021 us=212218 cipher_list_tls13 = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 tls_cert_profile = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 tls_verify = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 tls_export_cert = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 verify_x509_type = 0
Wed Feb 10 01:07:21 2021 us=212218 verify_x509_name = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 crl_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212218 ns_cert_type = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 65535
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212218 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691 remote_cert_ku[i] = 0
Wed Feb 10 01:07:21 2021 us=212691 remote_cert_eku = 'TLS Web Server Authentication'
Wed Feb 10 01:07:21 2021 us=212691 ssl_flags = 192
Wed Feb 10 01:07:21 2021 us=212691 tls_timeout = 2
Wed Feb 10 01:07:21 2021 us=212691 renegotiate_bytes = -1
Wed Feb 10 01:07:21 2021 us=212691 renegotiate_packets = 0
Wed Feb 10 01:07:21 2021 us=212691 renegotiate_seconds = 3600
Wed Feb 10 01:07:21 2021 us=212691 handshake_window = 60
Wed Feb 10 01:07:21 2021 us=212691 transition_window = 3600
Wed Feb 10 01:07:21 2021 us=212691 single_session = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 push_peer_info = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 tls_exit = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 tls_auth_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 tls_crypt_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_protected_authentication = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_private_mode = 00000000
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_cert_private = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_pin_cache_period = -1
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_id = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 pkcs11_id_management = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 server_network = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 server_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 server_network_ipv6 = ::
Wed Feb 10 01:07:21 2021 us=212691 server_netbits_ipv6 = 0
Wed Feb 10 01:07:21 2021 us=212691 server_bridge_ip = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 server_bridge_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 server_bridge_pool_start = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 server_bridge_pool_end = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_start = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_end = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_pool_persist_refresh_freq = 600
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_ipv6_pool_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_ipv6_pool_base = ::
Wed Feb 10 01:07:21 2021 us=212691 ifconfig_ipv6_pool_netbits = 0
Wed Feb 10 01:07:21 2021 us=212691 n_bcast_buf = 256
Wed Feb 10 01:07:21 2021 us=212691 tcp_queue_limit = 64
Wed Feb 10 01:07:21 2021 us=212691 real_hash_size = 256
Wed Feb 10 01:07:21 2021 us=212691 virtual_hash_size = 256
Wed Feb 10 01:07:21 2021 us=212691 client_connect_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 learn_address_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 client_disconnect_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 client_config_dir = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=212691 ccd_exclusive = DISABLED
Wed Feb 10 01:07:21 2021 us=212691 tmp_dir = 'C:\Users\HBUYUK~1\AppData\Local\Temp\'
Wed Feb 10 01:07:21 2021 us=212691 push_ifconfig_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 push_ifconfig_local = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=213218 push_ifconfig_remote_netmask = 0.0.0.0
Wed Feb 10 01:07:21 2021 us=213218 push_ifconfig_ipv6_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 push_ifconfig_ipv6_local = ::/0
Wed Feb 10 01:07:21 2021 us=213218 push_ifconfig_ipv6_remote = ::
Wed Feb 10 01:07:21 2021 us=213218 enable_c2c = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 duplicate_cn = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 cf_max = 0
Wed Feb 10 01:07:21 2021 us=213218 cf_per = 0
Wed Feb 10 01:07:21 2021 us=213218 max_clients = 1024
Wed Feb 10 01:07:21 2021 us=213218 max_routes_per_client = 256
Wed Feb 10 01:07:21 2021 us=213218 auth_user_pass_verify_script = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218 auth_user_pass_verify_script_via_file = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 auth_token_generate = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 auth_token_lifetime = 0
Wed Feb 10 01:07:21 2021 us=213218 client = ENABLED
Wed Feb 10 01:07:21 2021 us=213218 pull = ENABLED
Wed Feb 10 01:07:21 2021 us=213218 auth_user_pass_file = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218 show_net_up = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 route_method = 0
Wed Feb 10 01:07:21 2021 us=213218 block_outside_dns = ENABLED
Wed Feb 10 01:07:21 2021 us=213218 ip_win32_defined = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 ip_win32_type = 3
Wed Feb 10 01:07:21 2021 us=213218 dhcp_masq_offset = 0
Wed Feb 10 01:07:21 2021 us=213218 dhcp_lease_time = 31536000
Wed Feb 10 01:07:21 2021 us=213218 tap_sleep = 0
Wed Feb 10 01:07:21 2021 us=213218 dhcp_options = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 dhcp_renew = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 dhcp_pre_release = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 domain = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218 netbios_scope = '[UNDEF]'
Wed Feb 10 01:07:21 2021 us=213218 netbios_node_type = 0
Wed Feb 10 01:07:21 2021 us=213218 disable_nbt = DISABLED
Wed Feb 10 01:07:21 2021 us=213218 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Wed Feb 10 01:07:21 2021 us=213218 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Feb 10 01:07:21 2021 us=213218 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Wed Feb 10 01:07:21 2021 us=214214 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Feb 10 01:07:21 2021 us=214214 Need hold release from management interface, waiting...
Wed Feb 10 01:07:21 2021 us=709626 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Feb 10 01:07:21 2021 us=831176 MANAGEMENT: CMD 'state on'
Wed Feb 10 01:07:21 2021 us=831494 MANAGEMENT: CMD 'log all on'
Wed Feb 10 01:07:21 2021 us=974944 MANAGEMENT: CMD 'echo all on'
Wed Feb 10 01:07:21 2021 us=975941 MANAGEMENT: CMD 'bytecount 5'
Wed Feb 10 01:07:21 2021 us=977936 MANAGEMENT: CMD 'hold off'
Wed Feb 10 01:07:21 2021 us=978965 MANAGEMENT: CMD 'hold release'
Wed Feb 10 01:07:22 2021 us=521 LZO compression initializing
Wed Feb 10 01:07:22 2021 us=833 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Feb 10 01:07:22 2021 us=833 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Wed Feb 10 01:07:22 2021 us=833 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Feb 10 01:07:22 2021 us=833 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Feb 10 01:07:22 2021 us=1841 TCP/UDP: Preserving recently used remote address: [AF_INET]96.1.40.179:443
Wed Feb 10 01:07:22 2021 us=2020 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Feb 10 01:07:22 2021 us=2020 Attempting to establish TCP connection with [AF_INET]96.1.40.179:443 [nonblock]
Wed Feb 10 01:07:22 2021 us=2020 MANAGEMENT: >STATE:1612937242,TCP_CONNECT,,,,,,
Wed Feb 10 01:09:23 2021 us=15487 TCP: connect to [AF_INET]96.1.40.179:443 failed: Unknown error
Wed Feb 10 01:09:23 2021 us=26070 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Feb 10 01:09:23 2021 us=26070 MANAGEMENT: >STATE:1612937363,RECONNECTING,init_instance,,,,,
Wed Feb 10 01:09:23 2021 us=26070 Restart pause, 5 second(s)
Wed Feb 10 01:09:28 2021 us=81760 Re-using SSL/TLS context
Wed Feb 10 01:09:28 2021 us=81760 LZO compression initializing
Wed Feb 10 01:09:28 2021 us=81760 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Feb 10 01:09:28 2021 us=81760 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Wed Feb 10 01:09:28 2021 us=82102 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Wed Feb 10 01:09:28 2021 us=82102 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1604,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Wed Feb 10 01:09:28 2021 us=82102 TCP/UDP: Preserving recently used remote address: [AF_INET]96.1.40.179:443
Wed Feb 10 01:09:28 2021 us=82251 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed Feb 10 01:09:28 2021 us=82251 Attempting to establish TCP connection with [AF_INET]96.1.40.179:443 [nonblock]
Wed Feb 10 01:09:28 2021 us=82251 MANAGEMENT: >STATE:1612937368,TCP_CONNECT,,,,,,
Wed Feb 10 01:10:27 2021 us=566793 TCP/UDP: Closing socket
Wed Feb 10 01:10:27 2021 us=566954 SIGTERM[hard,init_instance] received, process exiting
Wed Feb 10 01:10:27 2021 us=567128 MANAGEMENT: >STATE:1612937427,EXITING,init_instance,,,,,
I've been at this for a week now. Can someone help please? I can't seem to get it to connect. It seems like everything is in place. I've disabled the firewall on my machine as well as the one on the cellular modem. It seems like its not even trying to connect based on my research. So what could be causing that?
I also see you're using the bridged (TAP) version of OpenVPN, and you've specified dhcp-proxy mode. I've never been able to get dhcp-proxy mode to work on the router (I suspect because it's only available on certain OS platforms, and Linux is probably not one of them). I've always had to disable it and specify an IP pool (something you reserve outside the scope of the DHCP server on the OpenVPN server's network).
You can certainly try dhcp-proxy mode. And I'd be interested if it worked (been a long time since I've tried it myself, things could have changed). But if it gives you problems (iirc, it won't assign a default gateway), that may be the reason.
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Wed Feb 10, 2021 9:19 Post subject:
It was something like the DHCP proxy mode is for clients using the VPN client itself and not for the LAN clients behind.
The LAN clients should just use the tunnel to get a DHCP request but the DHCP proxy was interfering with this (or something like that)
Long story short do not use DHCP proxy mode
See OpenVPN server setup guide page 24 which gives some pointers about setting up a TAP connection
It was something like the DHCP proxy mode is for clients using the VPN client itself and not for the LAN clients behind.
The LAN clients should just use the tunnel to get a DHCP request but the DHCP proxy was interfering with this (or something like that)
Also beware that bridged VPNs have traditionally NOT been supported on mobile platforms. In the case of my FT (FreshTomato) router, it's the reason I support both routed and bridged OpenVPN servers on my home network. But that's only possible because FT supports multiple OpenVPN server configurations. In the case of dd-wrt, you only have the one, meaning if you expect this to work w/ mobile devices too, you might want to consider a routed (TUN) configuration instead.
Also, a bridged VPN (if compromised) is significantly riskier than a routed VPN since you can't filter access. Since all clients are bridged, the firewall offers no protection. Basically, if someone gets in who isn't supposed to get in, they pretty much have total access to your network.
So not sure if I understood correctly but I changed the TCP port from 443 to 1088 and I disabled the DHCP server on the modem. Disabling the DHCP I'm confused about though. Isn't the DHCP used to assign clients an IP when they VPN in?
Anyhow, both of these didn't work regardless. Here's my settings now:
Code:
client
dev tun
proto tcp4
remote 96.1.40.179 1088
nobind
persist-key
persist-tun
remote-cert-tls server
auth-nocache
resolv-retry infinite
float
tun-mtu 1500
auth SHA256
cipher AES-256-CBC
#tls-cipher AES-256-GCM:AES-128-GCM:AES-256-CBC
#data-ciphers-fallback AES-128-CBC
verb 5
<ca>
-----BEGIN CERTIFICATE-----
The data-cipher was rejected by my openvpn 2.4.7 software so I had to comment it out. It was from your pdf file egc
Also, what do I put for the Network and Netmask? I didnt show those for security reasons since the forum is public so just wondering if it has to match that local ip on the setup page.
Okay, since nobody asked certain details and nobody interjected about image sizes:
1) What build number of DD-WRT?
2) Please refer to the forum rules and guidelines and stickies about image sizes.
Hi sorry about that.
The firmware is shown in the attached.
Also, on the VPN status page, it doesn't even show anything. Like it doesn't seem to be even set up as a server. I even tried to use this modem as a VPN client and it would show the page blank. And that VPN client should definitely work because it works for me when I connect to the server on my PC.
Now I'm confused. According to the Network setup page of dd-wrt that you just posted, this device is NOT in a routed configuration. IOW, it has its WAN disabled. To be honest, I'm not familiar w/ this particular device, but if it's serving as your primary router, it should be configured for routing, w/ the WAN enabled. Or else there's more going on here than we've been lead to believe (e.g., some other device is serving as the primary router).
Hi, I didn't post the full page of that page. Here's the top part of that page I posted earlier:
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Wed Feb 10, 2021 19:20 Post subject:
This router is not running any official DD-WRT firmware that I am aware of. If anything, it is a hacked version
and probably not running anything current as seen by the screenshots posted. So, any advice here may or may
not work. There has been a lot done since 2019 when it comes to OpenVPN patches, updates, and functionality in
DD-WRT. So, now I have to contact the developer to see what he thinks, and allow @egc and @eibgrad to decide
if they want a padlock put on this thing or not.
tiestobob wrote:
Now I'm trying to setup an OpenVPN server on this cellular modem and I was made aware that
my particular modem (YF325) is using the DD-WRT firmware.
Given this is a cellular modem, there's the possibility they have given you a NON public IP (e.g., 10.x.x.x, 192.168.x.x, 172.16.x.x.), or perhaps CGNAT (100.64.x.x), which means you can't remotely access it.
The static IP that we got from the cellular provider is 96.1.40.179. I assume this is the WAN IP. I'm not able to ping it, however.