Posted: Tue Apr 26, 2022 14:58 Post subject: Netgear MR80(Home Server) connect to DD-WRT (Remote Client)
hello all,
Im trying to get my remote router to authenticate to my home router on the vpn. i have laptops and desktops installed to connect but for the life of me cant get my (netgear loaded ) DD-wrt router to communicate.
I will post my Edited config here and the log file and snapshot of the settings on dd-wrt
Can someone please tell me where im making the mistake and or what setting on the DD-wrt router is missing or incorrect? desperatly need traffic routing from remote to home. i need all my attached devices on same network. cameras etc...
Thanks
(Netgear Home Router MR80- openvpn server)
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote DOMAIN.NET XXXXX
resolv-retry infinite
redirect-gateway
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
Log file from remote Router (DD-WRT-running Openvpn client)
State
Client: CONNECTED SUCCESS
TAP mode: Unbridged
MAC Address: 6A:EF:B3:A4:XX:XX
Local IP:
NAT: On
Firewall Protection: On
Log
Clientlog:
20220425 11:51:25 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20220425 11:51:25 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20220425 11:51:25 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20220425 11:51:25 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20220425 11:51:25 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20220425 11:51:25 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20220425 11:51:25 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20220425 11:51:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20220425 11:51:25 I TCP/UDP: Preserving recently used remote address: [AF_INET]68.81.27.213:12974
20220425 11:51:25 Socket Buffers: R=[180224->180224] S=[180224->180224]
20220425 11:51:25 I UDPv4 link local: (not bound)
20220425 11:51:25 I UDPv4 link remote: [AF_INET]68.81.27.213:12974
20220425 11:51:25 TLS: Initial packet from [AF_INET]68.81.27.213:12974 sid=6aeb7d1f 5d926cd4
20220425 11:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 11:51:25 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 1024 bit RSA
20220425 11:51:25 I [netgear] Peer Connection Initiated with [AF_INET]68.81.27.213:12974
20220425 11:51:26 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
20220425 11:51:26 PUSH: Received control message: 'PUSH_REPLY route 10.0.0.0 255.255.255.0 route-delay 5 route 64.0.0.0 192.0.0.0 10.0.0.1 route 32.0.0.0 224.0.0.0 10.0.0.1 route 16.0.0.0 240.0.0.0 10.0.0.1 route 8.0.0.0 248.0.0.0 10.0.0.1 route 4.0.0.0 252.0.0.0 10.0.0.1 route 2.0.0.0 254.0.0.0 10.0.0.1 route 1.0.0.0 255.0.0.0 10.0.0.1 redirect-gateway def1 route-gateway dhcp ping 10 ping-restart 120 peer-id 1'
20220425 11:51:26 OPTIONS IMPORT: timers and/or timeouts modified
20220425 11:51:26 NOTE: --mute triggered...
20220425 11:51:26 4 variation(s) on previous 3 message(s) suppressed by --mute
20220425 11:51:26 Using peer cipher 'AES-128-CBC'
20220425 11:51:26 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 11:51:26 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20220425 11:51:26 NOTE: --mute triggered...
20220425 11:51:26 2 variation(s) on previous 3 message(s) suppressed by --mute
20220425 11:51:26 net_route_v4_best_gw query: dst 0.0.0.0
20220425 11:51:26 net_route_v4_best_gw result: via 192.168.99.1 dev vlan2
20220425 11:51:26 W OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
20220425 11:51:26 W OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0
20220425 11:51:26 I TUN/TAP device tap1 opened
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'state'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'state'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'status 2'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'log 500'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:31 W NOTE: unable to redirect IPv4 default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
20220425 11:51:31 I WARNING: OpenVPN was configured to add an IPv4 route. However no IPv4 has been configured for tap1 therefore the route installation may fail or may not work as expected.
20220425 11:51:31 net_route_v4_add: 64.0.0.0/2 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 32.0.0.0/3 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 16.0.0.0/4 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 8.0.0.0/5 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 4.0.0.0/6 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 2.0.0.0/7 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 1.0.0.0/8 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 W WARNING: Failed running command (--route-up): external program exited with error status: 2
20220425 11:51:31 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20220425 11:51:31 I Initialization Sequence Completed
20220425 12:51:25 TLS: soft reset sec=3600/3600 bytes=4212980/-1 pkts=22994/0
20220425 12:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 12:51:25 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 12:51:25 NOTE: --mute triggered...
20220425 14:45:01 11 variation(s) on previous 3 message(s) suppressed by --mute
20220425 14:45:01 Extracted DHCP router address: 10.0.0.1
20220425 14:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 14:51:25 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 14:51:25 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20220425 14:51:25 NOTE: --mute triggered...
20220425 21:16:36 44 variation(s) on previous 3 message(s) suppressed by --mute
20220425 21:16:36 Extracted DHCP router address: 10.0.0.1
20220425 21:17:05 Extracted DHCP router address: 10.0.0.1
20220425 21:51:24 TLS: tls_process: killed expiring key
20220425 21:51:28 TLS: soft reset sec=3600/3600 bytes=3920928/-1 pkts=21346/0
20220425 21:51:28 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 21:51:28 NOTE: --mute triggered...
20220426 09:49:53 83 variation(s) on previous 3 message(s) suppressed by --mute
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'state'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'state'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'status 2'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00
Quick note: I went to test the windows installer on a device on the network (remote network) and i get a warning that it detects an openvpn connection on the device (although i cant ping any remote devices) i cancelled the install on it hoping im halfway there and just need a push in the right direction.thanks
This is the openvpn config inside DD-WRT router- edited personal info..
Can someone tell me if i need to envoke the advanced mode and set other perameteres?
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Wed Apr 27, 2022 14:31 Post subject:
That is indeed an old and outdated build.
I strongly recommend to upgrade, your build has some security issues and a lot has changed also with OpenVPN.
It is some work as coming from such an old build a reset to defaults *after* upgrade and manual rebuild is recommended (never restore a backup to a different build)