Netgear MR80(Home Server) connect to DD-WRT (Remote Client)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Wiseone001
DD-WRT Novice


Joined: 26 Apr 2022
Posts: 2

PostPosted: Tue Apr 26, 2022 14:58    Post subject: Netgear MR80(Home Server) connect to DD-WRT (Remote Client) Reply with quote
hello all,
Im trying to get my remote router to authenticate to my home router on the vpn. i have laptops and desktops installed to connect but for the life of me cant get my (netgear loaded ) DD-wrt router to communicate.
I will post my Edited config here and the log file and snapshot of the settings on dd-wrt
Can someone please tell me where im making the mistake and or what setting on the DD-wrt router is missing or incorrect? desperatly need traffic routing from remote to home. i need all my attached devices on same network. cameras etc...
Thanks

(Netgear Home Router MR80- openvpn server)
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote DOMAIN.NET XXXXX
resolv-retry infinite
redirect-gateway
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5

Log file from remote Router (DD-WRT-running Openvpn client)
State
Client: CONNECTED SUCCESS
TAP mode: Unbridged
MAC Address: 6A:EF:B3:A4:XX:XX
Local IP:
NAT: On
Firewall Protection: On

Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 59716316
TCP/UDP read bytes 83400869
TCP/UDP write bytes 635210
Auth read bytes 59716316
pre-compress bytes 0
post-compress bytes 0
pre-decompress bytes 2338297
post-decompress bytes 2723923

Log
Clientlog:
20220425 11:51:25 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
20220425 11:51:25 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20220425 11:51:25 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20220425 11:51:25 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20220425 11:51:25 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20220425 11:51:25 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20220425 11:51:25 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20220425 11:51:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20220425 11:51:25 I TCP/UDP: Preserving recently used remote address: [AF_INET]68.81.27.213:12974
20220425 11:51:25 Socket Buffers: R=[180224->180224] S=[180224->180224]
20220425 11:51:25 I UDPv4 link local: (not bound)
20220425 11:51:25 I UDPv4 link remote: [AF_INET]68.81.27.213:12974
20220425 11:51:25 TLS: Initial packet from [AF_INET]68.81.27.213:12974 sid=6aeb7d1f 5d926cd4
20220425 11:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 11:51:25 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 1024 bit RSA
20220425 11:51:25 I [netgear] Peer Connection Initiated with [AF_INET]68.81.27.213:12974
20220425 11:51:26 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
20220425 11:51:26 PUSH: Received control message: 'PUSH_REPLY route 10.0.0.0 255.255.255.0 route-delay 5 route 64.0.0.0 192.0.0.0 10.0.0.1 route 32.0.0.0 224.0.0.0 10.0.0.1 route 16.0.0.0 240.0.0.0 10.0.0.1 route 8.0.0.0 248.0.0.0 10.0.0.1 route 4.0.0.0 252.0.0.0 10.0.0.1 route 2.0.0.0 254.0.0.0 10.0.0.1 route 1.0.0.0 255.0.0.0 10.0.0.1 redirect-gateway def1 route-gateway dhcp ping 10 ping-restart 120 peer-id 1'
20220425 11:51:26 OPTIONS IMPORT: timers and/or timeouts modified
20220425 11:51:26 NOTE: --mute triggered...
20220425 11:51:26 4 variation(s) on previous 3 message(s) suppressed by --mute
20220425 11:51:26 Using peer cipher 'AES-128-CBC'
20220425 11:51:26 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 11:51:26 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20220425 11:51:26 NOTE: --mute triggered...
20220425 11:51:26 2 variation(s) on previous 3 message(s) suppressed by --mute
20220425 11:51:26 net_route_v4_best_gw query: dst 0.0.0.0
20220425 11:51:26 net_route_v4_best_gw result: via 192.168.99.1 dev vlan2
20220425 11:51:26 W OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
20220425 11:51:26 W OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0
20220425 11:51:26 I TUN/TAP device tap1 opened
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'state'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'state'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'status 2'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220425 11:51:26 D MANAGEMENT: CMD 'log 500'
20220425 11:51:26 MANAGEMENT: Client disconnected
20220425 11:51:31 W NOTE: unable to redirect IPv4 default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
20220425 11:51:31 I WARNING: OpenVPN was configured to add an IPv4 route. However no IPv4 has been configured for tap1 therefore the route installation may fail or may not work as expected.
20220425 11:51:31 net_route_v4_add: 64.0.0.0/2 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 32.0.0.0/3 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 16.0.0.0/4 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 8.0.0.0/5 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 4.0.0.0/6 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 2.0.0.0/7 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 net_route_v4_add: 1.0.0.0/8 via 10.0.0.1 dev [NULL] table 0 metric -1
20220425 11:51:31 W sitnl_send: rtnl: generic error (-101): Network unreachable
20220425 11:51:31 W ERROR: Linux route add command failed
20220425 11:51:31 W WARNING: Failed running command (--route-up): external program exited with error status: 2
20220425 11:51:31 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20220425 11:51:31 I Initialization Sequence Completed
20220425 12:51:25 TLS: soft reset sec=3600/3600 bytes=4212980/-1 pkts=22994/0
20220425 12:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 12:51:25 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 12:51:25 NOTE: --mute triggered...
20220425 14:45:01 11 variation(s) on previous 3 message(s) suppressed by --mute
20220425 14:45:01 Extracted DHCP router address: 10.0.0.1
20220425 14:51:25 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 14:51:25 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20220425 14:51:25 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20220425 14:51:25 NOTE: --mute triggered...
20220425 21:16:36 44 variation(s) on previous 3 message(s) suppressed by --mute
20220425 21:16:36 Extracted DHCP router address: 10.0.0.1
20220425 21:17:05 Extracted DHCP router address: 10.0.0.1
20220425 21:51:24 TLS: tls_process: killed expiring key
20220425 21:51:28 TLS: soft reset sec=3600/3600 bytes=3920928/-1 pkts=21346/0
20220425 21:51:28 VERIFY OK: depth=0 C=TW ST=TW O=netgear OU=netgear CN=netgear emailAddress=mail@netgear.com
20220425 21:51:28 NOTE: --mute triggered...
20220426 09:49:53 83 variation(s) on previous 3 message(s) suppressed by --mute
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'state'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'state'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'status 2'
20220426 09:49:53 MANAGEMENT: Client disconnected
20220426 09:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20220426 09:49:53 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00


Quick note: I went to test the windows installer on a device on the network (remote network) and i get a warning that it detects an openvpn connection on the device (although i cant ping any remote devices) i cancelled the install on it hoping im halfway there and just need a push in the right direction.thanks

This is the openvpn config inside DD-WRT router- edited personal info..
Can someone tell me if i need to envoke the advanced mode and set other perameteres?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Apr 26, 2022 15:28    Post subject: Reply with quote
We can give better support if you start with router model and build number (some models and builds can have problems, builds can be outdated etc.)

It looks like you are running an older build (not a problem per se )

I am not a big fan of TAP mode (the guide explains why) but there could be arguments why you need it.

It depends on how the server is setup how you need to setup the client, and as this is DDWRT and not Netgear support we are a bit in the dark.

For setup from DDWRT server to DDWRT client it is well covered in the guide but at least it should give some information on how to proceed.

OpenVPN guides are a sticky in this forum (top most threads) you need the the OpenVPN Server setup guide which has a paragraph about TAP setup.
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

Oh and perhaps consider upgrading as a lot has changed

Edit: you can always use a Windows client to connect, Windows supports TAP mode

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Wiseone001
DD-WRT Novice


Joined: 26 Apr 2022
Posts: 2

PostPosted: Wed Apr 27, 2022 13:03    Post subject: Reply with quote
Router
Router NameDD-WRT
Router ModelNetgear R6300V2
Firmware: DD-WRT v3.0-r44715 std (11/03/20

Home OpenVPN Server is :
Netgear Night Hawk
Tri-band AX3600 Mesh WIFI-6 (MR80)


egc wrote:
We can give better support if you start with router model and build number (some models and builds can have problems, builds can be outdated etc.)

It looks like you are running an older build (not a problem per se )

I am not a big fan of TAP mode (the guide explains why) but there could be arguments why you need it.

It depends on how the server is setup how you need to setup the client, and as this is DDWRT and not Netgear support we are a bit in the dark.

For setup from DDWRT server to DDWRT client it is well covered in the guide but at least it should give some information on how to proceed.

OpenVPN guides are a sticky in this forum (top most threads) you need the the OpenVPN Server setup guide which has a paragraph about TAP setup.
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

Oh and perhaps consider upgrading as a lot has changed

Edit: you can always use a Windows client to connect, Windows supports TAP mode
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Apr 27, 2022 14:31    Post subject: Reply with quote
That is indeed an old and outdated build.

I strongly recommend to upgrade, your build has some security issues and a lot has changed also with OpenVPN.

It is some work as coming from such an old build a reset to defaults *after* upgrade and manual rebuild is recommended (never restore a backup to a different build)

The OpenVPN server setup guide should show you the way how to configure TAP setup for a DDWRT client (page 32)
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum