Tunnelblick and VPN bridge? <help still needed>

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Nov 01, 2008 16:35    Post subject: Tunnelblick and VPN bridge? <help still needed> Reply with quote
I followed the tutorial at

http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_Bridged_VPN_Between_Two_Routers

I would like to use Tunnelblick on a Mac client to make the connection at times I do not wish to carry the client router with me and cannot get it to work.

I was looking at

http://www.dd-wrt.com/wiki/index.php/OpenVPN#Connecting_to_DD-WRT_OpenVPN_Server_via_Mac_Client

and tried to adjust the openvpn.conf to match my server router.

I get the error

script faild: shell command exited with error status: 126

right after the log lines

TUN/TAP device /dev/tap0 opened
.vpn-up.sh tap 0 1500 1574 init

This is what I had on my last try.

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote [my id here and removed from this post].dyndns.org 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key

up "./vpn-up.sh" #This file was filled in as directed on the wiki

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20


Last edited by JN on Sat Nov 15, 2008 0:42; edited 1 time in total
Sponsor
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sun Nov 02, 2008 23:52    Post subject: Reply with quote
bump
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Tue Nov 04, 2008 2:40    Post subject: Reply with quote
Anyone, please?
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Thu Nov 06, 2008 14:34    Post subject: Reply with quote
bump
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Nov 08, 2008 19:41    Post subject: Reply with quote
Can anyone please help with this?

Thanks
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Wed Nov 12, 2008 0:52    Post subject: Reply with quote
bump
felipeds
DD-WRT Novice


Joined: 29 Mar 2008
Posts: 23

PostPosted: Wed Nov 12, 2008 21:01    Post subject: Reply with quote
I'm also getting this problem.

Running OS 10.5.5
felipeds
DD-WRT Novice


Joined: 29 Mar 2008
Posts: 23

PostPosted: Wed Nov 12, 2008 23:38    Post subject: Reply with quote
after compiling the latest version of openvpn via command line I'm still getting the same error.

Anyone?
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Nov 15, 2008 0:41    Post subject: Reply with quote
Can someone please tell me what I am doing wrong in my Tunnelblick configuration in my original post?

Thanks in advance.
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Nov 15, 2008 18:15    Post subject: Reply with quote
Sorry to bump this so soon again, but I was instantly buried in wwwatson's spam last night...
felipeds
DD-WRT Novice


Joined: 29 Mar 2008
Posts: 23

PostPosted: Fri Nov 21, 2008 3:25    Post subject: Reply with quote
C'mon no one knows the answer to this?
super_kev
DD-WRT Novice


Joined: 07 Dec 2007
Posts: 33

PostPosted: Sun Nov 23, 2008 14:21    Post subject: Reply with quote
Hmmm, being new to all this I'm not sure what you're doing wrong, but here is my config that *almost* works (I successfully connect and get an IP, but it seems I don't get a DNS so I can't visit websites, or successfully connect to other computers in the VPN lan), so hopefully this will give you a good starting point, and maybe someone can figure out the error?

My DD-WRT v24sp1 OpenVPN router ip is 192.168.1.1, and so is my current router. Since I'm not doing a router-to-router VPN I don't think that should matter, especially since I'll be traveling and the router IP will always change. The VPN router has a 192.168.1.100-150 DHCP range. I gave the VPN server an ip of 192.168.1.6, and then the VPN range of 192.168.1.160-192.169.1.169. But I'm not even sure if this is correctly setup... even after reading the OpenVPN documentation on bridging several times (here and here).

Router Configuration
Similar to this thread: BRIDGED OpenVPN v24 sp1 gui setup guide (OS X hints), but with some added code after reading the OpenVPN docs, and no Terminal usage. I pasted the following under OpenVPN Config:
Code:
mode server
push "redirect-gateway def1"
client-to-client
tls-server
dev tap0
proto udp
server-bridge 192.168.1.6 255.255.255.0 192.168.1.160 192.168.1.169
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem


Save in the Startup Command:
Code:
rctl addif br0 tap0 
ifconfig tap0 0.0.0.0 promisc up


Note: I had added "sleep 45" to the above command (example below), but it didn't seem to make difference, and so I removed it. Maybe I should keep it?
Code:
sleep 45
rctl addif br0 tap0 
ifconfig tap0 0.0.0.0 promisc up


Save in the Firewall Command:
Code:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT


Reboot your router.

Client Configuration
I then took a OpenVPN sample client configuration file, and adjusted it (it's longer than this due to all the # comments, which I removed for this post):
Code:
client
dev tap
proto udp
remote server.ip.address 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert Client1.crt
key Client1.key
ns-cert-type server
verb 3


Then, in OS X, I created a "openvpn" folder in my ~/User/Library/ folder and copied the client.ovpn, ca.crt, Client1.crt, and Client1.key files to that location. I looked at using Tunnelblick (hence copying files to the openvpn folder which Tunnelblick needs), but it has a ugly interface and so I'm using Viscosity (much nicer OpenVPN client). I imported the connection in Viscosity and bingo, I can connect with a successful IP of 192.168.1.160.

The only problem I have (and a big one at that) is that I can see other Macs on the network, but when I try to connect to them it doesn't go through, and I also can't go to any website. So there is something missing, but I don't know what it is. Question
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Fri Nov 28, 2008 6:53    Post subject: Reply with quote
bump
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sun Nov 30, 2008 5:01    Post subject: Reply with quote
bump
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Mon Dec 01, 2008 14:43    Post subject: Reply with quote
bump
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum