It has been awhile. I was having little luck and a friend said he'd try his way around if he time. He brought it back as time is something he has little of.
I had tried the redirect-gateway def1 in a few configs without the desired result. In going through some behavior I'd noticed in my attempts I am thinking I may want to look at running from jffs on a flash as I kept noticing the added data I would save via telnet/ssh would be easily lost. Also I am thinking this avenue may be worth a try as the providers config is for a tls-client and the webgui does not allow adding that key info, which could be complicating the process I'm looking to accomplish.
Something else that came to light in my reviewing info again is that I had disabled the firewall, thinking this would allow the openvpn connection/route to be created unhindered. I believe I am a little unclear now. Will a properly configured openvpn.conf file allow this router the ability to establish the necessary routes or should I be sure the firewall is enabled with the appropriate iptables? I am thinking the iptables end of this statement is the correct way.
Appreciate everyone who is dedicated to this effort/project and special thanks to those who offer their time and knowledge to noobs like me.
Managed to get Witopia SSL VPN working a few days ago after much trial and error. I have an ASUS RT-N16 with mega build 14896. I did not enable Openvpn Client on the GUI. I'm just using Startup and Firewall commands under the Administration / Commands tab.
HERE IS THE STARTUP CONFIG:
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
remote vpn.us.witopia.net 1194
-----BEGIN RSA PRIVATE KEY-----
INSERT YOUR NAME.KEY HERE
-----END RSA PRIVATE KEY-----
" > /tmp/client.key
chmod 600 /tmp/client.key
INSERT YOUR NAME.CRT HERE
" > /tmp/client.crt
./myvpn --config client.conf --float
route add -net 192.168.0.0/24 dev br0
***note the --float command may not be necessary but i'm using it since my DD-WRT is behind another router.
**** the last line "route add -net X.X.X.X/X dev br0" should reflect your own private network.
HERE IS THE FIREWALL CONFIG:
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
Also make sure your you have NTP running with a correct clock. I was using time.microsoft.com and it wasn't synching so I switched it to Canada's National Reaserch Council NTP at 18.104.22.168.
Hope this helps someone out there. Took me a while to read up and get it working.
If you are having problems enable System Log under Services/Services in the GUI, and you can check the log by telnet into the command line and using the command : cat /var/log/messages to try to determine why the vpn is failing. This helped me alot! It seems that there are many different people getting this working using different methods, this may just be one more to try, good luck.
Oh yeah if you doing this to access NETFLIX on an Apple TV 2 or an iPhone make sure to use your VPN providers DNS or an OPEN DNS server on the device. I was having a problem where steams wouldn't play, hard coded the DNS on the Apple TV 2 to Witopia's DNS and haven't had a problem since.
Please can you confirm that the router you are using for VPN is connected directly to the ISP or is behind any other router. As I am looking for a similar solution where I have the router running VPN to sit be hid the router connecting to e ISP.
Your post has helped a lot but I am not able to connect the devices to the second router and pass through the VPN
3. Enable the Keep Alive (administration-->keep alive-->watchdog)for your VPN provider's IP/address. eg; in my case, I want to exit through Witopia's LA gateway so I chose vpn.lax.witopia.net check your VPN service provider for a list of exit gateway IPs.
3a) remember that the keep alive address must be the same as the address you insert into the script later.
3b) set the keep alive port to 1194 (same as the script you use later)
4. save. and reboot from the admin tab.
NOW INSERT THE SCRIPT (administration--->Commands--->)
script worked fine. saved. MAKE SURE TO CHECK THAT EVERYTHING IS CORRECT.
1) your VPN provider's address
2) your keys and certs, are they spaced properly? (I heard it matters, no double return key, keep directly between the ---cert starts here--- and --cert ends here--)
3)Did you put in the correct local router IP?
save. reboot. grab a coke, return. reconnect to the wifi - my wifi now has a (2) at the end of its name.
check your ip with ipchicken or google ip "address locater" to make sure your IP puts you in a completely different place.
I hope that it's all fixed for me. one of my computers noted that it had the same IP as another one of my computers, but when I looked at all the PCs on my router, they each had a different local IP, so it may just be windows 7 complaining.
both computers told me they were in the new location.
The only thing now, how do I confirm that my traffic is encrypted?