Posted: Tue Nov 02, 2010 22:00 Post subject: OpenVPN server dosen't start
Hello....
I'm trying to set up a VPN through OpenVPN in my Linksys WRT54GL v1.1 with DD-WRT_v24-sp1_(07/27/08)_vpn firmware.
Firts, I tried [url=http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B]this guide[/url], with no success.
Then, I tried this one, for the Server Mode with Static Key..... again, no success.
Then, I tried the Server Mode with Certificates variant of the same guide..... again.... no success.
In order to troubelshoot my problem, the first thing to do is to make sure that OpenVPN is running, by telnet the command
Code:
ps | grep openvpn
... and no VPN process is running.
I checked the log messege, and this is the output
Code:
root@Infomin-WRT54GL:~# tail -f /var/log/messages
Nov 2 21:17:25 Infomin-WRT54GL user.info kernel: device tap0 entered promiscuou
s mode
Nov 2 21:17:26 Infomin-WRT54GL auth.info login[276]: root login on 'pts/0'
Nov 2 21:17:30 Infomin-WRT54GL daemon.notice openvpn[634]: OpenVPN 2.1_rc7 mips
el-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Jul 27 2008
Nov 2 21:17:30 Infomin-WRT54GL daemon.err openvpn[634]: Cannot load DH paramete
rs from dh1024.pem: error:0906D066:lib(9):func(109):reason(102)
Nov 2 21:17:30 Infomin-WRT54GL daemon.notice openvpn[634]: Exiting
Nov 2 21:17:31 Infomin-WRT54GL user.info syslog: klogd : klog daemon successful
ly stopped
Nov 2 21:17:31 Infomin-WRT54GL user.info syslog: syslogd : syslog daemon succes
sfully stopped
Nov 2 21:17:32 Infomin-WRT54GL syslog.info syslogd started: BusyBox v1.11.1
Nov 2 21:17:32 Infomin-WRT54GL user.info syslog: klogd : klog daemon successful
ly started
Nov 2 21:17:32 Infomin-WRT54GL user.notice kernel: klogd started: BusyBox v1.11
.1 (2008-07-27 16:20:53 CEST)
I can see that there is a problem with dh1024.pem file, but my troubleshooting skills have gone out.
This is my rc_startup file
Code:
root@Infomin-WRT54GL:~# nvram get rc_startup
cd /tmp
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo '
# Tunnel options
mode server # Set OpenVPN major mode
proto udp # Setup the protocol (server)
port 1194 # TCP/UDP port number
dev tap0 # TUN/TAP virtual network device
keepalive 15 60 # Simplify the expression of --ping
daemon # Become a daemon after all initialization
verb 3 # Set output verbosity to n
comp-lzo # Use fast LZO compression
# OpenVPN server mode options
client-to-client # tells OpenVPN to internally route client-to-client traffic
duplicate-cn # Allow multiple clients with the same common name
# TLS Mode Options
tls-server # Enable TLS and assume server role during TLS handshake
ca ca.crt # Certificate authority (CA) file
dh dh1024.pem # File containing Diffie Hellman parameters
cert server.crt # Local peers signed certificate
key server.key # Local peers private key
' > openvpn.conf
echo '
-----BEGIN CERTIFICATE-----
certification data
-----END CERTIFICATE-----
Posted: Sun Nov 07, 2010 5:23 Post subject: check your nvram
that firmware is way too old, you should upgrade. But, before doing that telnet into the router and do a nvram show. You may have run out of nvram space. When you do, the keys get truncated and you get funny errors. a 30-30-30 reset clears nvram (clearing the config from the Webinterface does NOT clearn nvram) but the version 1.1 router may not be safe to do a nvram clear because of additional variables that are not part of the CFE but are saved in nvram on that model. You need to research that before messing with it. Note that the wiki howto for openvpn calls for a 30-30-30 reset after you have flashed the firmware, this is why.