OpenVPN server dosen't start

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Dago_Ô
DD-WRT Novice


Joined: 02 Nov 2010
Posts: 3
PostPosted: Tue Nov 02, 2010 22:00    Post subject: OpenVPN server dosen't start Reply with quote
Hello....

I'm trying to set up a VPN through OpenVPN in my Linksys WRT54GL v1.1 with DD-WRT_v24-sp1_(07/27/08)_vpn firmware.
Firts, I tried [url=http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B]this guide[/url], with no success.
Then, I tried this one, for the Server Mode with Static Key..... again, no success.
Then, I tried the Server Mode with Certificates variant of the same guide..... again.... no success.

In order to troubelshoot my problem, the first thing to do is to make sure that OpenVPN is running, by telnet the command
Code:
ps | grep openvpn

... and no VPN process is running.
I checked the log messege, and this is the output
Code:
root@Infomin-WRT54GL:~# tail -f /var/log/messages
Nov  2 21:17:25 Infomin-WRT54GL user.info kernel: device tap0 entered promiscuou
s mode
Nov  2 21:17:26 Infomin-WRT54GL auth.info login[276]: root login on 'pts/0'
Nov  2 21:17:30 Infomin-WRT54GL daemon.notice openvpn[634]: OpenVPN 2.1_rc7 mips
el-unknown-linux-gnu [SSL] [LZO1] [EPOLL] built on Jul 27 2008
Nov  2 21:17:30 Infomin-WRT54GL daemon.err openvpn[634]: Cannot load DH paramete
rs from dh1024.pem: error:0906D066:lib(9):func(109):reason(102)
Nov  2 21:17:30 Infomin-WRT54GL daemon.notice openvpn[634]: Exiting
Nov  2 21:17:31 Infomin-WRT54GL user.info syslog: klogd : klog daemon successful
ly stopped
Nov  2 21:17:31 Infomin-WRT54GL user.info syslog: syslogd : syslog daemon succes
sfully stopped
Nov  2 21:17:32 Infomin-WRT54GL syslog.info syslogd started: BusyBox v1.11.1
Nov  2 21:17:32 Infomin-WRT54GL user.info syslog: klogd : klog daemon successful
ly started
Nov  2 21:17:32 Infomin-WRT54GL user.notice kernel: klogd started: BusyBox v1.11
.1 (2008-07-27 16:20:53 CEST)


I can see that there is a problem with dh1024.pem file, but my troubleshooting skills have gone out.

This is my rc_startup file
Code:
root@Infomin-WRT54GL:~# nvram get rc_startup
cd /tmp
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

echo '
# Tunnel options
mode server       # Set OpenVPN major mode
proto udp         # Setup the protocol (server)
port 1194         # TCP/UDP port number
dev tap0          # TUN/TAP virtual network device
keepalive 15 60   # Simplify the expression of --ping
daemon            # Become a daemon after all initialization
verb 3            # Set output verbosity to n
comp-lzo          # Use fast LZO compression

# OpenVPN server mode options
client-to-client  # tells OpenVPN to internally route client-to-client traffic
duplicate-cn      # Allow multiple clients with the same common name

# TLS Mode Options
tls-server        # Enable TLS and assume server role during TLS handshake
ca ca.crt         # Certificate authority (CA) file
dh dh1024.pem     # File containing Diffie Hellman parameters
cert server.crt   # Local peers signed certificate
key server.key    # Local peers private key
' > openvpn.conf

echo '
-----BEGIN CERTIFICATE-----
certification data
-----END CERTIFICATE-----

' > ca.crt

echo '
-----BEGIN RSA PRIVATE KEY-----
key data
-----END RSA PRIVATE KEY-----

' > server.key
chmod 600 server.key

echo '
-----BEGIN CERTIFICATE-----
certification data
-----END CERTIFICATE-----

' > server.crt

echo '
-----BEGIN DH PARAMETERS-----
dh parameter data
-----END DH PARAMETERS-----

' > dh1024.pem

sleep 5
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config openvpn.conf


and this my rc_firewall file
Code:
root@Infomin-WRT54GL:~# nvram get rc_firewall
/usr/sbin/iptables -I INPUT -p udp --dport 1194 -j ACCEPT


As far as I remember, when I tried the first guide, OpenVPN server was running, then I lost it.

Please, any suggestion or instruction for troubleshooting my problem, will be very useful.

Thanks Very Happy
Back to top View user's profile Send private message
Sponsor
ndewan
DD-WRT Guru


Joined: 14 Jan 2010
Posts: 553
PostPosted: Tue Nov 02, 2010 22:32    Post subject: Reply with quote
I could be off here, but dont you need a tls-auth key, if you setting up a tls-client .. ?

Anybody with an opinion ..?
Back to top View user's profile Send private message
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany
PostPosted: Wed Nov 03, 2010 12:35    Post subject: Reply with quote
this firmware is unsupported. upgrade first.
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Back to top View user's profile Send private message
Dago_Ô
DD-WRT Novice


Joined: 02 Nov 2010
Posts: 3
PostPosted: Wed Nov 03, 2010 12:50    Post subject: Reply with quote
ndewan wrote:
I could be off here, but dont you need a tls-auth key, if you setting up a tls-client .. ?

Anybody with an opinion ..?


well.... I just followed those linked guides.... they say nothing about tls

Quote:
this firmware is unsupported. upgrade first.

unsuported? is the v24 SP1 [STABLE] build 10020. I chose STABLE version, couse I'll use it in production envyroment.
Do I have to update anyway?....
Back to top View user's profile Send private message
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 555
PostPosted: Sun Nov 07, 2010 5:23    Post subject: check your nvram Reply with quote
that firmware is way too old, you should upgrade. But, before doing that telnet into the router and do a nvram show. You may have run out of nvram space. When you do, the keys get truncated and you get funny errors. a 30-30-30 reset clears nvram (clearing the config from the Webinterface does NOT clearn nvram) but the version 1.1 router may not be safe to do a nvram clear because of additional variables that are not part of the CFE but are saved in nvram on that model. You need to research that before messing with it. Note that the wiki howto for openvpn calls for a 30-30-30 reset after you have flashed the firmware, this is why.
Back to top View user's profile Send private message
Dago_Ô
DD-WRT Novice


Joined: 02 Nov 2010
Posts: 3
PostPosted: Mon Nov 08, 2010 12:48    Post subject: Reply with quote
Quote:
But, before doing that telnet into the router and do a nvram show. You may have run out of nvram space.


Code:
root@Infomin-WRT54GL:~# nvram show | grep size
size: 27432 bytes (5336 left)


I still have some nvrame space available

Quote:
Note that the wiki howto for openvpn calls for a 30-30-30 reset after you have flashed the firmware, this is why.


I did it
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum