Menu
▾
▴
Re: [Openvpn-users] Unable to connect client to server on WRT running DD-WRT
|
From: Andrew G. <and...@gm...> - 2007-02-28 19:21:55
|
On 2/28/07, NWTSCL <nw...@ya...> wrote: > > Check your date/install ntp. I know my OpenWRT > projects working with > > OpenVPN can start out with a default date of 1999 or > 1970 or > > something. > > I'm not real clear on what you mean. > > I read elsewhere about a problem about the date/time > span of the certificates not matching the router. I > checked all the dates on each cert; they all are > correct. I receive the correct date and time after > running the DATE command on the WRT router. > > The wiki does not say to enter an NTP server to the > router. Should I? I assume so. If so, this is > missing from the wiki. Regardless, though, entering > one, saving, then restarting does not help. > > > The other option is running openvpn directly from > the command line (no > > --daemon switch) and then connecting in so you can > see what is going > > on. > > Maybe we're getting somewhere with this. > > When running the command 'openvpn openvpn.conf' (conf > name taken from wiki section 1.4 that I followed), I > receive this error: > > Options error: In [CMD-LINE]:1: Error opening > configuration file: openvpn.conf > Use --help for more information > > (Entering the command 'help' displays a list of > build-in commands. This doesn't help. Is there other > syntax that I'm not aware of to get help with this > specific issue? How do I view a log of the server's > activities?) > > Again, I followed the directions in section 1.4 to > establish a server with certificates. The wiki makes > it seem as if these are the ONLY steps that I must do. > Am I supposed to follow something else in addition to > it? > http://dd-wrt.com/wiki/index.php/OpenVPN#Server_Mode_with_Certificates > > > Other thing to watch for is that for my OpenWRT > projects, the default > > subnetting syntax of 10.1.101.0/24 is not accepted > with standard > > busybox tools. Try changing it to 10.1.101.0 > 255.255.255.0 or similar. > > The wiki didn't call for entering any of this. I > can't even connect, though. So, how can the server > send this subnet to the client? What good would it > do at this point? But I tried entering it into the > conf anyway; still no success. Sounds like your date is good. I was just asking you to confirm that the date on both devices are correct. Openvpn keys are good for only a specific date range (starting from the day they are made). What I was recommending was to run the openvpn command directly like this: openvpn --cd /etc/openvpn --config /etc/openvpn/<myConfigFile>.conf If that doesn't work then normal startup scripts will not either. Any existing Ovpn processes should be stopped obviously. Running openvpn interactively also requires that you keep watching it on the screen actively. Cancelling it out will stop the program (and drop any connections). Try these, do the best you can, and post your configuration files if you still can't get it after tinkering with it. Andrew |
