From: Gary B. <ga...@cw...> - 2010-03-31 14:38:52
|
I have a problem where I can setup an openvpn server to accept openvpn GUI clients connecting and everything works but when I try to get a point-to-Point working with another router it fails to complete successfully. both routers have this version installed DD-WRT v24-sp2(10/10/09) vpn, build 13064 on both ends with wrt310N routers at both ends. server config is; ********************************* Startup script ******************* assign an ip to the Tunnel sleep 45 openvpn --mktun --dev tap0 brctl addif br0 tun0 ifconfig tun0 192.168.100.1 netmask 255.255.255.0 promisc up ********************************** Firewall iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT iptables -I INPUT 1 -p icmp -j ACCEPT iptables -I INPUT 1 -i tun+ -j ACCEPT iptables -I FORWARD 1 --source 192.168.10.0/24 -j ACCEPT iptables -I FORWARD 1 -i br0 -o tun0 -j ACCEPT iptables -I FORWARD 1 -i tun0 -o br0 -j ACCEPT iptables -I FORWARD 1 -p icmp -j ACCEPT ************************** server openvpn config mode server proto udp port 1194 dev tun0 dev-type tap keepalive 10 120 push "route 192.168.10.0 255.255.255.0" server 192.168.100.0 255.255.255.0 #route to be established on the server route-up "route delete -net 192.168.100.0/24" route-up "route add -net 192.168.100.0/24 tun0" #route to push to clients push "route 192.168.10.0 255.255.255.0" push "dhcp-option DOMAIN cwa.com" push "dhcp-option DNS 192.168.10.1" push "route 192.168.10.1" verb 3 comp-lzo client-to-client tls-server management localhost 5001 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem ******************* openvpn gui that works **************** Window 7 laptop client dev tap proto udp remote 192.168.10.166 1194 route-method exe route-delay 2 resolv-retry infinite nobind persist-key persist-tun ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt" cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\gary-mobile.crt" key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\gary-mobile.key" tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 pull ns-cert-type server cipher BF-CBC # Blowfish (default) encrytion comp-lzo verb 3 ******************** the cleint router config generated when choosing the client option client dev tun proto udp remote 192.168.10.166 1194 resolv-retry infinite nobind persist-key persist-tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt ns-cert-type server key /tmp/openvpncl/client.key comp-lzo initial tests with this configuraton results in no routing changes to the routing table, no adds for the remote network or the virutal interface network. and no assignment of an ip to the tun0 interface. ************* change in openvpn.conf in the /tmp/openvpncl directory to attempt to solve those problems client dev tun0 proto udp remote 192.168.10.166 1194 resolv-retry infinite nobind persist-key persist-tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 float pull ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt ns-cert-type server key /tmp/openvpncl/client.key comp-lzo verb 5 made no changes. |