1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Connecting Ubuntu or MacOS to TomatoVPN Router

Discussion in 'Tomato Firmware' started by jochen, Dec 6, 2010.

  1. jochen

    jochen LI Guru Member

    I have some difficulties connecting MacOS and Ubuntu Clients to my TomatoVPN Router.

    I have the following environment:
    At home there is a Asus RT-16N with TomatoUSB VPN version. Net address is 192.168.1.0.
    The VPN server is configured with tap device (bridging) and static key.

    At my second home I have a WRT54GL with Victek RAF Tomato. Net address is 192.168.2.0.

    I can connect with Windows and OpenVPN GUI to my router at home without any problems. So I think Tomato is configured correctly.

    On MacOS (using Tunnelblick) and Ubuntu (using Network manager with OpenVPN plugin and/or gopenvpn) connection is not possible (using the same openvpn client config file than in the working windows setup).

    So is here some MacOS or Ubuntu specialist who can explain what steps are needed to establish the connection?

    The tunnel is established, but there is no routing to the new tap interface.
    Neither on MacOS nor on Ubuntu the tap interface gets its configuration via DHCP from TomatoVPN. Maybe there are some up scripts needed to make the interface working???

    What commands are necessary to force the tap interface to get its configuration through dhcp?

    Is this a bug in the tap interface implementation on MacOS and Linux?
     
  2. occamsrazor

    occamsrazor Network Guru Member

    I'm afraid I'm not knowledgeable enough to help with your specific problem, but for a Mac OpenVPN client I much prefer Viscosity to Tunnelblick. It's $9 but they have a 30-day trial you could have a go with to see if it improves anything. I use it with a TAP tunnel, though not static-key (although I used to), on TomatoVPN.
     
  3. jochen

    jochen LI Guru Member

    Thanks for that hint to Viscosity. I will try that next on MacOS.

    On my Ubuntu installation I proceeded one step. DHCP is not working because of reasons I don't know. I now configured the tap interface in the OpenVPN config with a static address, adding these commands:

    Code:
    ifconfig 192.168.1.200 255.255.255.0
    
    ifconfig-nowarn
    Now the tap interface comes up and is working. I can ping hosts on the foreign net and can browse the web interface of my NAS.

    I installed gopenvpn to start the tunnel from the menu bar.

    I had no sucess in using Ubuntus NetworkManager. I can enter the above ifconfig command, using remote address for the netmask. The tunnel can be started and hosts on the remote net can be reached, but then my access to internet is cut off. It tries to route all traffic to the remote gateway, but that got stuck there.

    Edit:
    I now installed Viscosity on my Mac and it worked out of the box! That's really a great OpenVPN Client, much better than Tunnelblick.

    Now the only questions are:
    why is DHCP not working on Ubuntu?
    and why does Ubuntus NetworkMangers these stranges things with routing table?
    gopenvpn is a good alternative, but it's hard to install. There is no package for it, and it does not compile without a lot of knowledge and installation of some extra tools.
     
  4. roadkill

    roadkill Super Moderator Staff Member Member

    sudo apt-get install network-manager-openvpn
    it works for me without problems, I suggest you use PSK instead of static key

    in Ubuntu you could also use SSH Tunnel if you don't need access to the whole port range
    sudo apt-get install gstm

    :grin:
     
  5. jochen

    jochen LI Guru Member

    Do you use routing or bridging? (tun or tap)
    IMHO bridging is not well supported in network-manager-openvpn.
     
  6. roadkill

    roadkill Super Moderator Staff Member Member

    Network Manager has some issues I installed mine from launchpad third party repository, what Ubuntu version are you using?

    I've used the same configuration file for OpenVPN and Windows before and it worked just fine configured it via console (/etc/network/interfaces) and bridged(brctl) it to one of the other interfaces
    if you could provide a log of the OpenVPN connection attempts configured with dhcp perhaps I could provide some assistance
     
  7. jochen

    jochen LI Guru Member

    I'm using the latest 10.10.

    How can I configure that manually?

    I don't know how to get logs when connecting with network manager. So here is the log when I connect through gopenvpn:

    Code:
    Thu Dec  9 17:53:27 2010: MANAGEMENT: CMD 'state on'
    Thu Dec  9 17:53:27 2010: MANAGEMENT: CMD 'auth-retry interact'
    Thu Dec  9 17:53:27 2010: MANAGEMENT: CMD 'hold release'
    Thu Dec  9 17:53:27 2010: WARNING: --ping should normally be used with --ping-restart or --ping-exit
    Thu Dec  9 17:53:27 2010: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Thu Dec  9 17:53:27 2010: /usr/sbin/openvpn-vulnkey -q vpnkey.key
    Thu Dec  9 17:53:27 2010: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec  9 17:53:27 2010: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec  9 17:53:27 2010: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu Dec  9 17:53:27 2010: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu Dec  9 17:53:27 2010: LZO compression initialized
    Thu Dec  9 17:53:27 2010: MANAGEMENT: >STATE:1291913607,RESOLVE,,,
    Thu Dec  9 17:53:27 2010: TUN/TAP device tap0 opened
    Thu Dec  9 17:53:27 2010: TUN/TAP TX queue length set to 100
    Thu Dec  9 17:53:27 2010: Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
    Thu Dec  9 17:53:27 2010: Local Options hash (VER=V4): '83c3b015'
    Thu Dec  9 17:53:27 2010: Expected Remote Options hash (VER=V4): '83c3b015'
    Thu Dec  9 17:53:27 2010: Socket Buffers: R=[114688->131072] S=[114688->131072]
    Thu Dec  9 17:53:27 2010: UDPv4 link local (bound): [undef]
    Thu Dec  9 17:53:27 2010: UDPv4 link remote: [AF_INET]188.174.114.34:1194
    Thu Dec  9 17:53:37 2010: Peer Connection Initiated with [AF_INET]188.174.114.34:1194
    Thu Dec  9 17:53:39 2010: Initialization Sequence Completed
    Thu Dec  9 17:53:39 2010: MANAGEMENT: >STATE:1291913619,CONNECTED,SUCCESS,,188.174.114.34
    
    
    This is the output from ifconfig after the connection is established:
    Code:
    tap0      Link encap:Ethernet  Hardware Adresse 02:0d:fe:9c:12:fe  
              BROADCAST MULTICAST  MTU:1500  Metrik:1
              RX packets:8 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              Kollisionen:0 Sendewarteschlangenlänge:100 
              RX bytes:2890 (2.8 KB)  TX bytes:0 (0.0 B)
    As you can see, the tap0 interface is down and it has no ip.
     
  8. roadkill

    roadkill Super Moderator Staff Member Member

    let's first try without network manager as this simplifies things a bit and please add to config verb 8 and post your client config file, without keys
     
  9. jochen

    jochen LI Guru Member

    I cannot get a connection with verb8.
    The log is very large, so I have attached it as gzip file. Maybe you have to rename it to .gz to expand it.
     

    Attached Files:

  10. roadkill

    roadkill Super Moderator Staff Member Member

    you need to define some parameters for tun
    Code:
    Fri Dec 10 06:10:51 2010 us=184988   ifconfig_local = '[UNDEF]'
    Fri Dec 10 06:10:51 2010 us=185000   ifconfig_remote_netmask = '[UNDEF]'
    ...
    Fri Dec 10 06:10:51 2010 us=187426   ifconfig_pool_defined = DISABLED
    Fri Dec 10 06:10:51 2010 us=187440   ifconfig_pool_start = 0.0.0.0
    Fri Dec 10 06:10:51 2010 us=187454   ifconfig_pool_end = 0.0.0.0
    Fri Dec 10 06:10:51 2010 us=187468   ifconfig_pool_netmask = 0.0.0.0
    
    I suggest that you also set the routing parameters manually, default options varies between Windows and Linux...
    Code:
    Fri Dec 10 06:10:51 2010 us=185705   route_default_gateway = '[UNDEF]'
    Fri Dec 10 06:10:51 2010 us=185717   route_default_metric = 0
    Fri Dec 10 06:10:51 2010 us=185821   route_nopull = DISABLED
    Fri Dec 10 06:10:51 2010 us=185833   route_gateway_via_dhcp = DISABLED
    
     
  11. jochen

    jochen LI Guru Member

    Where must I set exactly what?
    On Tomato or in Ubuntu?
    Which file?
    And why tun when I use tap?
     
  12. roadkill

    roadkill Super Moderator Staff Member Member

    you can set it either side if you set it on Tomato you need to define pull option for what you've set...
    use TUN/TAP relevant options
     

Share This Page