1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

newbie questions about VPN setup

Discussion in 'Tomato Firmware' started by toolbox, Sep 29, 2009.

  1. toolbox

    toolbox Addicted to LI Member

    Intall the version 1.25 of tomato with VPN. Generated the keys for both the router and the client PC using the link on the VPN setup page of the router. Those seems Ok but I am not sure if I am doing it right. When I click connect from the OpenVPN GUI, I got the following messages:

    Mon Sep 28 17:03:37 2009 OpenVPN 2.1_rc19 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 16 2009

    Mon Sep 28 17:03:37 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

    Mon Sep 28 17:03:37 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

    Mon Sep 28 17:03:37 2009 LZO compression initialized

    Mon Sep 28 17:03:37 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Mon Sep 28 17:03:37 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

    Mon Sep 28 17:03:37 2009 Local Options hash (VER=V4): '41690919'

    Mon Sep 28 17:03:37 2009 Expected Remote Options hash (VER=V4): '530fdded'

    Mon Sep 28 17:03:37 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]

    Mon Sep 28 17:03:37 2009 UDPv4 link local: [undef]

    Mon Sep 28 17:03:37 2009 UDPv4 link remote: my_ip_address:1194

    I am test this with my laptop inside the router.
    I notice a "TAP-Win32 Adapter V9" is added to my network connections but it does not being used. Do I need to somehow link it to OpenVPN?

    An off-topic question. I have this running on an Asus WL-520gu. Is there a way to use the USB port for printer with this version of the firmware?
    Thank you in advance.
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    From inside the router you'll have to use the router's LAN address.

    If you use one of the USB+VPN versions, then yeah, you'll be able to use USB.
     
  3. toolbox

    toolbox Addicted to LI Member

    SgtPepperKSU, Thanks, with router's LAN address, I am able to verify the VPN connection.
    For my current setup, I am using your latest release. Maybe I overlooked, but I believe there is release that has VPN and USB printer support.
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    teddy_bear (who releases the main USB mod) has a USB+VPN build, and thor2002 has a VPN+USB+SD+etc+etc+etc mod (incorporates features from my, teddy_bear's, and other mods).
     
  5. toolbox

    toolbox Addicted to LI Member

    When I take the laptop to a public hotspot, I got similar messages as the first post:
    Tue Sep 29 10:53:11 2009 OpenVPN 2.1_rc19 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 16 2009
    Tue Sep 29 10:53:11 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Tue Sep 29 10:53:11 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Tue Sep 29 10:53:11 2009 LZO compression initialized
    Tue Sep 29 10:53:11 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Tue Sep 29 10:53:11 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Sep 29 10:53:11 2009 Local Options hash (VER=V4): '41690919'
    Tue Sep 29 10:53:11 2009 Expected Remote Options hash (VER=V4): '530fdded'
    Tue Sep 29 10:53:11 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Sep 29 10:53:11 2009 UDPv4 link local: [undef]
    Tue Sep 29 10:53:11 2009 UDPv4 link remote: <ip address provided by ISP>:1194

    I updated the config file with the correct remote ip address before connection is attempt.
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    There is probably a firewall issue somewhere between you and your router. They changing the port and/or protocol.

    Does anything show up at all on your router's logs when you try to connect?
     
  7. toolbox

    toolbox Addicted to LI Member

    The log has nothing relate to vpn. As a matter of fact, nothing at all around the time the access is attempted.

    BTW: the attempt was made at a Starbucks outlet.
     
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Then something is blocking you. Probably either the hotspot or your ISP. Try changing port and/or protocol.
     
  9. toolbox

    toolbox Addicted to LI Member

    Thanks, I changed the port (to 1294), the protocol (UDP to TCP) and the Starbucks store. Now just have to figure which of the three did the job. :)

    I also want to test out the performance of web browsing if I route all the internet traffic through the router first.

    Thank you again for the VPN release and the write up.
     
  10. toolbox

    toolbox Addicted to LI Member

    another newbie question... I check marked ""Direct clients to redirect Internet traffic" but how would I check the internet traffic is actually going from the laptop from outside of my router to the router then back out again?
    Thanks.
     
  11. vajonam

    vajonam Addicted to LI Member

    Try hitting "ipchicken.com" or "whatismyip.com" if that shows your router's WAN IP that means all is well. if not then its still going thru the local network.
     
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Browse to http://checkip.dyndns.org/ from the laptop and see that it shows the router's IP.
     
  13. Delta221

    Delta221 Addicted to LI Member

    Download Wireshark onto the client machine, and look at the ip address where the packets are being sent to. All you should see under the LAN network interface are packets directed to the host ip address. You should not be able to see any DNS requests, or http traffic under the LAN interface... You can then sniff on the VPN interface, and you should be able to see all traffic and DNS requests.
     
  14. toolbox

    toolbox Addicted to LI Member

    Thanks. With ipchicken.com and checkip.dyndns.org, I verified my internet traffics are routed through the router. I go to these sites before and after I connected with my VPN and can see the changes of my IP address.
    With this, I think now I have a secure way to check my web mails at any public wifi spots.
     
  15. toolbox

    toolbox Addicted to LI Member

    Run into a bit of problem tonight. I was at Borders tonight trying out their free WiFi. Sign on and connect to VPN. I can access my PC's behind the router and the router's gui, but I don't have internet access. IE, Firefox and Windows Live Mail all timed out. If I disconnect the VPN, browsers and WLM all work. I didn't see anything stand out when I look at router's log. Is there some other places I can check to see what is going on?
     
  16. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You can try to run
    Code:
    nslookup www.google.com
    If that fails, then it is a DNS issue. In that case, you should check the "Respond to DNS" and "Advertise DNS to clients" on the server. That will make the clients use it as their DNS server. What's likely going on is you laptop was told to use the the Border's DNS servers, but they aren't accessible from the internet. Then when you send all of your traffic over the tunnel, it tries to access their server's over the internet from the server router, and that fails. This would only happen if the DNS server were on a different subnet, but not accessible from the internet.
     
  17. toolbox

    toolbox Addicted to LI Member

    Thanks. Would it work if I set my laptop to use opendns' servers instead?
     
  18. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Sure, if DNS is actually the problem.
     

Share This Page