1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN Manual Config

Discussion in 'Tomato Firmware' started by i1135t, Aug 23, 2010.

  1. i1135t

    i1135t Network Guru Member

    Hello everyone, I am running into an issue with configuring OpenVPN using CLI interface. When pinging my VPN LAN hosts by hostnames, I get no reply back. However, I can ping them fine through their IPs, so their hostnames are not resolving correctly to the correct DNS server. Here is my VPN log:
    Code:
    Aug 23 12:09:48 T1 user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
    Aug 23 12:09:52 T1 daemon.notice openvpn[208]: OpenVPN 2.1.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 13 2010
    Aug 23 12:09:52 T1 daemon.warn openvpn[208]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: Diffie-Hellman initialized with 1024 bit key
    Aug 23 12:09:54 T1 daemon.warn openvpn[208]: WARNING: file '/jffs/openvpn/server1/server.key' is group or others accessible
    Aug 23 12:09:54 T1 daemon.warn openvpn[208]: WARNING: file '/jffs/openvpn/server1/static.key' is group or others accessible
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: Control Channel Authentication: using '/jffs/openvpn/server1/static.key' as a OpenVPN static key file
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: ROUTE default_gateway=72.x.x.x
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: TUN/TAP device tun21 opened
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: TUN/TAP TX queue length set to 100
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: /sbin/ifconfig tun21 10.2.2.1 pointopoint 10.2.2.2 mtu 1500
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: /sbin/route add -net 10.2.2.0 netmask 255.255.255.0 gw 10.2.2.2
    Aug 23 12:09:54 T1 daemon.notice openvpn[208]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: Listening for incoming TCP connection on [undef]:443
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: Socket Buffers: R=[43689->131070] S=[16384->131070]
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: TCPv4_SERVER link local (bound): [undef]:443
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: TCPv4_SERVER link remote: [undef]
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: MULTI: multi_init called, r=256 v=256
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: IFCONFIG POOL: base=10.2.2.4 size=62
    Aug 23 12:09:54 T1 daemon.warn openvpn[314]: Note: sys_epoll API is unavailable, falling back to poll/select API
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: MULTI: TCP INIT maxclients=1024 maxevents=1028
    Aug 23 12:09:54 T1 daemon.notice openvpn[314]: Initialization Sequence Completed
    Aug 23 12:09:54 T1 daemon.notice openvpn[313]: OpenVPN 2.1.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Apr 13 2010
    Aug 23 12:09:54 T1 daemon.warn openvpn[313]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Aug 23 12:09:55 T1 daemon.notice openvpn[313]: Diffie-Hellman initialized with 1024 bit key
    Aug 23 12:09:56 T1 daemon.warn openvpn[313]: WARNING: file '/jffs/openvpn/server2/server.key' is group or others accessible
    Aug 23 12:09:56 T1 daemon.warn openvpn[313]: WARNING: file '/jffs/openvpn/server2/static.key' is group or others accessible
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: Control Channel Authentication: using '/jffs/openvpn/server2/static.key' as a OpenVPN static key file
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: TLS-Auth MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: ROUTE default_gateway=72.x.x.x
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: TUN/TAP device tun22 opened
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: TUN/TAP TX queue length set to 100
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: /sbin/ifconfig tun22 10.3.3.1 pointopoint 10.3.3.2 mtu 1500
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: /sbin/route add -net 10.3.3.0 netmask 255.255.255.0 gw 10.3.3.2
    Aug 23 12:09:56 T1 daemon.notice openvpn[313]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: Socket Buffers: R=[65535->131070] S=[65535->131070]
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: UDPv4 link local (bound): [undef]:1194
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: UDPv4 link remote: [undef]
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: MULTI: multi_init called, r=256 v=256
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: IFCONFIG POOL: base=10.3.3.4 size=62
    Aug 23 12:09:56 T1 daemon.notice openvpn[351]: Initialization Sequence Completed
    I did notice that the "ROUTE default_gateway=" in the log above points to my WAN gateway. I am not sure if it should or should not be that... I'm thinking the problem I am having may be related to this...
    Here is my server config:
    Code:
    daemon
    server 10.2.2.0 255.255.255.0
    proto tcp-server
    port 443
    dev tun21
    cipher AES-256-CBC
    comp-lzo adaptive
    keepalive 15 60
    verb 3
    push "route 192.168.1.0 255.255.255.0"
    #client-config-dir /jffs/openvpn/server1/ccd
    client-to-client
    push "dhcp-option DOMAIN home.lan"
    push "dhcp-option DNS 192.168.1.1"
    push "redirect-gateway def1"
    tls-auth /jffs/openvpn/server1/static.key
    ca /jffs/openvpn/server1/ca.crt
    dh /jffs/openvpn/server1/dh.pem
    cert /jffs/openvpn/server1/server.crt
    key /jffs/openvpn/server1/server.key
    #status-version 2
    #status /jffs/openvpn/server1/status
    script-security 3
    auth-user-pass-verify /etc/quickAuth.sh via-env
    keepalive 10 120
    
    And my client config:
    Code:
    dev tun
    proto tcp
    remote x.x.x.x 443
    auth-user-pass
    cipher AES-256-CBC
    dhcp-option DOMAIN home.lan
    resolv-retry infinite
    client
    ca ca.crt
    cert zeek7.crt
    key zeek7.key
    tls-auth static.key
    ns-cert-type server
    key-method 2
    auth-nocache
    auth SHA1
    nobind
    comp-lzo
    float
    Any help would be appreciated, thanks!
     

Share This Page