1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato 1.27vpn OpenVPN Issue

Discussion in 'Tomato Firmware' started by dfrandin, Oct 3, 2011.

  1. dfrandin

    dfrandin Addicted to LI Member

    I have Tomato 1.27vpn on a Linksys WRT54GL. I have 3 permanent and several transient tunnels running on it and need to have the same end-point IP addresses assigned each time the client connects, and after the router is rebooted, or the endpoints are restarted. There seemed to be no way to accomplish this via the Tomato webgui, so a bit of googling found a workaround, which would seem to work fine, but does not. The workaround is to put a script into the Tomato Admin:Scripts:Firewall area as follows:

    sleep 10
    mkdir -p /etc/openvpn/server1/ccd/
    echo "ifconfig-push 10.10.XX.XX 10.10.XX.XX" > /etc/openvpn/server1/ccd/client1
    echo "ifconfig-push 10.10.XX.XX 10.10.XX.XX" > /etc/openvpn/server1/ccd/client2
    echo "ifconfig-push 10.10.XX.XX 10.10.XX.XX" > /etc/openvpn/server1/ccd/client3


    The endpoint IP addresses follow the requirements of the OpenVPN client endpoint table (in the Community Howto).

    This does not appear to run, such that when router is rebooted, endpoint addresses are assigned sequentially, and there is no /etc/openvpn/server1/ccd directory or client files. If I take the exact same code and run it manually from an ssh shell on the router, the ccd directory is created, and each client file is created with the "ifconfig-push" line. I've tried moving it from the firewall area to the wan-up area, with no change. As of now, I am forced to manually run the script, then /etc/init.d/openvpn restart each client... Any idea what's hozed here?? I don't recall where I got the script idea..

    Dave
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Easier would be to add
    Code:
    ifconfig-pool-persist /jffs/vpnip.txt
    to your custom config section with JFFS set up (or have a persistent file by some other mechanism).
     
  3. dfrandin

    dfrandin Addicted to LI Member

    Thanks for the reply..
    Can the ifconfig-pool-persist work via cifs1/cifs2? Not familiar with that OpenVPN command... I've never
    been able to get any jffs working on this router. Since I have the windows server running, and the cifs function works ok, I'd stuck with that..
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It should, yes. It pretty much just writes to that file to keep track of what IP addresses it has allocated to whom, then checks that file before every allocation to see if what IP it should give (if it's in the file, use that IP - if it's not, use an IP not in the file).
     
  5. dfrandin

    dfrandin Addicted to LI Member

    Thanks!! That seems to work, and since I keep the ipp.txt file on /cifs1, there's no problem with it getting fouled up when the router is rebooted..

    Dave
     

Share This Page