Tomato Mod v1.14.1291 with OpenVPN Routed!

Discussion in 'Tomato Firmware' started by elkabong33, Feb 10, 2008.

  1. elkabong33

    elkabong33 LI Guru Member

    Hello All,

    First of all please forgive me for starting a new OpenVPN thread but I need to get the correct configuration for using Tomato Mod v1.14.1291 in Routed. The other thread seems to focus on the bridged configuration.

    I tried everything I can think of but somehow I seem to be missing something. I am able to connect to the server from an OpenVPN-GUI client but not from my router running the Tomato Mod.

    Here is my hardware configuration:

    Server: OpenVPN running on a Supermicro Server

    Client: Buffalo WHR-HP-G54 running Tomato Mod v1.14.1291

    I put everything in the Init section because I always get an error when I put it in the Wanup section

    Init Script
    sleep 5
    insmod tun.o
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    ./myvpn --mktun --dev tun0
    sleep 5

    echo "
    proto udp
    dev tun
    ca ca.crt
    dh dh2048.pem
    cert client.crt
    key client.key
    remote x.x.x.x 1194
    ns-cert-type server
    cipher BF-CBC
    user nobody
    group users
    verb 2
    mute 20
    keepalive 10 120
    resolv-retry infinite
    " > /tmp/client.conf

    echo "
    my cert goes here
    -----END CERTIFICATE-----
    " > /tmp/ca.crt

    echo "
    my key goes here
    -----END RSA PRIVATE KEY-----
    " > /tmp/client.key
    chmod 600 /tmp/client.key

    echo "
    my client cert goes here
    -----END CERTIFICATE-----
    " > /tmp/client.crt

    my DH stuff goes goes here
    -----END DH PARAMETERS-----
    " > /tmp/dh1024.pem

    ./myvpn --config /tmp/client.conf

    Firewall Script
    iptables -I INPUT 2 -p udp --dport 1194 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

    I would be very grateful if someone could help me out here.

    Thanks in Advance

    El Kabong
  2. Toxic

    Toxic Administrator Staff Member

    what are your logs reporting?
  3. elkabong33

    elkabong33 LI Guru Member

    Hi Toxic,

    Here are my logs:

    BusyBox v1.9.0 (2008-01-19 04:42:38 IST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    # cd /tmp
    # ./myvpn --config /tmp/client.conf
    Sun Feb 10 14:23:20 2008 OpenVPN 2.1_rc4 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Jan 19 2008
    Sun Feb 10 14:23:20 2008 LZO compression initialized
    Sun Feb 10 14:23:20 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sun Feb 10 14:23:20 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sun Feb 10 14:23:20 2008 failed to find GID for group users: Inappropriate ioctl for device (errno=25)
    Sun Feb 10 14:23:20 2008 Exiting
  4. roadkill

    roadkill Super Moderator Staff Member Member

    I suggest to remove the group users and user nobody for start
  5. elkabong33

    elkabong33 LI Guru Member

    I thought the problem was because the server was running OpenVPN version 2.0_rc16 and OpenSSL version 0.9.7e. So I downgraded my router back to v1.10.1190 and still had the same issue.

    No I have managed to get a connection after regenerating the a new client conf. I am able to only browse the server's public IP and nothing else. I see that my router's routing table now has two default routes and I don't know how to correct this.

    default 0 tun1 0 tun1
    default 0 vlan1 (WAN)

    All want to route all internet traffic over the tunnel if that is possible. Is it possible?
  6. elkabong33

    elkabong33 LI Guru Member

    Ok from the router's tools I am able to run a traceroute or ping any IP or domain name but I am not able to from my Windows machine. I checked the routing from Windows and it looks fine to me.

    I tried this configuration on dd-wrt and it works fine. It would be really nice to get some help here!!!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice