1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TomatoVPN - Am I missing something....

Discussion in 'Tomato Firmware' started by paped, Jul 4, 2010.

  1. paped

    paped LI Guru Member

    ....probably obvious!

    OK what I am trying to do is replicate the OpenVPN set-up I had on a 24x7 running PC on TomatoVPN.... This did...

    1) Allowed me to connect (mainly for testing) via the local wireless/LAN and set-up a tunnel (on the same LAN that the router is on) but I cannot get this working with TomatoVPN I need to be on my 3G dongle to connect. If I try to connect from my LAN I just get a TLS timeout error following by a TLS Handshake failed line, followed by "SIGUSR1[soft,ping-restart] received, client-instance restarting" line in my Tomato log file? 3G/external IP connects OK - but please see further issue below.

    2) When I connect route all traffic from the client via the VPN for both internet and LAN endpoints. When I connect (externally) to TomatoVPN either by TUN or TAP methods the router says connected, my client (Ubuntu,Gnome Network manager) says I'm connected but I cannot get to anywhere on my LAN or internet - not even to the routers web admin page. Google just says "looking up...." in my browser then times out. Its as if it has no DNS but I am pushing the DNS details to the client by what's in the log file on the router. As it is sending 'PUSH_REPLY,dhcp-option DOMAIN abcabc,dhcp-option WINS 192.168.0.1,dhcp-option DNS 192.168.0.100,route-gateway 192.168.0.100,redirect-gateway'. For TUN I use the subnet of 10.7.0.0/24, for TAP I use a range from higher up in my 192.168.0.x subnet that I use on my router as if I use DHCP or any range other than the 192.168.0.x range the TAP connection fails.... so I assume this is correct? I also have everything ticked on the advanced page except "Allow only these clients" which should allow what I want to do and give the same options that I had in my PC's server.conf. However all I get in the log file is a number of "Authenticate/Decrypt packet error: packet HMAC authentication failed" errors followed by a number of "read UDPv4 [ECONNREFUSED]: Connection refused (code=146)" errors and then the "inactivity timeout" and "SIGUSR1[soft,ping-restart] received, client-instance restarting" error which seem to disconnect the client?

    I know the certs are OK as they are my original ones that I have been using with OpenVPN for more that 18 months....

    So I am totally baffled why this does not seem to work, hence after nights of checking forum etc I am thinking that I must somehow be missing something somewhere.... so any help or pointers in the right direction would be greatly appreciated.
     
  2. Dagger

    Dagger Serious Server Member

    Running OpenVPN on a LAN Host is a bit different than running OpenVPN on the LAN Router. Because TomatoVPN runs on the router, I think the GUI makes certain assumptions and uses them to build the server config file and also adjust the firewall/routing tables. Which is the right thing to do because I don't know why you would want to connect to a VPN server on your local network in the first place. That's like taking a bath and calling it skinny-dipping.

    It's been noted several times that you should make every effort to have your client and your server in different subnets/networks. This is why it is recommended that you change your home network from the common 192.168.1.0/24 network to something less common like 192.168.53.0/24 This way, if you find yourself at a coffee shop somewhere and their network is 192.168.1.0/24 you won't have any trouble connecting to your home network.

    Other than that... we'd have to see your config files to be able to tell more...
     

Share This Page