1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TomatoVPN and WRT54G V2.2 - OpenVPN won't start

Discussion in 'Tomato Firmware' started by hclark, Jun 2, 2011.

  1. hclark

    hclark Networkin' Nut Member

    I just installed this (tomatovpn-1.27vpn3.6). I'm trying to set up the OpenVPN server, but it won't start.
    Before installation, the router already had an older (non-vpn) version of Tomato on. I gave it a 30-30-30 reset before installing the new version.

    I've followed the tutorials to generate the keys that I need, and put in the correct settings (I think).
    Here are the vpn server1 settings from nvram:

    vpn_server1_c2c=0
    vpn_server1_ca=-----BEGIN RSA PRIVATE KEY----- (deleted) -----END RSA PRIVATE KEY-----
    vpn_server1_ccd=0
    vpn_server1_ccd_excl=0
    vpn_server1_ccd_val=
    vpn_server1_cipher=default
    vpn_server1_comp=adaptive
    vpn_server1_crt=-----BEGIN CERTIFICATE----- (deleted) -----END CERTIFICATE-----
    vpn_server1_crypt=tls
    vpn_server1_custom=
    vpn_server1_dh=-----BEGIN DH PARAMETERS----- (deleted) -----END DH PARAMETERS-----
    vpn_server1_dhcp=1
    vpn_server1_firewall=auto
    vpn_server1_hmac=-1
    vpn_server1_if=tun
    vpn_server1_key=-----BEGIN RSA PRIVATE KEY----- (deleted) -----END RSA PRIVATE KEY-----
    vpn_server1_local=10.8.0.1
    vpn_server1_nm=255.255.255.0
    vpn_server1_pdns=0
    vpn_server1_plan=1
    vpn_server1_poll=0
    vpn_server1_port=1194
    vpn_server1_proto=udp
    vpn_server1_r1=192.168.1.50
    vpn_server1_r2=192.168.1.55
    vpn_server1_remote=10.8.0.2
    vpn_server1_reneg=-1
    vpn_server1_rgw=0
    vpn_server1_sn=10.8.0.0
    vpn_server1_static=



    When I check the log, I see this:

    Jun 1 16:28:11 unknown user.info kernel: device tun21 entered promiscuous mode
    Jun 1 16:28:11 unknown daemon.notice openvpn[401]: OpenVPN 2.1_rc19 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Aug 12 2009
    Jun 1 16:28:11 unknown daemon.warn openvpn[401]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes th
    Jun 1 16:28:11 unknown daemon.warn openvpn[401]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jun 1 16:28:12 unknown daemon.notice openvpn[401]: Diffie-Hellman initialized with 1024 bit key
    Jun 1 16:28:12 unknown daemon.err openvpn[401]: Cannot load CA certificate file ca.crt path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
    Jun 1 16:28:12 unknown daemon.notice openvpn[401]: Exiting
    Jun 1 16:28:12 unknown user.info init[1]: VPN_LOG_ERROR: 732: Starting VPN instance failed...


    It looks like it's not loading the certificates properly. There appears to be no /etc/openvpn directory.

    What have I done wrong?
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    There is no /etc/openvpn directory because it gets cleaned up with the server is stopped (including when it fails to start). Nothing to worry about there. If you want it to stick around after being stopped you can run
    Code:
    nvram set vpn_debug=4
    (plus "nvram commit" if you want it to stick after a reboot). This will do two things: increase the amount of logging done by my code (doesn't affect OpenVPN itself) and prevent deletion of the files created by the GUI.

    However, the problem is that you entered the CA Key instead of the CA Cert (the file you're copying from should have a .crt extension).
     
  3. hclark

    hclark Networkin' Nut Member

    Thanks!
     

Share This Page