1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN build with Web GUI

Discussion in 'Tomato Firmware' started by SgtPepperKSU, Oct 10, 2008.

  1. DervMan

    DervMan LI Guru Member

    Routing not right on client....

    I have two wrt54's running 1.27vpn3.6. One wrt is setup as a 'server' the other a 'client'

    I've got it to a point where the tunnel comes up and I can ping the 'tun' IP's.

    However PC's on the client side can't ping any device on the server side.

    If I add a route manually to the client wrt everything works!

    The Server side is 172.16.1.0/24
    The Client side is 172.16.0.0/24

    Server config.ovpn
    Code:
    # Automatically generated configuration
    daemon
    ifconfig 10.0.1.1 10.0.1.2
    proto tcp-server
    port 1194
    dev tun21
    comp-lzo adaptive
    keepalive 15 60
    verb 3
    secret static.key
    status-version 2
    status status
    
    Client config.ovpn
    Code:
    # more config.ovpn
    # Automatically generated configuration
    daemon
    dev tun11
    proto tcp-client
    remote xxxxyyyy.homelinux.net 1194
    ifconfig 10.0.1.2 10.0.1.1
    resolv-retry 30
    nobind
    persist-key
    persist-tun
    comp-lzo adaptive
    verb 3
    secret static.key
    status-version 2
    status status
    
    # Custom Configuration
    
    Here's the (working) routing table on the client wrt with the manually added route (public IP's changed)
    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.0.1.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun11
    192.168.2.0     172.16.0.114    255.255.255.0   UG    2      0        0 br0
    172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 br0
    172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 tun11
    1.2.3.0    0.0.0.0         255.255.252.0   U     0      0        0 vlan1
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    0.0.0.0         1.2.3.4    0.0.0.0         UG    0      0        0 vlan1
    #
    Here's the client routing table in it's 'not working' state.
    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.0.1.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun11
    192.168.2.0     172.16.0.114    255.255.255.0   UG    2      0        0 br0
    172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 br0
    1.2.3.0    0.0.0.0         255.255.252.0   U     0      0        0 vlan1
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    0.0.0.0         1.2.3.4    0.0.0.0         UG    0      0        0 vlan1
    #

    I have 'Create NAT on tunnel' enabled.

    Any thoughts why the 172.16.1.0/24 route isn't being added to the client wrt routing table when the VPN comes up?
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    This is why your GUI had a "Routes must be configured manually" comment show up with your configuration. Using static key mode, the client has no way of knowing what the server subnet looks like. If you had used TLS, the server would have pushed that information to the client.
     
  3. DervMan

    DervMan LI Guru Member

    Ahh I didn't realise it related to the type of VPN.

    When I first hit this issue I added the following to 'WAN up' on the client side.

    route add -net 172.16.1.0 netmask 255.255.255.0 dev tun11

    This worked for a while but after the VPN had been up for a good four hours the route which had been added at boot by the 'WAN up' was removed.

    I'm guessing that the tunnel had dropped due to inactivity at which point the routing entry was removed.

    Any thoughts/comments re the disappearing route?
     
  4. DervMan

    DervMan LI Guru Member

    Anyone else with the 'routing' problem here's a simple fix.

    Don't use the 'WAN up' script as the routing entry will be dropped if the VPN tunnel goes down.

    Add a route entry for the remote network - you'll need to add this on both the server and client routers.

    Instead in 'VPN Tunneling' 'Server/Client' 'Advanced'

    So in my case the Server end had
    Code:
    route 172.16.0.0 255.255.255.0
    and the Client end had
    Code:
    route 172.16.1.0 255.255.255.0
     
  5. DervMan

    DervMan LI Guru Member

    Thank you

    Thanks to SgtPepperKSU for coding all this and providing great support too.

    THANK YOU.
     
  6. Goggy

    Goggy Network Guru Member

    Short Question: in a "Dual-TomatoVPN-Config" should it be possible to ping (and access) the Server from the Client and vice versa? I've set up such a Config and currently it's only working in one Direction: Client --> Server.
    In the opposite Direction i cant do anything over the VPN ... It's a standard TUN/UDP/TLS - Setup over the WebIF with no special Settings etc ...
    Thx!

    Greets
    Goggy
     
  7. Anubis14

    Anubis14 Addicted to LI Member

    trying to connect 2 networks...

    Here is the current situation: I have a bunch of networked and shared pc's at the office behind a tomato router. I have a bunch of pc's at home networked and shared behind a tomato router. I managed to have the routers vpn each other. I was under the understanding this would allow me to access the office networks shared hard drives from home, but I cannot. And I am stumped. I am sorry, I know I am basically asking spoon feeding, but any help is appreciated.

    I took screenshots of both routers. Red is server (Office) and blue is client (home)

    1.

    [​IMG]

    [​IMG]

    2.

    [​IMG]

    [​IMG]

    3.

    [​IMG]

    [​IMG]

    4.

    [​IMG]

    [​IMG]

    Thank you again.
     
  8. WRobertE

    WRobertE Addicted to LI Member

    Under the settings for the Office router (Server 1 -> Advanced), the subnet you specified doesn't seem correct to me.

    Shouldn't that be 192.168.0.0 instead of 192.168.0.100?

    You might also consider changing the encryption cipher from AES-128-CBC to BF-CBC. From what I've read, Blowfish (BF) provides higher performance than AES and is still very secure. I'd be interested to hear what performance difference you find between these two encryption cipher choices.

    More about it here:
    http://www.linksysinfo.org/forums/archive/index.php/t-59416-p-38.html
     
  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    http://tomatovpn.keithmoyer.com/2009/03/client-specific-options.html
     
  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It would also help to have a description of what isn't working. Are you just trying to browse to the computers in "Network Neighborhood"? Resolving host names to ip addresses? Pinging ip addresses from the client LAN? Pinging ip addresses from the client router?
     
  11. pendetim

    pendetim Addicted to LI Member

    I am thinking about installing the Tomato VPN build on a Asus RT-16N router. This router has USB ports that I would also like to use for an attached HDD to back stuff up with.

    1. Any "gotcha's" putting Tomato VPN on an Asus? Which version is most stable?
    2. Is there any stable Tomato VPN build that supports the USB functionality?

    TIA.. Tim
     
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    TomatoVPN itself doesn't support the USB functionality, but TomatoUSB does (thus, the name). It provide a large number of different builds, some of which include all of the VPN additions I've made in TomatoVPN. Open source, ftw. :)

    TomatoUSB download page

    See the links below for specifics, but you'll want the "Kernel 2.6 (experimental) for MIPSR2 Routers"->"VPN" build from the download page.

    TomatoUSB home page
    Matrix of which builds have which features.
    Explanation of which build type you need.

    EDIT: Oh, and as far as I know, the Asus RT-N16 is well supported by TomatoUSB.
     
  13. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Okay, so it's become apparent that time to work on this won't fall into my lap like it used to (my life has changed a lot in the last couple years). However, I am going to consciously start setting aside time to work on this.

    Over time, there have been several things that I said I'd try to get into the next release. However, enough time has gone by that I'm finding it difficult to track them all down. I've created a TomatoVPN issue tracker at GitHub, and I'd really appreciate it if people started using it to let me know what I need to work on. I've already got a few things in my local code repo, but I know there are others I should tackle before starting regression testing for a release.

    Thanks!
     
  14. pendetim

    pendetim Addicted to LI Member

    I got the OpenVPN + USB build 1.28 running on my Asus RT-16N. After a week or so I just stopped connecting to the remote client and did not show anything specific in the logs. A power cycle seemed to get it going again.

    I probably need to do a NVRAM clear just to wipe out all the poking I did before I got it running however I don't want to loose the configuration. If I make a backup of the configuration using the router's menu system, then do a NVRAM clear, can I use the configuration restore function to get back my working configuration? I assume so but just want to check, Just In Case.

    Thanks, Tim
     
  15. Toastman

    Toastman Super Moderator Staff Member Member

  16. pendetim

    pendetim Addicted to LI Member

    I am running tomato v1.28.9054 MIPSR2-beta K26 USB vpn3.6 Server on a Asus RT-16N and am seeing really poor performance. For example when I connect to the client, often times the connection takes 15-20 seconds to establish itself. When I do a Ping /t to the client, it will time out as "unreachable" two or three times exactly every 30 seconds. Trying to connect to the Asus RT-16N over the lan can take 10 seconds when the VPN is connected. When the VPN server is running but not connected, connection seems fine. CPU load is always showing as 0.

    I have 2 boxes running the VPN client. One is a WRT54GL with v1.25vpn3.4.4a8380cb and the other is the Asus. Both are inside my lan and connect to the outside world through Static Routes and Open Ports from my Draytek router.

    It is not the remote connection as when I switch to the WRT54GL with 1.25, things are smooth and the client responds to the ping all day long.

    In the Asus the only fancy thing I am doing is to use the service vpnserver1 start and service vpnserver2 start to start server 1 and 2 when I reboot. I am not using the USB function in this build.
    Under the advanced VPN server tab I have the following custom configuration:
    keepalive 10 60
    ping-timer-rem
    float
    ;duplicate-cn

    Any one have any idea what is going on here? It seems this new, fancy, fast, memory filled router can't hold a candle to the old WRT54GL.

    Am I using the wrong build? Should I be looking at a 1.27 or a 1.25 build?
     
  17. Toastman

    Toastman Super Moderator Staff Member Member

    This really isn't normal, so you need to begin a process of elimination if you want to find out what is causing this. Erase NVRAM, set up router with minimal config, and see if speed is restored. Than add one thing at a time, test, etc. until you find the cause. Then after that, you may find something wrong. (Hopefully). Also, 9054 is quite an old build, many odd bugs and updates since then. You *may* find that using a newer build fixes your problem, if it does, then you needn't waste your time looking for the cause.
     
  18. pendetim

    pendetim Addicted to LI Member

    Thanks, Toastman

    Would you recommend this one as a newer build? tomato-K26USB-1.28.7483MIPSR2-Toastman-RT-VPN.trx

    Can I use the Tomato upgrade function to upgrade or should I use the "Asus" upgrade method?
     
  19. Toastman

    Toastman Super Moderator Staff Member Member

  20. pendetim

    pendetim Addicted to LI Member

  21. kenyloveg

    kenyloveg LI Guru Member

    Hi, Guys
    I have a problem, my site to site connection is interrupted sometime.
    I guess this was caused by (from system log):
    Code:
    TLS: tls_process: killed expiring key
    This log happens every hour.
    What should i config to make the connection to be continuous once tunnel is up?
    Thanks and have a good day.
     
  22. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The "killed expiring key" message is normal. TLS uses asymmetric keys to authenticate initially, then uses that to negotiate temporary symmetric keys to actually use from there on (because it's less resource intensive). You can adjust how often they expire, but it's expected to be somewhat short.

    Are there any other messages that happen when you have problems?
     
  23. kenyloveg

    kenyloveg LI Guru Member

    Code:
    Sep 29 14:22:42 WL-500GP daemon.notice openvpn[675]: ABCD-EF/123.123.123.123:41902 TLS: tls_process: killed expiring key
    Sep 29 14:22:49 WL-500GP daemon.notice openvpn[675]: ABCD-EF/123.123.123.123:41902 TLS: soft reset sec=0 bytes=13140486/0 pkts=34096/0
    This soft reset does not happen on another router, the 2 client routers are same ovpn configurations except the keys.

    Any ideas? Thx
     
  24. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The expiring key and soft-reset are both expected. Not sure why you aren't seeing it on the other config.

    There really aren't any other messages?

    You can always disable the renegotiation with
    Code:
    reneg-sec 0
     
  25. chris neitzert

    chris neitzert Networkin' Nut Member

    Hi, I have spent the better part of the past week goggling and trying everything i find to the weird problem I am experiencing with OpenVPN on Tomato v1.28.0407 MIPSR2-Toastman-VLAN-RT K26 USB VPN, Most of the things I have tried have come from this forum here, and I hope it is the right place to post this odd issue:

    I am using a Cisco/Linksys E4200 as a LAN/WAN router and OpenVPN client to connect to an OpenVPN server at my colocation.

    The basic facts:
    LAN: 192.168.0.1/24
    Datacenter: 10.54.73.0/24
    Tun11: inet addr:172.16.18.38 P-t-P:172.16.18.37

    I can get it to connect, encryption works fine. From the router I can ping the hosts on the server network, but i am unable to connect to anything (ssh, mstsc, etc) , ping, or see the network on the far side from the LAN.

    My guess is that I have some route issue, however I have added routes and nothing appropriate seems to help;

    The VPN Server that I am connecting to has the following Configuration
    --Remote VPN Server Config--
    local RE.DA.CT.ED #IP Removed for my comfort.
    port 5008
    proto udp
    dev tun
    ca ca.crt
    cert my.crt
    key my.key
    dh dh2048.pem
    server 172.16.18.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "route 10.50.73.0 255.255.255.0"
    client-config-dir ccd
    keepalive 10 120
    tls-auth ta.key 0
    comp-lzo
    max-clients 50
    user openvpn
    group openvpn
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    ---END---

    My Local Client is configured as such:
    --Local VPN Client Basic Page--
    Start with WAN [X]
    Interface Type [ TUN ]
    Protocol [UDP]
    Server Address/Port: RE.DA.CT.ED:5008 #changed for my comfort
    Firewall [AUTOMATIC]
    Authorization Mode [TLS] #works with both TLS and static key
    Extra HMAC authorization (tls-auth) [Bi-Directional] # this seems to work best.
    Create NAT on tunnel Routes must be configured manually. #unchecked, as i want routed, not nat (i think)
    ---END---
    --Local VPN Client Advanced Page--
    client
    script-security 2
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca /path/toca.crt
    cert /path/to/office-router.crt
    key /path/to/office-router.key
    ns-cert-type server
    tls-auth /path/to/ta.key 1
    verb 5
    ---END---

    --BEGIN /var/log/messages--
    Oct 26 15:15:33 gw user.info kernel: tun: Universal TUN/TAP device driver, 1.6
    Oct 26 15:15:33 gw user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: OpenVPN 2.1.1 mipsel-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Oct 10 2011
    Oct 26 15:15:33 gw daemon.warn openvpn[2152]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key file
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: LZO compression initialized
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Oct 26 15:15:33 gw daemon.notice openvpn[2152]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: UDPv4 link local: [undef]
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: UDPv4 link remote: RE.DA.CT.ED:5008
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: TLS: Initial packet from RE.DA.CT.ED:5008, sid=8bf08c1b f3c1b640
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: VERIFY OK: depth=1, /C=SE/ST=NA/L=NA/O=my/CN=CA/emailAddress=me@my.com
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: VERIFY OK: nsCertType=SERVER
    Oct 26 15:15:33 gw daemon.notice openvpn[2159]: VERIFY OK: depth=0, /C=SE/ST=NA/O=my/CN=my/emailAddress=me@my.com
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Oct 26 15:15:35 gw daemon.notice openvpn[2159]: [my] Peer Connection Initiated with RE.DA.CT.ED:5008
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: SENT CONTROL [my]: 'PUSH_REQUEST' (status=1)
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: PUSH: Received control message: 'PUSH_REPLY,route 10.50.73.0 255.255.255.0,route 172.16.18.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.18.38 172.16.18.37'
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: OPTIONS IMPORT: timers and/or timeouts modified
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: OPTIONS IMPORT: --ifconfig/up options modified
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: OPTIONS IMPORT: route options modified
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: TUN/TAP device tun11 opened
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: TUN/TAP TX queue length set to 100
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: /sbin/ifconfig tun11 172.16.18.38 pointopoint 172.16.18.37 mtu 1500
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: updown.sh tun11 1500 1542 172.16.18.38 172.16.18.37 init
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: /sbin/route add -net 10.50.73.0 netmask 255.255.255.0 gw 172.16.18.37
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: /sbin/route add -net 172.16.18.1 netmask 255.255.255.255 gw 172.16.18.37
    Oct 26 15:15:37 gw daemon.notice openvpn[2159]: Initialization Sequence Completed
    ---END---

    --Routing Table--
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    172.16.18.1 172.16.18.37 255.255.255.255 UGH 0 0 0 tun11
    172.16.18.37 * 255.255.255.255 UH 0 0 0 tun11
    206.66.66.1 * 255.255.255.255 UH 0 0 0 vlan2
    10.50.73.0 172.16.18.37 255.255.255.0 UG 0 0 0 tun11
    192.168.0.0 * 255.255.255.0 U 0 0 0 br0
    213.113.64.0 * 255.255.254.0 U 0 0 0 vlan2
    127.0.0.0 * 255.0.0.0 U 0 0 0 lo
    default ua-213-113-64-1 0.0.0.0 UG 0 0 0 vlan2
    ---END---

    --
    What can I do make this work?

    why is "Oct 26 15:15:33 gw daemon.notice openvpn[2159]: UDPv4 link local: [undef]" undefined?

    thanks!
     
  26. kthaddock

    kthaddock Network Guru Member

  27. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You either need to select NAT on the client or configure routes on the server for the client (using client-config-dir). The former will give your client LAN access to the server LAN, and the latter will do that plus give your server LAN access to your client LAN.
     
  28. chris neitzert

    chris neitzert Networkin' Nut Member

    thanks, it works now
     
  29. pendetim

    pendetim Addicted to LI Member

    Hi Toastman,
    Can you offer some expert advice, please? I just got a Asus Rt-n12 that I am trying to install Tomato + Openvpn into, I have used 2 Toastman builds and can't seem to make it work. Router seems to accept the firmware but it never stops the slow power light flashing, indicating it is still trying to accept new firmware. If I upload the asus stock firmware all is well. I power off, press the reset button until the power light slow flashes, upload using the Asus recovery utility, it goes through the steps, seems to complete, but slow power flash never stops.
    I have tried the latest toastman Tomato-K26-1.28.7486.4MIPS2-RT-nousb+vpn.trx and the net older build, Tomato-K26-1.28.7486.3MIPS2-RT-nousb+vpn.trx downloaded from the 4share site.

    Am I using the correct files? any ideas?
     
  30. Raganook

    Raganook Addicted to LI Member

    I originally had two posts here trying to figure out how to solve two problems I couldn't find anywhere else. I figured them both out before I got responses. Instead of the long posts, here is a consolidated post with the problems and solutions.

    Problem 1 - A generic TUN VPN between two Tomato VPN routers is established fine, but neither side can ping/communicate with Windows 7 PCs.

    Solution - Windows 7 firewall needs to be configured to allow the VPN in. I don't know if there is a way to specify mac address/port or something very specific, but how I did it is:

    Code:
    Client PC Firewall Setup
    Under scope, remote IP, add "IP/subnet", type:
    
    xxx.xxx.xxx.0/24
    
    Where xxx is your VPN subnet
    Code:
    Server PC Firewall Setup
    Under scope, remote IP, add "IP/subnet", type:
    
    xxx.xxx.xxx.0/24
    
    Enter your Tomato VPN Client Router subnet if you are only doing router-to-router. Enter your VPN subnet if you're using
    OpenVPN instead of tomato. Enter both if you are using both (aka a laptop that's sometimes home, sometimes on the go).
    Problem 2 - After adding user/password auth to the VPN using this conversation with Dagger/Pepper, the Tomato VPN Router needs to be able to "enter" a user/password when connecting.

    Solution - (using modified info from here):
    Client Tomato router uses configuration as per the Dagger/Pepper conversation, but instead of auth-user-pass, writes "auth-user-pass /tmp/openvpn-client1-userpass.conf"

    Client Tomato router adds the following init script:
    Code:
    echo 'USER
    PASSWORD' > /tmp/openvpn-client1-userpass.conf
    
     
  31. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You need to have the user and password in a file (each on a separate line) on the router and specify "auth-user-pass /path/to/file" in the client VPN custom config. You can have that file be on JFFS, CIFS, or generate it in your Init script by echoing it to a file.
     
  32. Dzs3ko

    Dzs3ko Networkin' Nut Member

    Hi!

    I am looking for a solution to be able to use 255.255.255.255 broadcast between openvpn server and clients.
    Guys anybody here were already able to do that ?
    I tried the TAP- UDP bridge way without success.
    My clients are winxp and win7 users.

    On winxp if they set a bridge between openvpn and internet adapter then they were able to use it.
    Is there any other solution ?
     
  33. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Broadcast traffic works across TAP just fine. By what metric do you base the lack of success?
     
  34. wycf

    wycf Network Guru Member

  35. blackjackel

    blackjackel LI Guru Member

    Any chance we could get a gui for policy-based VPN?

    Something that would allow us to direct only certain IP addresses or only certain ports (80...etc) throug the VPN and allow all other traffic to pass unmolested
     
  36. Goggy

    Goggy Network Guru Member

    Hello!

    I'm trying to set up a openvpn-connection (provider: perfect-privacy) but until now i have no success :-(. The vpn-connection works but as soon as the tunnel is up my INet is dead. Here is my config:

    VPNBasic.jpg

    VPNAdvanced.jpg

    There is some data-flow but the counter for "tun/tap write bytes" stays on 0
    VPNStatus.jpg

    Anyone any idea?
    Thx in advance!
     
  37. Goggy

    Goggy Network Guru Member

    No one has an Idea? In the Meantime i tried to set up my own OpenVPN-Server on a VPS. Same as with perfect-privacy. Connecting with the PC directly everything works as expected. Connecting the LAN via Router and nothing works anymore. The Routing-Table would be helpful?

    Thx!
     
  38. andyk

    andyk Serious Server Member

    First, thanks SgtPepperKSU and all who made it possible to get VPN up and running so easily. One question I wonder about is if it's normal for the restart and boot time to take so much longer now?

    I have a WL-520gu, and it's running tomato-NDUSB-1.28.8754-vpn3.6. I have the most basic configuration: check Start with WAN, TAP, Automatic for Firewall, Static Key, and "keepalive 60 86400" in Advanced Custom Configuration.

    When I first clicked on "Start Now", for about the next 3 minutes the router froze and did not respond to ping. If I save other changes, the router would also freeze for about 3 minutes. A reboot now takes about 10 minutes before it would respond to ping. Afterwards, everything works fine and OpenVPN client on PC works great.

    A restart used to come back quickly, and a reboot used to take less than one minute. I do not see anything abnormal in the log (nothing is logged after the normal first minute in a reboot), so I wonder what is going on during the 3 or 9 minutes that makes the router completely unresponsive?

    Especially if you also have a WL-520gu, do you experience the same? Is there a solution to the long restart and boot time?
     
  39. dada124

    dada124 Serious Server Member

    Hi,
    I am using the OpenVPN server and on top the key authentication, I would like to use username/password to increase the security. However there is no GUI in OpenVPN Server tab to add any user like in the PPTP Server tab.

    I used the following tutorial to add user authentication and it worked perfectly (search for auth-user-pass-verify for the relevant code), except this is all command lineā€¦
    The Tutorial (add .html at the end of the link and remove the spaces): todayguesswhat.blogspot.com / 2011/03/quick-simple-vpn-setup-guide-using

    What would you think of grabbing the same GUI as PPTP Server to handle the users and add it into the OpenVPN Server tab as well with the previous logic in?

    Thanks in advance.
     

Share This Page