DD-WRT as VPN client

Discussion in 'DD-WRT Firmware' started by kenyloveg, Feb 6, 2010.

  1. kenyloveg

    kenyloveg LI Guru Member

    Hi, fellows
    I'm trying to setup a site to site connection between DD-WRT (client) and Tomato VPN MOD (server).
    Here is my current settings

    1. Tomato 1.25vpn3.4
    Interface Type:TUN
    Protocol: UDP
    Port: 45646
    Firewall: Automatic
    Authorization Mode: TLS
    Extra HMAC authorization (tls-auth): Bi-directional
    VPN subnet/netmask:
    Push LAN to clients: checked
    Direct clients to redirect Internet traffic: Unchecked
    Respond to DNS: Checked
    Advertise DNS to clients: Checked
    Encryption cipher: BF-CBC
    Compression: Adaptive
    TLS Renegotiation Time: -1
    Manage Client-Specific Options: Checked
    Allow Client<->Client: Checked
    Keys tab: all filled with these settings, I can connect from a laptop without any problems, internet traffice does not go to VPN server.
    # Automatically generated configuration
    proto udp
    port 45646
    dev tun21
    cipher BF-CBC
    comp-lzo adaptive
    keepalive 15 60
    verb 3
    push "route"
    client-config-dir ccd
    push "dhcp-option DOMAIN zgqc.3322.org"
    push "dhcp-option WINS"
    push "dhcp-option DNS"
    tls-auth static.key
    ca ca.crt
    dh dh.pem
    cert server.crt
    key server.key
    status-version 2
    status status
    # Custom Configuration
    2. DD-WRT v24-sp2 (01/16/10) std (SVN revision 13637)

    Server IP/Name: tomatovpn.server
    Port: 45646
    TUN MTU Setting: 1500
    TUN MTU Extra: 32
    TCP MSS: 1450
    Use LZO Compression: Enabled
    Tunnel Protocol: UDP
    Tunnel Device: TUN
    nsCertType: Unchcked
    CA Cert, Public Client Cert, Private Client Key all filled
    dev tun
    proto udp
    remote zgqc.3322.org 45646
    resolv-retry infinite
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    ca /tmp/openvpncl/ca.crt
    cert /tmp/openvpncl/client.crt
    key /tmp/openvpncl/client.key
    Well, the error message on server side is
    Feb  5 20:18:35 8230 daemon.err openvpn[92]: TLS Error: cannot locate HMAC in incoming packet from ddwrtvpn.client:32768
    Looks like I'm missing "tls-auth static.key" in DD-WRT site......

    How to add this to the configuration file and survive a reboot?
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I've never used DD-WRT (this question may be better placed in a DD-WRT forum), but I think the DD-WRT wiki covers how to generate custom openvpn configurations. You can create the static.key file in the same manner.

    However, unless you specifically want it, you might just disable "Extra HMAC authorization (tls-auth)" on the server (and the laptop) and be done with it.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice