Start OpenVPN (WAN bridged to LAN)

Discussion in 'Tomato Firmware' started by arrmo, Sep 24, 2012.

  1. arrmo

    arrmo LI Guru Member


    I have a bit of a strange setup, but I need my WAN port bridged to the LAN - works fine, but OpenVPN doesn't autostart then, as it never sees the WAN come up (is set to start with WAN) ... does anyone know of a workaround for this?

    It's not as simple as just starting openvpn, as "Start Now" from the web interface actually generates the configuration files (so they don't exist otherwise).

  2. maurer

    maurer Network Guru Member

    same issue here...
    any hint would be appreciated !
  3. maurer

    maurer Network Guru Member

    my workaround:
    I've installed entware openvpn on my /opt usb stick.
    copied all from /etc/openvpn to /opt/etc/openvpn when openvpn was running (after I pressed the start button)
    added in Administration->Scripts->Init:
    sleep 11
    /opt/etc/init.d/S20openvpn start
    and /opt/etc/init.d/S20openvpn is:
    # Startup script for openvpn server
    # Make sure IP forwarding is enabled
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Make device if not present (not devfs)
    if ( [ ! -c /dev/net/tun ] ) then
      # Make /dev/net directory if needed
      if ( [ ! -d /dev/net ] ) then
            mkdir -m 755 /dev/net
      mknod /dev/net/tun c 10 200
    # Make sure the tunnel driver is loaded
    if ( !(lsmod | grep -q "^tun") ); then
            insmod /opt/lib/modules/tun
    ARGS="--cd /opt/etc/openvpn/server1 --config config.ovpn"
    PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/u                                                                                                                                                                                              sr/bin:/sbin:/bin
    . /opt/etc/init.d/rc.func
    sleep 5
    brctl addif br0 tap21
    ifconfig tap21 promisc up
    rebooted the router and got the OpenVPN up & running after :)

    courtesy of Openwrt Wiki

  4. arrmo

    arrmo LI Guru Member

    Makes sense, thanks! But is the simpler fix not to have WAN show as coming up? In reality the port is up (and working), it's just bridged to LAN ... but why show WAN as down?

  5. leandroong

    leandroong LI Guru Member

    service vpnserver1 restart
    add this line to firewall script.
  6. arrmo

    arrmo LI Guru Member

    This works, thanks! I was trying to find the command that recreates the openvpn files themselves (as they don't exist on startup) - and this does it.

    Much appreciated!
  7. arrmo

    arrmo LI Guru Member

    Hmmm ... OK, it works manually (telnet), but not from the firewall script. Debugging ... ;-).
  8. maurer

    maurer Network Guru Member

    add to init script instead of firewall
    sleep 10
    /sbin/service vpnserver1 restart
    for me it works
  9. arrmo

    arrmo LI Guru Member

    Yep, works here also. Thanks!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice