i have a router on DD-WRT running open vpn
i have got it to connect for about 10 seconds but then it drops out and reconnects
this is the router config apart from its running tcp as i couldnt get it to work on udp
this is the log file from the android app (i have no idea how to export or find the log file to put op on here other than screenshotting it)
seems im getting a HMAC_ERROR
whats causing it and how do i fix it?
is it something to do with my CN? i followed a tutorial online and it said to make sure they were different for each certificate
error connecting to router running OpenVPN
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: error connecting to router running OpenVPN
Can you post your client config file ?
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: error connecting to router running OpenVPN
i did fix the issue the i had to change the auth from SHA1 to SHA256 and it connects and doesn't drop out
i also cant connect to my lan
im guessing this is some sort of firewall rules our routing i need to setup but i have no idea what needs to happen
im running these rules copied from someone else with my subnet but still not able to connect to lan clients
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp -–dport 1194 -j ACCEPT
iptables -I FORWARD 1 –-source 192.168.10.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
my only issue is now that the phone connects to the vpn but does not route the traffic through it. i done a speed test and it got higher speeds than what my home internet is capable ofclient
dev tun
proto tcp
remote my.ddns.net 1194
nobind
persist-key
persist-tun
verb 4
float
ca ca.crt
cert client1.crt
key client1.key
comp-lzo yes
tun-mtu 1400
auth SHA256
cipher AES-128-CBC
i also cant connect to my lan
im guessing this is some sort of firewall rules our routing i need to setup but i have no idea what needs to happen
im running these rules copied from someone else with my subnet but still not able to connect to lan clients
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp -–dport 1194 -j ACCEPT
iptables -I FORWARD 1 –-source 192.168.10.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: error connecting to router running OpenVPN
when the android phone connects to my openVPN server on the router
i can see its IP on the status tab on the router
i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
i cant ping the phone from my pc
heres the log from the router
i can see its IP on the status tab on the router
i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
i cant ping the phone from my pc
heres the log from the router
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: error connecting to router running OpenVPN
Yes because you have not configured it to do so .. please see:B-Man wrote:my only issue is now that the phone connects to the vpn but does not route the traffic through it.
HOWTO: Routing all client traffic (including web-traffic) through the VPN
You need to be more specific about this .. and also, please see:B-Man wrote:i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
HOWTO: Expanding the scope of the VPN to include additional machines
Bad idea .. always do it yourself then you understand what you are doing a little better.B-Man wrote:im running these rules copied from someone else with my subnet but still not able to connect to lan clients
The recommended command is:B-Man wrote:iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
Code: Select all
iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE
and {output interface} is probably eth0 but you should verify that yourself.
-
- OpenVPN User
- Posts: 30
- Joined: Fri Jan 27, 2017 12:11 pm
Re: error connecting to router running OpenVPN
Thanks i wasnt sure what to do. i appreciate that you gave me the location of what i was looking for
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
but i cant get internet access with push "redirect-gateway def1" enabled
i figure as long as i can connect to my lan then im happy as i can use my PIA VPN if i require so gave up on this one.
i followed that
by using
push "route 10.66.0.0 255.255.255.0"
and enabled IP and TUN/TAP forwarding (the links didnt work but after a quick google worked out what i needed
and seems to work. i can connect to the few devices i have tried to
using WOL doesn't seem to work but i have found a workaround for that by accessing it from my router menu.
how do i know what to use? my bridging shows br0 no vlan1 eth1
either way i seem to have setup the main part of what i was after so thank you very much for your guidance
i implementedTinCanTech wrote:Yes because you have not configured it to do so .. please see:B-Man wrote:my only issue is now that the phone connects to the vpn but does not route the traffic through it.
HOWTO: Routing all client traffic (including web-traffic) through the VPN
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
but i cant get internet access with push "redirect-gateway def1" enabled
i figure as long as i can connect to my lan then im happy as i can use my PIA VPN if i require so gave up on this one.
my phone is connected via OpenVPN Connect to the OpenVPN server running on my routerTinCanTech wrote:You need to be more specific about this .. and also, please see:B-Man wrote:i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
HOWTO: Expanding the scope of the VPN to include additional machines
i followed that
by using
push "route 10.66.0.0 255.255.255.0"
and enabled IP and TUN/TAP forwarding (the links didnt work but after a quick google worked out what i needed
and seems to work. i can connect to the few devices i have tried to
using WOL doesn't seem to work but i have found a workaround for that by accessing it from my router menu.
i know i shouldn't but couldn't really find much info as i wasn't really sure what i was looking for. i figured if it worked then bonus but it didn't. i did start to workout what some of the rules were thoTinCanTech wrote:Bad idea .. always do it yourself then you understand what you are doing a little better.B-Man wrote:i'm running these rules copied from someone else with my subnet but still not able to connect to lan clients
i used eth0 and seems to work.TinCanTech wrote:The recommended command is:B-Man wrote:iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADEwhere {vpn subnet} is (in your case) 192.168.10.0/24Code: Select all
iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE
and {output interface} is probably eth0 but you should verify that yourself.
how do i know what to use? my bridging shows br0 no vlan1 eth1
either way i seem to have setup the main part of what i was after so thank you very much for your guidance