Page 1 of 1

error connecting to router running OpenVPN

Posted: Fri Jan 27, 2017 12:15 pm
by B-Man
i have a router on DD-WRT running open vpn

i have got it to connect for about 10 seconds but then it drops out and reconnects

this is the router config apart from its running tcp as i couldnt get it to work on udp
Image

this is the log file from the android app (i have no idea how to export or find the log file to put op on here other than screenshotting it)
seems im getting a HMAC_ERROR
whats causing it and how do i fix it?
is it something to do with my CN? i followed a tutorial online and it said to make sure they were different for each certificate

Image

Re: error connecting to router running OpenVPN

Posted: Fri Jan 27, 2017 12:19 pm
by TinCanTech
Can you post your client config file ?

Re: error connecting to router running OpenVPN

Posted: Sat Jan 28, 2017 4:55 am
by B-Man
i did fix the issue the i had to change the auth from SHA1 to SHA256 and it connects and doesn't drop out
client
dev tun
proto tcp
remote my.ddns.net 1194
nobind
persist-key
persist-tun
verb 4
float
ca ca.crt
cert client1.crt
key client1.key
comp-lzo yes
tun-mtu 1400
auth SHA256
cipher AES-128-CBC
my only issue is now that the phone connects to the vpn but does not route the traffic through it. i done a speed test and it got higher speeds than what my home internet is capable of
i also cant connect to my lan

im guessing this is some sort of firewall rules our routing i need to setup but i have no idea what needs to happen

im running these rules copied from someone else with my subnet but still not able to connect to lan clients

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp -–dport 1194 -j ACCEPT
iptables -I FORWARD 1 –-source 192.168.10.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Re: error connecting to router running OpenVPN

Posted: Sat Jan 28, 2017 6:39 am
by B-Man
when the android phone connects to my openVPN server on the router
i can see its IP on the status tab on the router
i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone

i cant ping the phone from my pc

heres the log from the router
Image

Re: error connecting to router running OpenVPN

Posted: Sat Jan 28, 2017 11:45 am
by TinCanTech
B-Man wrote:my only issue is now that the phone connects to the vpn but does not route the traffic through it.
Yes because you have not configured it to do so .. please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
B-Man wrote:i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
You need to be more specific about this .. and also, please see:
HOWTO: Expanding the scope of the VPN to include additional machines
B-Man wrote:im running these rules copied from someone else with my subnet but still not able to connect to lan clients
Bad idea .. always do it yourself then you understand what you are doing a little better.
B-Man wrote:iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
The recommended command is:

Code: Select all

iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE
where {vpn subnet} is (in your case) 192.168.10.0/24
and {output interface} is probably eth0 but you should verify that yourself.

Re: error connecting to router running OpenVPN

Posted: Mon Jan 30, 2017 10:48 am
by B-Man
Thanks i wasnt sure what to do. i appreciate that you gave me the location of what i was looking for
TinCanTech wrote:
B-Man wrote:my only issue is now that the phone connects to the vpn but does not route the traffic through it.
Yes because you have not configured it to do so .. please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
i implemented

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

but i cant get internet access with push "redirect-gateway def1" enabled
i figure as long as i can connect to my lan then im happy as i can use my PIA VPN if i require so gave up on this one.

TinCanTech wrote:
B-Man wrote:i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone
You need to be more specific about this .. and also, please see:
HOWTO: Expanding the scope of the VPN to include additional machines
my phone is connected via OpenVPN Connect to the OpenVPN server running on my router
i followed that
by using
push "route 10.66.0.0 255.255.255.0"
and enabled IP and TUN/TAP forwarding (the links didnt work but after a quick google worked out what i needed

and seems to work. i can connect to the few devices i have tried to
using WOL doesn't seem to work but i have found a workaround for that by accessing it from my router menu.

TinCanTech wrote:
B-Man wrote:i'm running these rules copied from someone else with my subnet but still not able to connect to lan clients
Bad idea .. always do it yourself then you understand what you are doing a little better.
i know i shouldn't but couldn't really find much info as i wasn't really sure what i was looking for. i figured if it worked then bonus but it didn't. i did start to workout what some of the rules were tho

TinCanTech wrote:
B-Man wrote:iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
The recommended command is:

Code: Select all

iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE
where {vpn subnet} is (in your case) 192.168.10.0/24
and {output interface} is probably eth0 but you should verify that yourself.
i used eth0 and seems to work.
how do i know what to use? my bridging shows br0 no vlan1 eth1


either way i seem to have setup the main part of what i was after so thank you very much for your guidance