First Setup, over 36 hours spent and still not working.

[ngkrich]

Hello,

Completely new to networking and this has somewhat been driving me insane for the better part of 4 days now. I have read 5 tutorials and cannot seem to get any of them to work.



Additional Config

Code: Select all

push "route 10.217.64.55 255.255.255.0"
push "dhcp-options DNS 10.217.64.186"
server 10.217.88.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120

Code for the client

Code: Select all

remote myip 1194
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
float
tun-mtu 1400
ca ca.crt
cert client2.crt
key client2.key

ns-cert-type server
comp-lzo
verb 3

I tried disabling the firewall in DDWRT, but that had no effect. Here are the IPtables I am currently using, though I have tried about 20 iterations.

Code: Select all

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.1/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

I am sure I am doing something hilariously wrong, but I cannot grasp it with all the poor tutorials.

I suspect it has to do with the fact that I can not seem to get a service to see 1194 as if it were open. Despite the fact that I have the IP table configured.

[TiTex]

i don't see compression enabled on your router/server , but present in client config

Code: Select all

comp-lzo

[ngkrich]

i don't see compression enabled on your router/server , but present in client config

Code: Select all

comp-lzo

Good catch, I had it on and turned it off when testing. It still does not work. I can not even get the server to handshake with the client.

Code: Select all

Sun Apr 30 12:19:20 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun Apr 30 12:19:20 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 30 12:19:20 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Apr 30 12:19:20 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 30 12:19:20 2017 Need hold release from management interface, waiting...
Sun Apr 30 12:19:21 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 30 12:19:21 2017 MANAGEMENT: CMD 'state on'
Sun Apr 30 12:19:21 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 30 12:19:21 2017 MANAGEMENT: CMD 'echo all on'
Sun Apr 30 12:19:21 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 30 12:19:21 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 30 12:19:21 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Apr 30 12:19:21 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sun Apr 30 12:19:21 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Sun Apr 30 12:19:21 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 30 12:19:21 2017 UDP link local: (not bound)
Sun Apr 30 12:19:21 2017 UDP link remote: [AF_INET]x.x.x.x:1194
Sun Apr 30 12:19:21 2017 MANAGEMENT: >STATE:1493572761,WAIT,,,,,,

[TiTex]

Sun Apr 30 12:19:21 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)

remove 'tun-mtu 1400' from your config

[ngkrich]

Changed tun to 1500 and then set proto udp to proto udp4 and it worked. It seems that ipv6 will not work properly with my setup :/

[TiTex]

i don't think udp4 has anything to do with it , if i remember it correctly it defaults to ipv4
the issue was with the tun-mtu set on one side to something custom and not set on the other
1500 is the default.