Server on second router in the same LAN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jan 02, 2017 12:35 pm
Server on second router in the same LAN
Hello, I have two routers with OpenWRT and I have OpenVPN server on second one. The way from the internet is: router from ISP -> Linksys with OpenWRT -> TP-Link with OpenWRT and OpenVPN server. All routers are in one LAN (192.168.0.1 ISP -> 192.168.0.3 Linksys -> 192.168.0.2 TP-Link) and I can't connect to the server on TP-Link. I know that redirecting ports doesn't make sense, because there is one subnet so I have to do this with iptables and DNAT / SNAT. I've tried some entries but I'm probably too stupid to make it work Maybe someone has this kind of configuration and knows what to do?
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Server on second router in the same LAN
I guess there's some information about your network missing.
You can't connect to to the openvpn-server in the TP-Link. Where? From outside? From the local lan?
Are the other routers actually routing in the lan or are they acting as servers in the same lan?
If you cannot connect from the local lan, you probably have to search for an issue in the configuration, i guess
You can't connect to to the openvpn-server in the TP-Link. Where? From outside? From the local lan?
Are the other routers actually routing in the lan or are they acting as servers in the same lan?
If you cannot connect from the local lan, you probably have to search for an issue in the configuration, i guess
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jan 02, 2017 12:35 pm
Re: Server on second router in the same LAN
I can't connect from LAN and from outside. ISP router has DMZ set to Linksys. Clients are connected (when in LAN) to Linksys, and from outside I think packets are stopping at Linksys too. So there is a problem in redirecting traffic from Linksys to TP-Link which I can't solve.
- Jlennemann
- OpenVPN User
- Posts: 23
- Joined: Fri Jan 06, 2017 3:19 am
Re: Server on second router in the same LAN
Why do you have two routers on your network?
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jan 02, 2017 12:35 pm
Re: Server on second router in the same LAN
One is main now (Linksys), second works as switch and before I had Linksys it worked as VPN server. Now I want it to still work as this server, but I can't connect...
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Server on second router in the same LAN
Do you have configfiles and logfiles from client and server for us?
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jan 02, 2017 12:35 pm
Re: Server on second router in the same LAN
This is configuration that worked before changes in my LAN. A.B.C.D is my external IP.
Client log
Server Config
mode server
port 1194
proto udp
tls-server
ifconfig 10.8.0.1 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
cipher BF-CBC
keysize 128
dev tun
keepalive 25 180
status /var/openvpn/current_status
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.8.0.1"
push "redirect-gateway def1"
port 1194
proto udp
tls-server
ifconfig 10.8.0.1 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
cipher BF-CBC
keysize 128
dev tun
keepalive 25 180
status /var/openvpn/current_status
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.8.0.1"
push "redirect-gateway def1"
Client Config
client
remote A.B.C.D 1194
dev tun
proto udp
status current_status
resolv-retry infinite
ns-cert-type server
topology subnet
verb 3
cipher BF-CBC
keysize 128
ca ca.crt
cert j7l.crt
key j7l.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
remote A.B.C.D 1194
dev tun
proto udp
status current_status
resolv-retry infinite
ns-cert-type server
topology subnet
verb 3
cipher BF-CBC
keysize 128
ca ca.crt
cert j7l.crt
key j7l.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
Code: Select all
Sat Jan 07 18:26:41 2017 OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 23 2016
Sat Jan 07 18:26:41 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 07 18:26:41 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Sat Jan 07 18:26:41 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sat Jan 07 18:26:41 2017 Need hold release from management interface, waiting...
Sat Jan 07 18:26:41 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sat Jan 07 18:26:41 2017 MANAGEMENT: CMD 'state on'
Sat Jan 07 18:26:41 2017 MANAGEMENT: CMD 'log all on'
Sat Jan 07 18:26:41 2017 MANAGEMENT: CMD 'hold off'
Sat Jan 07 18:26:41 2017 MANAGEMENT: CMD 'hold release'
Sat Jan 07 18:26:41 2017 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jan 07 18:26:41 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 07 18:26:41 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 07 18:26:41 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 07 18:26:41 2017 UDPv4 link local: [undef]
Sat Jan 07 18:26:41 2017 UDPv4 link remote: [AF_INET]A.B.C.D:1194
Sat Jan 07 18:26:41 2017 MANAGEMENT: >STATE:1483810001,WAIT,,,
Sat Jan 07 18:27:41 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 07 18:27:41 2017 TLS Error: TLS handshake failed
Sat Jan 07 18:27:41 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 07 18:27:41 2017 MANAGEMENT: >STATE:1483810061,RECONNECTING,tls-error,,
Sat Jan 07 18:27:41 2017 Restart pause, 2 second(s)
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Server on second router in the same LAN
It looks like the client is sending at least something to te server.
Can you increase the logging (verb 5) and post the logs from both client and server?
There should be a hint there.
Can you increase the logging (verb 5) and post the logs from both client and server?
There should be a hint there.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jan 02, 2017 12:35 pm
Re: Server on second router in the same LAN
How to get server logs? Where are they? I pointed to a file in config file, but nothing appeared there.
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Server on second router in the same LAN
In your posting from january 7 there's no logfile entry, so openvpn logs them to the normal syslog. Depending on your linux distro, it can be in /var/log/daemon.log, /var/log/messages, /var/log/syslog
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Feb 27, 2017 1:32 am
Re: Server on second router in the same LAN
Did you ever solve this? I have a similar issue. I can connect to the OpenVPN server on the second router from within my network, but I cannot reach the server from outside the network. I have ISP modem---->router 1 in subnet 10.168.2.1 ------->router 2 IP in same subnet 10.168.2.2. THey are connected lan to lan. Gateway and DNS on router 2 set to IP of router 1. Port for server in router 2 settings is set to UDP 1195. Exported Config file is using the DDNS setup on router 1 (xxxxxx.asuscomm.com) and port 1195. I also have router 2 in the DMZ of router 1. Any suggestions as to why this doesn't work?