I have successfully established the connection from siteA (client) --> siteB (server) with no much problem (very much stable that I imagined by the way). Mainly following "ssdnvv" instructions from https://wiki.openwrt.org/doc/howto/open ... rver-setup (both sites running OpenWRT 18.06 with OpenVPN 2.4.5 on routers).
However there are some things weird on the connection I can't figure it out yet.
Code: Select all
Win DesktopA <--> <--> Win DesktopB
Printers <--> VPN-A (Client) <--> RouterA <--> GW-A <--> Internet <--> GW-B <--> VPN&Router-B (Server) <--> Printers
OtherDevices <--> <--> OtherDevices
2. I can connect from Win DesktopA to VPN&RouterB with Putty and run almost every command but with a simple root@VPN&RouterB> cat /etc/config/openvpn it hangs in a way I cannot break, only way to cut it is to close the Putty window. This occurs 100% of the time, not randomly. Excactly the same happens connecting from Win DesktopB to VPN-A. This is done thru the VPN tunnel, but if done locally (even thru the RDC) woks perfect. Meaning no problem with functions like "ls" but don't like a "cat" even with small 8k files.
3. Exactly the same as the point 2 but using WinSCP. I can navigate thru the tree structure but if I try to open a file, I hangs with a message "Host is not communicating for more than 15 seconds. Still waiting... Warning: Aborting this operation will close connection!" only way to escape is closing the connection. Also 100% of the trials, not randomly. Not only Putty, but also WinSCP.
4. With the same logic, I cannot use a Windows Explorer or Samba to transfer files between both sites because it hangs. But if I do it thru the RDC shared clipboard it worked (sadly at 10x slower that using a Win IPSec-L2TP VPN 300Mb took 40mins over OpenVPN instead of the 5 mins ref on the old L2TP tunnel over a 100Mbps both sides from ISP). Must be something related with the connection type and its setup.
Clearly my problem is the VPN Tunnel Setup, but I couldn't track it down yet (nothing in both logs at --verb 3).
Any help really appreciated.
Code: Select all
config openvpn 'VPN&RouterB' #### SERVER ####
option enabled '1'
# Config Type #
#------------------------------------------------
option server '192.168.B.192 255.255.255.248'
option ifconfig '192.168.B.193 255.255.255.248'
option route '192.168.A.0 255.255.255.0'
# Pushed Routes #
#------------------------------------------------
list push 'route 192.168.B.0 255.255.255.0'
list push 'route 192.168.A.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.B.1'
# Client Config #
#------------------------------------------------
option ccd_exclusive '1'
option ifconfig_pool_persist '/etc/openvpn/VPN&RouterB/ccd/ipp.txt'
option client_config_dir '/etc/openvpn/VPN&RouterB/ccd'
# Protocol #
#------------------------------------------------
option dev 'tun0'
option topology 'subnet'
option proto 'udp4'
option port 'myport#'
# Encryption #
#------------------------------------------------
# Certificates & Keys:
option ca '/etc/openvpn/VPN&RouterB/ca.crt'
option cert '/etc/openvpn/VPN&RouterB/VPN&RouterB.crt'
option key '/etc/openvpn/VPN&RouterB/VPN&RouterB.key'
# Diffie-Hellman:
option dh '/etc/openvpn/VPN&RouterB/dh2048.pem'
# SSL:
option cipher 'AES-256-CBC'
option auth 'SHA256'
option tls_auth '/etc/openvpn/VPN&RouterB/tls-auth.key'
# TLS:
option key_direction '0'
option auth_nocache '1'
option tls_server '1'
option tls_version_min '1.2'
option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
option remote_cert_tls 'client'
# CLR:
option crl_verify '/etc/openvpn/VPN&RouterB/crl.pem'
# Reliability #
#------------------------------------------------
option client_to_client '1'
option persist_key '1'
option persist_tun '1'
# Speed #
#------------------------------------------------
option sndbuf '393216'
option rcvbuf '393216'
option fragment '0'
option mssfix '0'
option tun_mtu '48000'
option fast_io '1'
# Pushed Buffers #
#------------------------------------------------
list push 'sndbuf 393216'
list push 'rcvbuf 393216'
# Logging #
#------------------------------------------------
option log_append '/tmp/openvpn-server.log'
option status '/tmp/openvpn-status.log'
option verb '3'
# Permissions #
#------------------------------------------------
option user 'nobody'
option group 'nogroup'
# Other Options #
#------------------------------------------------
option keepalive '10 120'
option compress 'lz4-v2'
config openvpn 'VPN-A' #### CLIENT ####
option enabled '1'
# Config Type #
#------------------------------------------------
option client '1'
list remote 'myserver.ddns.org'
# Protocol #
#------------------------------------------------
option dev 'tun1'
option proto 'udp4'
option port 'myport#'
# Encryption #
#------------------------------------------------
# Certificates & Keys:
option ca '/etc/openvpn/VPN&RouterB/ca.crt'
option cert '/etc/openvpn/VPN&RouterB/VPN-A.crt'
option key '/etc/openvpn/VPN&RouterB/VPN-A.key'
# SSL:
option cipher 'AES-256-CBC'
option auth 'SHA256'
option tls_auth '/etc/openvpn/VPN&RouterB/tls-auth.key'
# TLS:
option key_direction '1'
option auth_nocache '1'
option tls_client '1'
option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
option remote_cert_tls 'server'
# Reliability #
#------------------------------------------------
option float '1'
option nobind '1'
option compress 'lz4-v2'
option persist_key '1'
option persist_tun '1'
option resolv_retry 'infinite'
# Speed #
#------------------------------------------------
option fragment '0'
option mssfix '0'
option tun_mtu '48000'
option reneg_sec '0'
option fast_io '1'
# Logging #
#------------------------------------------------
option log_append '/tmp/openvpn-client.log'
option verb '3'
# Other Options #
#------------------------------------------------
option keepalive '10 120'