OpenVPN client on DD-WRT

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
pirroncello
OpenVpn Newbie
Posts: 4
Joined: Tue Jan 24, 2023 1:33 am

OpenVPN client on DD-WRT

Post by pirroncello » Thu Mar 23, 2023 3:32 pm

Hi All,

This site has been a wealth of information for me as I am starting as a newbie and setup my own OpenVPN server on Linux Ubuntu and have a bunch of Android and Windows clients that work great via an OVPN file I generate. I am trying to get it working on a Linksys router I installed DD-WRT on it. I can connect but cannot get any data working. Ping fails. Disable VPN and works fine. Can someone please tell me what I am doing wrong? Thank you

Code: Select all

Clientlog:
20230323 09:26:02 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20230323 09:26:02 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20230323 09:26:02 I OpenVPN 2.5.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 3 2020
20230323 09:26:02 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
20230323 09:26:02 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20230323 09:26:02 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20230323 09:26:02 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20230323 09:26:02 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
20230323 09:26:02 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20230323 09:26:02 NOTE: --mute triggered...
20230323 09:26:02 1 variation(s) on previous 3 message(s) suppressed by --mute
20230323 09:26:02 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.98.55.187:1194
20230323 09:26:02 Socket Buffers: R=[114688->114688] S=[114688->114688]
20230323 09:26:02 I UDPv4 link local: (not bound)
20230323 09:26:02 I UDPv4 link remote: [AF_INET]198.98.55.187:1194
20230323 09:26:03 TLS: Initial packet from [AF_INET]198.98.55.187:1194 sid=38cefc24 d444678e
20230323 09:26:03 VERIFY KU OK
20230323 09:26:03 Validating certificate extended key usage
20230323 09:26:03 NOTE: --mute triggered...
20230323 09:26:03 3 variation(s) on previous 3 message(s) suppressed by --mute
20230323 09:26:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:03 D MANAGEMENT: CMD 'state'
20230323 09:26:03 MANAGEMENT: Client disconnected
20230323 09:26:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:03 D MANAGEMENT: CMD 'state'
20230323 09:26:03 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1602' remote='link-mtu 1601'
20230323 09:26:03 W WARNING: 'comp-lzo' is present in local config but missing in remote config local='comp-lzo'
20230323 09:26:03 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 2048 bit RSA
20230323 09:26:03 I [server] Peer Connection Initiated with [AF_INET]198.98.55.187:1194
20230323 09:26:03 MANAGEMENT: Client disconnected
20230323 09:26:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:03 D MANAGEMENT: CMD 'state'
20230323 09:26:03 MANAGEMENT: Client disconnected
20230323 09:26:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:03 D MANAGEMENT: CMD 'status 2'
20230323 09:26:03 MANAGEMENT: Client disconnected
20230323 09:26:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:03 D MANAGEMENT: CMD 'log 500'
20230323 09:26:03 MANAGEMENT: Client disconnected
20230323 09:26:05 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
20230323 09:26:05 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 199.195.255.69 dhcp-option DNS 199.195.255.68 block-outside-dns route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.5 255.255.255.0 peer-id 0'
20230323 09:26:05 N Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.5.0)
20230323 09:26:05 OPTIONS IMPORT: timers and/or timeouts modified
20230323 09:26:05 OPTIONS IMPORT: --ifconfig/up options modified
20230323 09:26:05 OPTIONS IMPORT: route options modified
20230323 09:26:05 NOTE: --mute triggered...
20230323 09:26:05 4 variation(s) on previous 3 message(s) suppressed by --mute
20230323 09:26:05 Using peer cipher 'AES-256-CBC'
20230323 09:26:05 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20230323 09:26:05 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
20230323 09:26:05 NOTE: --mute triggered...
20230323 09:26:05 2 variation(s) on previous 3 message(s) suppressed by --mute
20230323 09:26:05 net_route_v4_best_gw query: dst 0.0.0.0
20230323 09:26:05 net_route_v4_best_gw result: via 69.165.172.49 dev vlan2
20230323 09:26:05 I TUN/TAP device tun1 opened
20230323 09:26:05 I net_iface_mtu_set: mtu 1500 for tun1
20230323 09:26:05 I net_iface_up: set tun1 up
20230323 09:26:05 I net_addr_v4_add: 10.8.0.5/24 dev tun1
20230323 09:26:05 net_route_v4_add: 198.98.55.187/32 via 69.165.172.49 dev [NULL] table 0 metric -1
20230323 09:26:05 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20230323 09:26:05 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
20230323 09:26:05 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20230323 09:26:05 I Initialization Sequence Completed
20230323 09:26:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:16 D MANAGEMENT: CMD 'state'
20230323 09:26:16 MANAGEMENT: Client disconnected
20230323 09:26:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:16 D MANAGEMENT: CMD 'state'
20230323 09:26:16 MANAGEMENT: Client disconnected
20230323 09:26:16 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:16 D MANAGEMENT: CMD 'state'
20230323 09:26:16 MANAGEMENT: Client disconnected
20230323 09:26:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:17 D MANAGEMENT: CMD 'status 2'
20230323 09:26:17 MANAGEMENT: Client disconnected
20230323 09:26:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20230323 09:26:17 D MANAGEMENT: CMD 'log 500'
Settings on the Router
Image
Image

The OVPN file that works

Code: Select all

client
dev tun
proto udp
remote [IP ADDRESS] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[ca redacted]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[cert redacted]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[key redacted]
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
[tls redacted]
-----END OpenVPN Static key V1-----
</tls-crypt>

Again, thank you all for you help here and on other posts as they have been great on my journey!

Post Reply