I want to make a step-by-step howto to how to manually configure openvpn under OpenWrt 10.03.
I'm almost fully done!
I just got a little bug@the end.
Can someone please help me, how has bigger knowledge in OpenVPN?
The howto/bug@at the end is here:
http://unix.stackexchange.com/questions ... on-openwrt
Thank you in anticipation!
have a nice weekend!
OpenVPN on OpenWrt
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
- krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: OpenVPN on OpenWrt
Your vpn subnet must be different than your LAN subnet.Sat Jul 9 13:14:21 2011 WARNING: potential route subnet conflict between local LAN [192.168.80.0/255.255.255.0] and remote VPN [192.168.80.1/255.255.255.255]
The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS.# shared.key: [???]
Certificate signing request. Basically this is a cert that has not been signed by the CA yet. In the most secure setups key signing would work like this: user generates a key and a csr, user sends csr to the CA, CA signs the csr and sends back a crt, then the user has his private key and crt, but nobody else ever had access to his private key.# client1.csr: [???]
I think your problem is related the the first error above, you need to use a different subnet for LAN than VPN. also, it looks like you're connecting to a local machine (192.168.1.1) which means you need to use the local flag to --redirect-gateway
heres what the manual says about redirect-gateway, look at the local flag:
Code: Select all
--redirect-gateway flags...
(Experimental) Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN.
This option performs three steps:
(1) Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop.
(2) Delete the default gateway route.
(3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).
When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored.
Option flags:
local -- Add the local flag if both OpenVPN servers are directly connected via a common subnet, such as with wireless. The local flag will cause step 1 above to be omitted.
def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway.
bypass-dhcp -- Add a direct route to the DHCP server (if it is non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients).
bypass-dns -- Add a direct route to the DNS server(s) (if they are non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients).
Using the def1 flag is highly recommended.
- krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: OpenVPN on OpenWrt
oh i almost forgot...
when i setup a similar openwrt setup, i had to use -I for my forward rules, not -A
-I inserts in the beginning of the chain, -A appends to the end of it.
you probably need to do the same =]
when i setup a similar openwrt setup, i had to use -I for my forward rules, not -A
-I inserts in the beginning of the chain, -A appends to the end of it.
you probably need to do the same =]