I am unable to get my laptop connected using the OpenVPN 2.2.2 client on the laptop, through my DD-WRT router v24-sp2 (12/20/11) mega - build 18024 while testing inside the house.
OpenVPN 2.2.2 on the Windows 7 x64 laptop
DD-WRT v24-sp2 (12/20/11) mega - build 18024
I generated the keys using easy-rsa on the laptop and added them to DD-WRT Services/VPN/Server setup.
I set the router time to GMT -0 and not -5 due to notes I read about the certificate validation time lag but my laptop is still -5.
Questions
---------
1. Can I even test my laptop connecting OpenVPN via wireless via the router inside my house when it is already connected?
2. See anything obvious wrong keeping me from connecting.
3. Anyone have a good isntall script for WIndows 7 and the latest DD-WRT on an Asus RT-N16?
With the new versions of OpenSSL and DD-WRT the documentation is really inconsistent and out of date.
I could use some help as though a developer, I am not a network expert by any means. I'm not sure what to put for server side subnets and config and firewall commands.
Thanks, Dave
Here is my client config
------------------------
client
dev tun
proto udp
remote [My static IP Address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ..\\easy-rsa\\keys\\ca.crt
cert ..\\easy-rsa\\keys\\davesnotebook.crt
key ..\\easy-rsa\\keys\\davesnotebook.key
cipher BF-CBC
comp-lzo
verb 3
route-delay 15
auth SHA1
Here are my firewall settings
-----------------------------
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.10.10.0/24 -j ACCEPT
#iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
#iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
Here are my VPN settings
------------------------

Here is the client log
----------------------
Mon Apr 30 02:29:26 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built
on Dec 15 2011
Mon Apr 30 02:29:26 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 30 02:29:26 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon Apr 30 02:29:26 2012 LZO compression initialized
Mon Apr 30 02:29:26 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Mon Apr 30 02:29:26 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 30 02:29:26 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Mon Apr 30 02:29:26 2012 Local Options hash (VER=V4): '41690919'
Mon Apr 30 02:29:26 2012 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 30 02:29:26 2012 UDPv4 link local: [undef]
Mon Apr 30 02:29:26 2012 UDPv4 link remote: [My static IP Address]:1194
Mon Apr 30 02:30:27 2012 TLS Error: TLS key negotiation failed to occur within 6
0 seconds (check your network connectivity)
Mon Apr 30 02:30:27 2012 TLS Error: TLS handshake failed
Mon Apr 30 02:30:27 2012 TCP/UDP: Closing socket
Mon Apr 30 02:30:27 2012 SIGUSR1[soft,tls-error] received, process restarting
Mon Apr 30 02:30:27 2012 Restart pause, 2 second(s)
Mon Apr 30 02:30:29 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 30 02:30:29 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon Apr 30 02:30:29 2012 Re-using SSL/TLS context
Mon Apr 30 02:30:29 2012 LZO compression initialized
Mon Apr 30 02:30:29 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Mon Apr 30 02:30:29 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 30 02:30:29 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Mon Apr 30 02:30:29 2012 Local Options hash (VER=V4): '41690919'
Mon Apr 30 02:30:29 2012 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 30 02:30:29 2012 UDPv4 link local: [undef]
Mon Apr 30 02:30:29 2012 UDPv4 link remote: [My static IP Address]:1194
Mon Apr 30 02:37:27 2012 TLS Error: TLS key negotiation failed to occur within 6
0 seconds (check your network connectivity)
Mon Apr 30 02:37:27 2012 TLS Error: TLS handshake failed
Mon Apr 30 02:37:27 2012 TCP/UDP: Closing socket
Mon Apr 30 02:37:27 2012 SIGUSR1[soft,tls-error] received, process restarting
Mon Apr 30 02:37:27 2012 Restart pause, 2 second(s)
Mon Apr 30 02:37:29 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 30 02:37:29 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon Apr 30 02:37:29 2012 Re-using SSL/TLS context
Mon Apr 30 02:37:29 2012 LZO compression initialized
Mon Apr 30 02:37:29 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Mon Apr 30 02:37:29 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 30 02:37:29 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Mon Apr 30 02:37:29 2012 Local Options hash (VER=V4): '41690919'
Mon Apr 30 02:37:29 2012 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 30 02:37:29 2012 UDPv4 link local: [undef]
Mon Apr 30 02:37:29 2012 UDPv4 link remote: [My static IP Address]:1194
Here is the server (DD-WRT) log
-------------------------------
Serverlog 20120430 06:33:05 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] built on Dec 20 2011
20120430 06:33:05 MANAGEMENT: TCP Socket listening on 127.0.0.1:5002
20120430 06:33:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120430 06:33:05 Diffie-Hellman initialized with 1024 bit key
20120430 06:33:05 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120430 06:33:05 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120430 06:33:05 I TUN/TAP device tun0 opened
20120430 06:33:05 TUN/TAP TX queue length set to 100
20120430 06:33:05 I /sbin/ifconfig tun0 10.10.10.1 netmask 255.255.255.0 mtu 1500 broadcast 10.10.10.255
20120430 06:33:05 I /tmp/openvpn/route-up.sh tun0 1500 1542 10.10.10.1 255.255.255.0 init
20120430 06:33:05 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
20120430 06:33:05 I UDPv4 link local (bound): [undef]:1194
20120430 06:33:05 I UDPv4 link remote: [undef]
20120430 06:33:05 MULTI: multi_init called r=256 v=256
20120430 06:33:05 IFCONFIG POOL: base=10.10.10.2 size=252
20120430 06:33:05 IFCONFIG POOL LIST
20120430 06:33:05 I Initialization Sequence Completed
20120430 06:35:19 MANAGEMENT: Client connected from 127.0.0.1:5002
20120430 06:35:19 D MANAGEMENT: CMD 'state'
20120430 06:35:19 MANAGEMENT: Client disconnected
20120430 06:35:19 MANAGEMENT: Client connected from 127.0.0.1:5002
20120430 06:35:19 D MANAGEMENT: CMD 'state'
20120430 06:35:19 MANAGEMENT: Client disconnected
20120430 06:35:19 MANAGEMENT: Client connected from 127.0.0.1:5002
20120430 06:35:19 D MANAGEMENT: CMD 'state'
20120430 06:35:19 MANAGEMENT: Client disconnected
20120430 06:36:21 MULTI: multi_create_instance called
20120430 06:36:21 I 192.168.1.101:62093 Re-using SSL/TLS context
20120430 06:36:21 I 192.168.1.101:62093 LZO compression initialized
20120430 06:36:21 192.168.1.101:62093 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120430 06:36:21 192.168.1.101:62093 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
20120430 06:36:21 192.168.1.101:62093 Local Options String: 'V4 dev-type tun link-mtu 1542 tun-mtu 1500 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120430 06:36:21 192.168.1.101:62093 Expected Remote Options String: 'V4 dev-type tun link-mtu 1542 tun-mtu 1500 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120430 06:36:21 192.168.1.101:62093 Local Options hash (VER=V4): '530fdded'
20120430 06:36:21 192.168.1.101:62093 Expected Remote Options hash (VER=V4): '41690919'
20120430 06:36:21 192.168.1.101:62093 TLS: Initial packet from 192.168.1.101:62093 sid=6b6d513d a42dac3a
20120430 06:36:33 MANAGEMENT: Client connected from 127.0.0.1:5002
20120430 06:36:33 D MANAGEMENT: CMD 'state'
20120430 06:36:33 MANAGEMENT: Client disconnected