TUN connection up between Centos and ASUS 520gu (Tomato VPN)

bobapoka · Post by **bobapoka** » Mon Jan 18, 2010 6:16 pm

Hello,

TUN connection will come up but none of the traffic will go through the tunnel. Attached the config and log as shown below, can someone advise what I did wrong?

// config on tomato, openvpn client //
root@tomato:/tmp/etc/openvpn/client1# more config.ovpn
# Automatically generated configuration
daemon
client
dev tun11
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo no
verb 3
ca ca.crt
cert client.crt
key client.key
status-version 2
status status

# Custom Configuration
keepalive 10 30
float
tun-mtu 1450
mssfix 1400

// openvpn server config //
root@pbx:/etc/openvpn $ more server.conf
port 1194
proto udp
dev tun
tun-mtu 1450
mssfix 1400
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key
dh easy-rsa/keys/dh1024.pem
server 192.168.200.0 255.255.255.224
ifconfig-pool-persist ipp.txt
push "route 192.168.96.0 255.255.255.0"
client-config-dir ccd
route 192.168.30.0 255.255.255.0
client-to-client
push "route 192.168.30.0 255.255.255.0"
keepalive 30 120
#comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4
management localhost 7505

root@pbx:/etc/openvpn/ccd $ more pfsense
iroute 192.168.30.0 255.255.255.0

// traffic status from VPN client (Tomato router) //
Name Value
TUN/TAP read bytes 1443
TUN/TAP write bytes 0 <<<<<<<<< always 0
TCP/UDP read bytes 3848
TCP/UDP write bytes 4584
Auth read bytes 0
pre-compress bytes 0
post-compress bytes 0
pre-decompress bytes 0
post-decompress bytes 0

Current Routing Table
Destination Gateway Subnet Mask Metric Interface
x.x.x.x * 255.255.255.255 0 ppp0
192.168.200.21 * 255.255.255.255 0 tun11
192.168.200.0 192.168.200.21 255.255.255.224 0 tun11
192.168.96.0 192.168.200.21 255.255.255.0 0 tun11
192.168.30.0 * 255.255.255.0 0 br0 (LAN)
127.0.0.0 * 255.0.0.0 0 lo
default x.x.x.x 0.0.0.0 0 ppp0

============ log from both Centos server and Tomato client ==============
// log from server //
Thu Jan 14 16:34:59 2010 us=395847 pfsense/xx.xx.xx.xx:2052 TLS: new session incoming connection from xx.xx.xx.xx:2052
Thu Jan 14 16:35:00 2010 us=580491 pfsense/xx.xx.xx.xx:2052 VERIFY OK: ...
Thu Jan 14 16:35:00 2010 us=580768 pfsense/xx.xx.xx.xx:2052 VERIFY OK: ...
Thu Jan 14 16:35:00 2010 us=635499 pfsense/xx.xx.xx.xx:2052 NOTE: Options consistency check may be skewed by version differences
Thu Jan 14 16:35:00 2010 us=635529 pfsense/xx.xx.xx.xx:2052 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu Jan 14 16:35:00 2010 us=635550 pfsense/xx.xx.xx.xx:2052 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu Jan 14 16:35:00 2010 us=635571 pfsense/xx.xx.xx.xx:2052 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1491'
Thu Jan 14 16:35:00 2010 us=635590 pfsense/xx.xx.xx.xx:2052 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1450'
Thu Jan 14 16:35:00 2010 us=635610 pfsense/xx.xx.xx.xx:2052 WARNING: 'proto' is present in local config but missing in remote config, local='proto UDPv4'
Thu Jan 14 16:35:00 2010 us=635629 pfsense/xx.xx.xx.xx:2052 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Thu Jan 14 16:35:00 2010 us=635648 pfsense/xx.xx.xx.xx:2052 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Thu Jan 14 16:35:00 2010 us=635669 pfsense/xx.xx.xx.xx:2052 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 128'
Thu Jan 14 16:35:00 2010 us=635689 pfsense/xx.xx.xx.xx:2052 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Thu Jan 14 16:35:00 2010 us=635708 pfsense/xx.xx.xx.xx:2052 WARNING: 'tls-client' is present in local config but missing in remote config, local='tls-client'
Thu Jan 14 16:35:00 2010 us=636016 pfsense/xx.xx.xx.xx:2052 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 14 16:35:00 2010 us=636038 pfsense/xx.xx.xx.xx:2052 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 14 16:35:00 2010 us=636122 pfsense/xx.xx.xx.xx:2052 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 14 16:35:00 2010 us=636142 pfsense/xx.xx.xx.xx:2052 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 14 16:35:00 2010 us=636202 pfsense/xx.xx.xx.xx:2052 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Thu Jan 14 16:35:00 2010 us=636388 pfsense/xx.xx.xx.xx:2052 TLS: tls_multi_process: untrusted session promoted to trusted
Thu Jan 14 16:35:00 2010 us=678570 pfsense/xx.xx.xx.xx:2052 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Thu Jan 14 16:35:01 2010 us=868588 pfsense/xx.xx.xx.xx:2052 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jan 14 16:35:01 2010 us=868684 pfsense/xx.xx.xx.xx:2052 SENT CONTROL [pfsense]: 'PUSH_REPLY,route 192.168.96.0 255.255.255.0,route 192.168.200.0 255.255.255.224,ping 30,ping-restart 120,ifconfig 192.168.200.22 192.168.200.21' (status=1)
Thu Jan 14 16:39:55 2010 us=573250 pfsense/xx.xx.xx.xx:2052 [pfsense] Inactivity timeout (--ping-restart), restarting
Thu Jan 14 16:39:55 2010 us=573296 pfsense/xx.xx.xx.xx:2052 SIGUSR1[soft,ping-restart] received, client-instance restarting

// log from tomato //
Jan 14 16:34:59 pfsense daemon.warn openvpn[112]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: Re-using SSL/TLS context
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: LZO compression initialized
Jan 14 16:34:59 pfsense daemon.warn openvpn[112]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1450)
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: Control Channel MTU parms [ L:1492 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: Data Channel MTU parms [ L:1492 D:1400 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: UDPv4 link local: [undef]
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: UDPv4 link remote: yy.yy.yy.yy:1181
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: TLS: Initial packet from yy.yy.yy.yy:1181, sid=ab057317 1d5c0feb
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: VERIFY OK: ...
Jan 14 16:34:59 pfsense daemon.notice openvpn[112]: VERIFY OK: ...
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Jan 14 16:35:00 pfsense daemon.notice openvpn[112]: [mypbx_anh] Peer Connection Initiated with yy.yy.yy.yy:1181
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: SENT CONTROL [mypbx_anh]: 'PUSH_REQUEST' (status=1)
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.96.0 255.255.255.0,route 192.168.200.0 255.255.255.224,ping 30,ping-restart 120,ifconfig 192.168.200.22 192.168.200.21'
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: OPTIONS IMPORT: route options modified
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: Preserving previous TUN/TAP instance: tun11
Jan 14 16:35:02 pfsense daemon.notice openvpn[112]: Initialization Sequence Completed

Post by **krzee** » Wed Jan 27, 2010 10:21 am

configs and logs look good, i think the problem is a firewall

OpenVPN Support Forum

TUN connection up between Centos and ASUS 520gu (Tomato VPN)

TUN connection up between Centos and ASUS 520gu (Tomato VPN)

Re: TUN connection up between Centos and ASUS 520gu (Tomato VPN)