I have created certificates and client configs and set up my server (linksys E1200 with dd-wrt) according to instructions and tweaked my iptables firewall commands to the point where it seems the firewall is no longer blocking the connection (this was a problem for quite a while, but now looks OK). Certificates seem to be verified correctly in the connection process and things look promising up to this error:
Code: Select all
Sun Nov 8 21:52:40 2015 us=935858 /sbin/ip link set dev tun0 up mtu 1500
Sun Nov 8 21:52:40 2015 us=937992 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sun Nov 8 21:52:40 2015 us=940113 /sbin/ip route add 10.8.99.1/24 via 10.8.0.1
RTNETLINK answers: Invalid argument
Sun Nov 8 21:52:40 2015 us=942299 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Nov 8 21:52:40 2015 us=942384 Initialization Sequence Completed
Sun Nov 8 21:52:50 2015 us=399976 write to TUN/TAP : Invalid argument (code=22)Code: Select all
push "route 10.8.99.1 255.255.255.0"
server 10.8.0.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
script-security 3 system
The router's local IP address is 10.8.99.1 and I what I want to achieve is to be able to correct remotely and then access machines on my home LAN behind the router. I am testing by pulling the LAN cable from my client PC and connecting via mobile phone hotspot (to simulate a genuinely remote connection). I am connecting from linux client using sudo openvpn --config lenovo-linux.ovpn. I have a ddns set up to access my dynamic IP and that's working without issue.
For completeness here are the firewall commands:
Code: Select all
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
