error connecting to router running OpenVPN

[B-Man]

i have a router on DD-WRT running open vpn

i have got it to connect for about 10 seconds but then it drops out and reconnects

this is the router config apart from its running tcp as i couldnt get it to work on udp


this is the log file from the android app (i have no idea how to export or find the log file to put op on here other than screenshotting it)
seems im getting a HMAC_ERROR
whats causing it and how do i fix it?
is it something to do with my CN? i followed a tutorial online and it said to make sure they were different for each certificate

[TinCanTech]

Can you post your client config file ?

[B-Man]

i did fix the issue the i had to change the auth from SHA1 to SHA256 and it connects and doesn't drop out

client
dev tun
proto tcp
remote my.ddns.net 1194
nobind
persist-key
persist-tun
verb 4
float
ca ca.crt
cert client1.crt
key client1.key
comp-lzo yes
tun-mtu 1400
auth SHA256
cipher AES-128-CBC

my only issue is now that the phone connects to the vpn but does not route the traffic through it. i done a speed test and it got higher speeds than what my home internet is capable of
i also cant connect to my lan

im guessing this is some sort of firewall rules our routing i need to setup but i have no idea what needs to happen

im running these rules copied from someone else with my subnet but still not able to connect to lan clients

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp -–dport 1194 -j ACCEPT
iptables -I FORWARD 1 –-source 192.168.10.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

[B-Man]

when the android phone connects to my openVPN server on the router
i can see its IP on the status tab on the router
i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone

i cant ping the phone from my pc

heres the log from the router

[TinCanTech]

my only issue is now that the phone connects to the vpn but does not route the traffic through it.

Yes because you have not configured it to do so .. please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone

You need to be more specific about this .. and also, please see:
HOWTO: Expanding the scope of the VPN to include additional machines

im running these rules copied from someone else with my subnet but still not able to connect to lan clients

Bad idea .. always do it yourself then you understand what you are doing a little better.

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE

The recommended command is:

Code: Select all

iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE

where {vpn subnet} is (in your case) 192.168.10.0/24
and {output interface} is probably eth0 but you should verify that yourself.

[B-Man]

Thanks i wasnt sure what to do. i appreciate that you gave me the location of what i was looking for

my only issue is now that the phone connects to the vpn but does not route the traffic through it.

Yes because you have not configured it to do so .. please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

i implemented

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

but i cant get internet access with push "redirect-gateway def1" enabled
i figure as long as i can connect to my lan then im happy as i can use my PIA VPN if i require so gave up on this one.

i cant ping the router from my phone
i cant ping the vpn server from my phone
i cant ping the PC from my phone

You need to be more specific about this .. and also, please see:
HOWTO: Expanding the scope of the VPN to include additional machines

my phone is connected via OpenVPN Connect to the OpenVPN server running on my router
i followed that
by using
push "route 10.66.0.0 255.255.255.0"
and enabled IP and TUN/TAP forwarding (the links didnt work but after a quick google worked out what i needed

and seems to work. i can connect to the few devices i have tried to
using WOL doesn't seem to work but i have found a workaround for that by accessing it from my router menu.

i'm running these rules copied from someone else with my subnet but still not able to connect to lan clients

Bad idea .. always do it yourself then you understand what you are doing a little better.

i know i shouldn't but couldn't really find much info as i wasn't really sure what i was looking for. i figured if it worked then bonus but it didn't. i did start to workout what some of the rules were tho

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE

The recommended command is:

Code: Select all

iptables -t nat -A POSTROUTING -s {vpn subnet} -o {output interface} -j MASQUERADE

where {vpn subnet} is (in your case) 192.168.10.0/24
and {output interface} is probably eth0 but you should verify that yourself.

i used eth0 and seems to work.
how do i know what to use? my bridging shows br0 no vlan1 eth1


either way i seem to have setup the main part of what i was after so thank you very much for your guidance