The provider has given me a username and password along with a ca.cert.
openvpn seems connect when I use openvpn /etc/openvpn/openvpn.conf, but I would never know. because when I go to myipaddress.com, I can see my isp address.
I think I am having a routing issue. I have been searching for a way to get this going, but it seems that I am the only
one who wants my router to connect to a vpn provider. This worked in Windows. I really need help with this. Please some help me out.
Here are my files that I have created or modified
Code: Select all
client
dev tun
proto udp
remote 67.228.228.186 1194
keepalive 10 60
resolv-retry infinite
;persist-key
;persist-tun
ca /etc/easy-rsa/keys/ca.crt
auth-user-pass auth.cfg
;mute 20
comp-lzo
pull
verb 3
Code: Select all
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
# The following chains are for traffic directed at the IP of the
# WAN interface
iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables -A input_wan -p tcp --dport 22 -j ACCEPT
## -- OpenVPN 1194
## -- This allows port 1194 to be answered by (OpenVPN on) the router
iptables -t nat -A prerouting_wan -p udp --dport 1194 -j ACCEPT
iptables -A input_wan -p udp --dport 1194 -j ACCEPT
### Port forwarding
## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
### DMZ
## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables -A forwarding_wan -d 192.168.1.2 -j ACCEPT
### OpenVPN
## -- Routing between the tun and br0 interfaces is allowed
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i br0 -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o br0 -j ACCEPT
Code: Select all
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'dns' '192.168.2.1'
option 'ipaddr' '192.168.2.1'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
option 'mtu' '1400'
config 'switch'
option 'name' 'rtl8366s'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'rtl8366s'
option 'vlan' '1'
option 'ports' '0 1 2 3 5'
config 'interface' 'vpn'
option 'ifname' 'tun0'
option 'proto' 'dhcp'
option 'ipaddr' '10.10.0.0'
option 'netmask' '255.255.255.0'
option 'dns' '192.168.1.1'
config 'interface' 'tap'
option 'ifname' 'tap0'
option 'type' 'bridge'
option 'proto' 'dhcp'
option 'netmask' '255.255.255.0'
option 'dns' '192.168.2.1'
option 'ipaddr' '192.168.2.1'
Code: Select all
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
option 'mtu_fix' '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
config 'rule'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
config 'rule'
option 'src' 'wan'
option 'proto' 'icmp'
option 'icmp_type' 'echo-request'
option 'target' 'ACCEPT'
config 'include'
option 'path' '/etc/firewall.user'
config 'include'
option 'path' '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
config zone
option name vpn
option input ACCEPT
option output ACCEPT
option forward REJECT
# if you use masquerading:
option masq 1
config forwarding
option src lan
option dest vpn
Code: Select all
root@Gargoyle:/etc/openvpn# openvpn /etc/openvpn/openvpn.conf
Sun Sep 26 15:50:56 2010 OpenVPN 2.1.1 mips-openwrt-linux [SSL] [LZO2] built on Aug 4 2010
Sun Sep 26 15:50:56 2010 WARNING: file 'auth.cfg' is group or others accessible
Sun Sep 26 15:50:56 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Sep 26 15:50:56 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 26 15:50:56 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 26 15:50:56 2010 LZO compression initialized
Sun Sep 26 15:50:56 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Sep 26 15:50:56 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 26 15:50:56 2010 Local Options hash (VER=V4): '41690919'
Sun Sep 26 15:50:56 2010 Expected Remote Options hash (VER=V4): '530fdded'
Sun Sep 26 15:50:56 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Sun Sep 26 15:50:56 2010 UDPv4 link local (bound): [undef]:1194
Sun Sep 26 15:50:56 2010 UDPv4 link remote: 67.228.228.186:1194
Sun Sep 26 15:50:56 2010 TLS: Initial packet from 67.228.228.186:1194, sid=6dcf370a 1ba02f33
Sun Sep 26 15:50:56 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 26 15:50:57 2010 VERIFY OK: depth=1, /C=NZ/ST=WLG/L=LowerHutt/O=yes_VPN/CN=yesvpn.net/name=yes_VPN/emailAddress=support_yesvpn.net
Sun Sep 26 15:50:57 2010 VERIFY OK: depth=0, /C=NZ/ST=WLG/L=LowerHutt/O=yes_VPN/CN=us1.yesvpn.net/name=yes_VPN_US1/emailAddress=support@yesvpn.net
Sun Sep 26 15:50:57 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 26 15:50:57 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 26 15:50:57 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 26 15:50:57 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 26 15:50:57 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 26 15:50:57 2010 [us1.yesvpn.net] Peer Connection Initiated with 67.228.228.186:1194
Sun Sep 26 15:51:00 2010 SENT CONTROL [us1.yesvpn.net]: 'PUSH_REQUEST' (status=1)
Sun Sep 26 15:51:00 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DOMAIN lan,dhcp-option DNS 8.8.8.8,route 10.10.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.10.0.14 10.10.0.13'
Sun Sep 26 15:51:00 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 26 15:51:00 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 26 15:51:00 2010 OPTIONS IMPORT: route options modified
Sun Sep 26 15:51:00 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 26 15:51:00 2010 TUN/TAP device tun0 opened
Sun Sep 26 15:51:00 2010 TUN/TAP TX queue length set to 100
Sun Sep 26 15:51:00 2010 /sbin/ifconfig tun0 10.10.0.14 pointopoint 10.10.0.13 mtu 1500
Sun Sep 26 15:51:00 2010 /sbin/route add -net 67.228.228.186 netmask 255.255.255.255 gw 192.168.1.1
Sun Sep 26 15:51:00 2010 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.10.0.13
Sun Sep 26 15:51:00 2010 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.10.0.13
Sun Sep 26 15:51:00 2010 /sbin/route add -net 10.10.0.0 netmask 255.255.255.0 gw 10.10.0.13
Sun Sep 26 15:51:00 2010 Initialization Sequence Completed
Code: Select all
/etc/openvpn$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
67.228.228.186 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
/etc/openvpn$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
67.228.228.186 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
/etc/openvpn$ ifconfig
br-lan Link encap:Ethernet HWaddr 00:18:E7:F0:68:97
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:762 errors:0 dropped:0 overruns:0 frame:0
TX packets:777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:95636 (93.3 KiB) TX bytes:98294 (95.9 KiB)
eth0 Link encap:Ethernet HWaddr 00:18:E7:F0:68:99
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:769 errors:0 dropped:0 overruns:0 frame:0
TX packets:778 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:107630 (105.1 KiB) TX bytes:99337 (97.0 KiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 00:18:E7:F0:68:9A
inet addr:192.168.1.197 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1400 Metric:1
RX packets:624 errors:0 dropped:0 overruns:0 frame:0
TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:88831 (86.7 KiB) TX bytes:35083 (34.2 KiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:66 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5236 (5.1 KiB) TX bytes:5236 (5.1 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 00-18-E7-F0-68-97-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:39 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:18:E7:F0:68:97
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:151 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:34388 (33.5 KiB)