OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[Solved]Followed OpenWRT tutorials OpenWRT refuse connection

https://forums.openvpn.net/viewtopic.php?t=18475

Page 1 of 4

[Solved]Followed OpenWRT tutorials OpenWRT refuse connection

Posted: Sun Mar 22, 2015 2:29 pm
by JW0914
I've followed the OpenWRT OpenVPN tutorials to the letter, and no matter how many times I redo the VPN setup, OpenWRT refuses to allow clients to connect to tun0 on 1194.


- WRT1900ac, running the latest snapshot trunk build (today's, but this has been occurring for 2+ weeks)
- all certificates and keys correctly set up (ca, server/client crt and key, dh, & ta)
- both server and client config files set up correctly with mirrored options
- tried both tcp, then udp, separately, with both failing when server connection is attempted (tcp says server rejects, udp times out).
- Tunnel [tun0] is set up correctly as I can ping the tunnel subnet [10.10.10.1/24] from within the LAN subnet [192.168.200.0/24]

Followed tutorials:

http://wiki.openwrt.org/doc/howto/vpn.openvpn
http://wiki.openwrt.org/doc/howto/vpn.s ... penvpn.tun
http://wiki.openwrt.org/oldwiki/vpn.server.openvpn.tun

as well as:

https://openvpn.net/index.php/open-sour ... tml#pkcs11
http://joepaetzel.com/2012/07/24/openvp ... eenas-8-2/
http://joepaetzel.com/2014/03/04/secure ... -firewall/
https://forums.freenas.org/index.php?th ... ail.21856/

... and quite a few others, every time the server [wrt1900ac] refuses the connection, even though I've set up the firewall rules exactly as specified in the OpenWRT tutorials.
root@OpenWRT:~# uci show openvpn
openvpn.vpnserver=openvpn
openvpn.vpnserver.enabled=1
openvpn.vpnserver.dev=tun
openvpn.vpnserver.proto=tcp
openvpn.vpnserver.local=192.168.200.1
openvpn.vpnserver.server=10.10.10.0 255.255.255.0
openvpn.vpnserver.port=1194
openvpn.vpnserver.keepalive=10 120
openvpn.vpnserver.push=route 192.168.200.0 255.255.255.0
openvpn.vpnserver.ca=/etc/openvpn/keys/ca.crt
openvpn.vpnserver.cert=/etc/openvpn/keys/OpenWRT-VPNserver.crt
openvpn.vpnserver.key=/etc/openvpn/keys/OpenWRT-VPNserver.key
openvpn.vpnserver.dh=/etc/openvpn/keys/dh2048.pem
openvpn.vpnserver.tls_auth=/etc/openvpn/keys/ta.key 0
openvpn.vpnserver.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.vpnserver.log_append=/tmp/openvpn.log
openvpn.vpnserver.status=/tmp/openvpn-status.log
openvpn.vpnserver.verb=4
openvpn.vpnserver.comp_lzo=yes
openvpn.vpnserver.cipher=AES-256-CBC
openvpn.vpnserver.client_to_client=1
openvpn.vpnserver.persist_key=1
openvpn.vpnserver.persist_tun=1
root@OpenWRT:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=REJECT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].input=REJECT
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=REJECT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan wan6
firewall.@zone[2]=zone
firewall.@zone[2].name=vpn
firewall.@zone[2].input=ACCEPT
firewall.@zone[2].forward=ACCEPT
firewall.@zone[2].output=ACCEPT
firewall.@zone[2].network=vpn0
firewall.@zone[2].masq=1
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-OpenVPN-Inbound
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].dest_port=1194
firewall.@rule[0].family=ipv4
firewall.@rule[0].src=*
firewall.@rule[0].proto=tcp udp
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=wan
firewall.@forwarding[0].src=lan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src=vpn
firewall.@forwarding[1].dest=lan
Client (Windows/Android)
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.crt"
key "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.key"
tls-auth "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ta.key" 1
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 9




#dev tap
#dev-node MyTap
#proto udp
#remote-random
#user nobody
#group nobody
#http-proxy-retry # retry on connection failures
#http-proxy [proxy server] [proxy port #]
#mute 20



I'm really at a loss here, so any opinions would be greatly appreciated. I've tried disabling the router firewall, as well as the firewall on my Nexus 6 [and PC] and the connection is still rejected by the router. I'm missing something here... just not sure exactly what.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 5:12 pm
by maikcat
server logs please?

Michael.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 5:17 pm
by JW0914
sorry, knew I forgot to include something...

OpenWRT Server Log
root@OpenWRT:~# cat /tmp/openvpn.log
Sun Mar 22 10:37:12 2015 us=939715 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 10:37:12 2015 us=940027 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 10:37:13 2015 us=221796 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 10:37:13 2015 us=226338 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 10:37:13 2015 us=226625 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 10:37:13 2015 us=226810 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 10:37:13 2015 us=227014 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 10:37:13 2015 us=227246 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Mar 22 10:37:13 2015 us=229586 TUN/TAP device tun0 opened
Sun Mar 22 10:37:13 2015 us=229817 TUN/TAP TX queue length set to 100
Sun Mar 22 10:37:13 2015 us=230014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 10:37:13 2015 us=230292 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 10:37:13 2015 us=239110 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 10:37:13 2015 us=246118 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 10:37:13 2015 us=246483 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Sun Mar 22 10:37:13 2015 us=246821 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 10:37:13 2015 us=246996 TCPv4_SERVER link remote: [undef]
Sun Mar 22 10:37:13 2015 us=247170 MULTI: multi_init called, r=256 v=256
Sun Mar 22 10:37:13 2015 us=247531 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 10:37:13 2015 us=247748 IFCONFIG POOL LIST
Sun Mar 22 10:37:13 2015 us=248070 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Mar 22 10:37:13 2015 us=248422 Initialization Sequence Completed
Sun Mar 22 12:10:34 2015 us=318425 TCP/UDP: Closing socket
Sun Mar 22 12:10:34 2015 us=318884 /sbin/route del -net 10.10.10.0 netmask 255.255.255.0
Sun Mar 22 12:10:34 2015 us=325572 Closing TUN/TAP interface
Sun Mar 22 12:10:34 2015 us=325944 /sbin/ifconfig tun0 0.0.0.0
Sun Mar 22 12:10:34 2015 us=386731 SIGTERM[hard,] received, process exiting
Sun Mar 22 12:10:34 2015 us=539841 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 12:10:34 2015 us=540130 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 12:10:34 2015 us=821461 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 12:10:34 2015 us=825930 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 12:10:34 2015 us=826157 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:10:34 2015 us=826488 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:10:34 2015 us=826717 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 12:10:34 2015 us=826952 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Mar 22 12:10:34 2015 us=834538 TUN/TAP device tun0 opened
Sun Mar 22 12:10:34 2015 us=834794 TUN/TAP TX queue length set to 100
Sun Mar 22 12:10:34 2015 us=835023 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 12:10:34 2015 us=835327 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 12:10:34 2015 us=858975 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 12:10:34 2015 us=878456 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 12:10:34 2015 us=878893 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Sun Mar 22 12:10:34 2015 us=879215 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 12:10:34 2015 us=879433 TCPv4_SERVER link remote: [undef]
Sun Mar 22 12:10:34 2015 us=879605 MULTI: multi_init called, r=256 v=256
Sun Mar 22 12:10:34 2015 us=879920 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 12:10:34 2015 us=880121 IFCONFIG POOL LIST
Sun Mar 22 12:10:34 2015 us=880440 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Mar 22 12:10:34 2015 us=880915 Initialization Sequence Completed
Client Log (Windows 8.1 Pro x64, same output from Android as well [Nexus 6])
Sun Mar 22 12:16:25 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:16:25 2015 pkcs11_pin_cache_period = -1
Sun Mar 22 12:16:25 2015 pkcs11_id = '[UNDEF]'
Sun Mar 22 12:16:25 2015 pkcs11_id_management = DISABLED
Sun Mar 22 12:16:25 2015 server_network = 0.0.0.0
Sun Mar 22 12:16:25 2015 server_netmask = 0.0.0.0
Sun Mar 22 12:16:25 2015 server_network_ipv6 = ::
Sun Mar 22 12:16:25 2015 server_netbits_ipv6 = 0
Sun Mar 22 12:16:25 2015 server_bridge_ip = 0.0.0.0
Sun Mar 22 12:16:25 2015 server_bridge_netmask = 0.0.0.0
Sun Mar 22 12:16:25 2015 server_bridge_pool_start = 0.0.0.0
Sun Mar 22 12:16:25 2015 server_bridge_pool_end = 0.0.0.0
Sun Mar 22 12:16:25 2015 ifconfig_pool_defined = DISABLED
Sun Mar 22 12:16:25 2015 ifconfig_pool_start = 0.0.0.0
Sun Mar 22 12:16:25 2015 ifconfig_pool_end = 0.0.0.0
Sun Mar 22 12:16:25 2015 ifconfig_pool_netmask = 0.0.0.0
Sun Mar 22 12:16:25 2015 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Mar 22 12:16:25 2015 ifconfig_pool_persist_refresh_freq = 600
Sun Mar 22 12:16:25 2015 ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 22 12:16:25 2015 ifconfig_ipv6_pool_base = ::
Sun Mar 22 12:16:25 2015 ifconfig_ipv6_pool_netbits = 0
Sun Mar 22 12:16:25 2015 n_bcast_buf = 256
Sun Mar 22 12:16:25 2015 tcp_queue_limit = 64
Sun Mar 22 12:16:25 2015 real_hash_size = 256
Sun Mar 22 12:16:25 2015 virtual_hash_size = 256
Sun Mar 22 12:16:25 2015 client_connect_script = '[UNDEF]'
Sun Mar 22 12:16:25 2015 learn_address_script = '[UNDEF]'
Sun Mar 22 12:16:25 2015 client_disconnect_script = '[UNDEF]'
Sun Mar 22 12:16:25 2015 client_config_dir = '[UNDEF]'
Sun Mar 22 12:16:25 2015 ccd_exclusive = DISABLED
Sun Mar 22 12:16:25 2015 tmp_dir = 'C:\Users\James\AppData\Local\Temp\'
Sun Mar 22 12:16:25 2015 push_ifconfig_defined = DISABLED
Sun Mar 22 12:16:25 2015 push_ifconfig_local = 0.0.0.0
Sun Mar 22 12:16:25 2015 push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 22 12:16:25 2015 push_ifconfig_ipv6_defined = DISABLED
Sun Mar 22 12:16:25 2015 push_ifconfig_ipv6_local = ::/0
Sun Mar 22 12:16:25 2015 push_ifconfig_ipv6_remote = ::
Sun Mar 22 12:16:25 2015 enable_c2c = DISABLED
Sun Mar 22 12:16:25 2015 duplicate_cn = DISABLED
Sun Mar 22 12:16:25 2015 cf_max = 0
Sun Mar 22 12:16:25 2015 cf_per = 0
Sun Mar 22 12:16:25 2015 max_clients = 1024
Sun Mar 22 12:16:25 2015 max_routes_per_client = 256
Sun Mar 22 12:16:25 2015 auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 22 12:16:25 2015 auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 22 12:16:25 2015 client = ENABLED
Sun Mar 22 12:16:25 2015 pull = ENABLED
Sun Mar 22 12:16:25 2015 auth_user_pass_file = '[UNDEF]'
Sun Mar 22 12:16:25 2015 show_net_up = DISABLED
Sun Mar 22 12:16:25 2015 route_method = 2
Sun Mar 22 12:16:25 2015 ip_win32_defined = DISABLED
Sun Mar 22 12:16:25 2015 ip_win32_type = 3
Sun Mar 22 12:16:25 2015 dhcp_masq_offset = 0
Sun Mar 22 12:16:25 2015 dhcp_lease_time = 31536000
Sun Mar 22 12:16:25 2015 tap_sleep = 0
Sun Mar 22 12:16:25 2015 dhcp_options = DISABLED
Sun Mar 22 12:16:25 2015 dhcp_renew = DISABLED
Sun Mar 22 12:16:25 2015 dhcp_pre_release = DISABLED
Sun Mar 22 12:16:25 2015 dhcp_release = DISABLED
Sun Mar 22 12:16:25 2015 domain = '[UNDEF]'
Sun Mar 22 12:16:25 2015 netbios_scope = '[UNDEF]'
Sun Mar 22 12:16:25 2015 netbios_node_type = 0
Sun Mar 22 12:16:25 2015 disable_nbt = DISABLED
Sun Mar 22 12:16:25 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Sun Mar 22 12:16:25 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Sun Mar 22 12:16:25 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 22 12:16:25 2015 Need hold release from management interface, waiting...
Sun Mar 22 12:16:25 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 22 12:16:25 2015 MANAGEMENT: CMD 'state on'
Sun Mar 22 12:16:25 2015 MANAGEMENT: CMD 'log all on'
Sun Mar 22 12:16:25 2015 MANAGEMENT: CMD 'hold off'
Sun Mar 22 12:16:25 2015 MANAGEMENT: CMD 'hold release'
Sun Mar 22 12:16:25 2015 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\OpenWRT-VPNserver\ta.key' as a OpenVPN static key file
Sun Mar 22 12:16:25 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:16:25 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:16:25 2015 LZO compression initialized
Sun Mar 22 12:16:25 2015 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 12:16:25 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Mar 22 12:16:25 2015 MANAGEMENT: >STATE:1427044585,RESOLVE,,,
Sun Mar 22 12:16:25 2015 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 12:16:25 2015 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun Mar 22 12:16:25 2015 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun Mar 22 12:16:25 2015 Local Options hash (VER=V4): '2f2c6498'
Sun Mar 22 12:16:25 2015 Expected Remote Options hash (VER=V4): '9915e4a2'
Sun Mar 22 12:16:25 2015 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
Sun Mar 22 12:16:25 2015 MANAGEMENT: >STATE:1427044585,TCP_CONNECT,,,
Sun Mar 22 12:16:35 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Sun Mar 22 12:16:40 2015 MANAGEMENT: >STATE:1427044600,RESOLVE,,,
Sun Mar 22 12:16:40 2015 MANAGEMENT: >STATE:1427044600,TCP_CONNECT,,,
Sun Mar 22 12:16:50 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Sun Mar 22 12:16:55 2015 MANAGEMENT: >STATE:1427044615,RESOLVE,,,
Sun Mar 22 12:16:55 2015 MANAGEMENT: >STATE:1427044615,TCP_CONNECT,,,
Sun Mar 22 12:17:05 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Sun Mar 22 12:17:10 2015 MANAGEMENT: >STATE:1427044630,RESOLVE,,,
Sun Mar 22 12:17:10 2015 MANAGEMENT: >STATE:1427044630,TCP_CONNECT,,,
Sun Mar 22 12:17:20 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 5:24 pm
by maikcat
Sun Mar 22 12:17:20 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
this is not firewall related problem, its win8 + openvpn.

which version did you installed?
can you try to switch to udp?

Michael.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 5:43 pm
by JW0914
maikcat wrote:
Sun Mar 22 12:17:20 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
this is not firewall related problem, its win8 + openvpn.

which version did you installed?
can you try to switch to udp?

Michael.
I originally installed: openvpn-install-2.3.6-I603-x86_64.exe

This morning, I uninstalled that version, restarted, then installed: openvpn-install-2.3.6-I003-x86_64.exe

Both are giving the same output that the "The system tried to join a drive to a directory on a joined drive."

On Android [Nexus 6, using both the latest OpenVPN app, as well most recent version of OpenVPN for Android], the following error is given:
Transport Error: TCP connect error on vpnserver.dyndns-server.com:1194 (WANIP:1194): connection refused
Changing to udp, the server log shows:
root@OpenWRT:~# cat /tmp/openvpn.log
Sun Mar 22 10:37:12 2015 us=939715 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 10:37:12 2015 us=940027 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 10:37:13 2015 us=221796 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 10:37:13 2015 us=226338 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 10:37:13 2015 us=226625 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 10:37:13 2015 us=226810 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 10:37:13 2015 us=227014 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 10:37:13 2015 us=227246 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Mar 22 10:37:13 2015 us=229586 TUN/TAP device tun0 opened
Sun Mar 22 10:37:13 2015 us=229817 TUN/TAP TX queue length set to 100
Sun Mar 22 10:37:13 2015 us=230014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 10:37:13 2015 us=230292 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 10:37:13 2015 us=239110 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 10:37:13 2015 us=246118 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 10:37:13 2015 us=246483 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Sun Mar 22 10:37:13 2015 us=246821 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 10:37:13 2015 us=246996 TCPv4_SERVER link remote: [undef]
Sun Mar 22 10:37:13 2015 us=247170 MULTI: multi_init called, r=256 v=256
Sun Mar 22 10:37:13 2015 us=247531 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 10:37:13 2015 us=247748 IFCONFIG POOL LIST
Sun Mar 22 10:37:13 2015 us=248070 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Mar 22 10:37:13 2015 us=248422 Initialization Sequence Completed
Sun Mar 22 12:10:34 2015 us=318425 TCP/UDP: Closing socket
Sun Mar 22 12:10:34 2015 us=318884 /sbin/route del -net 10.10.10.0 netmask 255.255.255.0
Sun Mar 22 12:10:34 2015 us=325572 Closing TUN/TAP interface
Sun Mar 22 12:10:34 2015 us=325944 /sbin/ifconfig tun0 0.0.0.0
Sun Mar 22 12:10:34 2015 us=386731 SIGTERM[hard,] received, process exiting
Sun Mar 22 12:10:34 2015 us=539841 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 12:10:34 2015 us=540130 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 12:10:34 2015 us=821461 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 12:10:34 2015 us=825930 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 12:10:34 2015 us=826157 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:10:34 2015 us=826488 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:10:34 2015 us=826717 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 12:10:34 2015 us=826952 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Mar 22 12:10:34 2015 us=834538 TUN/TAP device tun0 opened
Sun Mar 22 12:10:34 2015 us=834794 TUN/TAP TX queue length set to 100
Sun Mar 22 12:10:34 2015 us=835023 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 12:10:34 2015 us=835327 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 12:10:34 2015 us=858975 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 12:10:34 2015 us=878456 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 12:10:34 2015 us=878893 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Sun Mar 22 12:10:34 2015 us=879215 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 12:10:34 2015 us=879433 TCPv4_SERVER link remote: [undef]
Sun Mar 22 12:10:34 2015 us=879605 MULTI: multi_init called, r=256 v=256
Sun Mar 22 12:10:34 2015 us=879920 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 12:10:34 2015 us=880121 IFCONFIG POOL LIST
Sun Mar 22 12:10:34 2015 us=880440 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Mar 22 12:10:34 2015 us=880915 Initialization Sequence Completed
Sun Mar 22 12:32:22 2015 us=453182 TCP/UDP: Closing socket
Sun Mar 22 12:32:22 2015 us=453625 /sbin/route del -net 10.10.10.0 netmask 255.255.255.0
Sun Mar 22 12:32:22 2015 us=461364 Closing TUN/TAP interface
Sun Mar 22 12:32:22 2015 us=461622 /sbin/ifconfig tun0 0.0.0.0
Sun Mar 22 12:32:22 2015 us=507186 SIGTERM[hard,] received, process exiting
Sun Mar 22 12:32:22 2015 us=675930 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 12:32:22 2015 us=676229 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 12:32:22 2015 us=966239 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 12:32:22 2015 us=971121 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 12:32:22 2015 us=971357 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:32:22 2015 us=971533 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:32:22 2015 us=971737 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Mar 22 12:32:22 2015 us=971969 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Mar 22 12:32:22 2015 us=980741 TUN/TAP device tun0 opened
Sun Mar 22 12:32:22 2015 us=980961 TUN/TAP TX queue length set to 100
Sun Mar 22 12:32:22 2015 us=981151 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 12:32:22 2015 us=981425 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 12:32:22 2015 us=996389 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 12:32:23 2015 us=6802 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 12:32:23 2015 us=7037 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Sun Mar 22 12:32:23 2015 us=7231 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 12:32:23 2015 us=7361 TCPv4_SERVER link remote: [undef]
Sun Mar 22 12:32:23 2015 us=7506 MULTI: multi_init called, r=256 v=256
Sun Mar 22 12:32:23 2015 us=7778 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 12:32:23 2015 us=7930 IFCONFIG POOL LIST
Sun Mar 22 12:32:23 2015 us=8154 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Mar 22 12:32:23 2015 us=8392 Initialization Sequence Completed
Client Log (Windows)
Sun Mar 22 12:37:54 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_private_mode = 00000000
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 12:37:54 2015 pkcs11_pin_cache_period = -1
Sun Mar 22 12:37:54 2015 pkcs11_id = '[UNDEF]'
Sun Mar 22 12:37:54 2015 pkcs11_id_management = DISABLED
Sun Mar 22 12:37:54 2015 server_network = 0.0.0.0
Sun Mar 22 12:37:54 2015 server_netmask = 0.0.0.0
Sun Mar 22 12:37:54 2015 server_network_ipv6 = ::
Sun Mar 22 12:37:54 2015 server_netbits_ipv6 = 0
Sun Mar 22 12:37:54 2015 server_bridge_ip = 0.0.0.0
Sun Mar 22 12:37:54 2015 server_bridge_netmask = 0.0.0.0
Sun Mar 22 12:37:54 2015 server_bridge_pool_start = 0.0.0.0
Sun Mar 22 12:37:54 2015 server_bridge_pool_end = 0.0.0.0
Sun Mar 22 12:37:54 2015 ifconfig_pool_defined = DISABLED
Sun Mar 22 12:37:54 2015 ifconfig_pool_start = 0.0.0.0
Sun Mar 22 12:37:54 2015 ifconfig_pool_end = 0.0.0.0
Sun Mar 22 12:37:54 2015 ifconfig_pool_netmask = 0.0.0.0
Sun Mar 22 12:37:54 2015 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Mar 22 12:37:54 2015 ifconfig_pool_persist_refresh_freq = 600
Sun Mar 22 12:37:54 2015 ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 22 12:37:54 2015 ifconfig_ipv6_pool_base = ::
Sun Mar 22 12:37:54 2015 ifconfig_ipv6_pool_netbits = 0
Sun Mar 22 12:37:54 2015 n_bcast_buf = 256
Sun Mar 22 12:37:54 2015 tcp_queue_limit = 64
Sun Mar 22 12:37:54 2015 real_hash_size = 256
Sun Mar 22 12:37:54 2015 virtual_hash_size = 256
Sun Mar 22 12:37:54 2015 client_connect_script = '[UNDEF]'
Sun Mar 22 12:37:54 2015 learn_address_script = '[UNDEF]'
Sun Mar 22 12:37:54 2015 client_disconnect_script = '[UNDEF]'
Sun Mar 22 12:37:54 2015 client_config_dir = '[UNDEF]'
Sun Mar 22 12:37:54 2015 ccd_exclusive = DISABLED
Sun Mar 22 12:37:54 2015 tmp_dir = 'C:\Users\James\AppData\Local\Temp\'
Sun Mar 22 12:37:54 2015 push_ifconfig_defined = DISABLED
Sun Mar 22 12:37:54 2015 push_ifconfig_local = 0.0.0.0
Sun Mar 22 12:37:54 2015 push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 22 12:37:54 2015 push_ifconfig_ipv6_defined = DISABLED
Sun Mar 22 12:37:54 2015 push_ifconfig_ipv6_local = ::/0
Sun Mar 22 12:37:54 2015 push_ifconfig_ipv6_remote = ::
Sun Mar 22 12:37:54 2015 enable_c2c = DISABLED
Sun Mar 22 12:37:54 2015 duplicate_cn = DISABLED
Sun Mar 22 12:37:54 2015 cf_max = 0
Sun Mar 22 12:37:54 2015 cf_per = 0
Sun Mar 22 12:37:54 2015 max_clients = 1024
Sun Mar 22 12:37:54 2015 max_routes_per_client = 256
Sun Mar 22 12:37:54 2015 auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 22 12:37:54 2015 auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 22 12:37:54 2015 client = ENABLED
Sun Mar 22 12:37:54 2015 pull = ENABLED
Sun Mar 22 12:37:54 2015 auth_user_pass_file = '[UNDEF]'
Sun Mar 22 12:37:54 2015 show_net_up = DISABLED
Sun Mar 22 12:37:54 2015 route_method = 2
Sun Mar 22 12:37:54 2015 ip_win32_defined = DISABLED
Sun Mar 22 12:37:54 2015 ip_win32_type = 3
Sun Mar 22 12:37:54 2015 dhcp_masq_offset = 0
Sun Mar 22 12:37:54 2015 dhcp_lease_time = 31536000
Sun Mar 22 12:37:54 2015 tap_sleep = 0
Sun Mar 22 12:37:54 2015 dhcp_options = DISABLED
Sun Mar 22 12:37:54 2015 dhcp_renew = DISABLED
Sun Mar 22 12:37:54 2015 dhcp_pre_release = DISABLED
Sun Mar 22 12:37:54 2015 dhcp_release = DISABLED
Sun Mar 22 12:37:54 2015 domain = '[UNDEF]'
Sun Mar 22 12:37:54 2015 netbios_scope = '[UNDEF]'
Sun Mar 22 12:37:54 2015 netbios_node_type = 0
Sun Mar 22 12:37:54 2015 disable_nbt = DISABLED
Sun Mar 22 12:37:54 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Sun Mar 22 12:37:54 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Sun Mar 22 12:37:54 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 22 12:37:54 2015 Need hold release from management interface, waiting...
Sun Mar 22 12:37:54 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 22 12:37:54 2015 MANAGEMENT: CMD 'state on'
Sun Mar 22 12:37:54 2015 MANAGEMENT: CMD 'log all on'
Sun Mar 22 12:37:54 2015 MANAGEMENT: CMD 'hold off'
Sun Mar 22 12:37:54 2015 MANAGEMENT: CMD 'hold release'
Sun Mar 22 12:37:55 2015 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\OpenWRT-VPNserver\ta.key' as a OpenVPN static key file
Sun Mar 22 12:37:55 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:37:55 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 12:37:55 2015 LZO compression initialized
Sun Mar 22 12:37:55 2015 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 22 12:37:55 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Mar 22 12:37:55 2015 MANAGEMENT: >STATE:1427045875,RESOLVE,,,
Sun Mar 22 12:37:55 2015 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 12:37:55 2015 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun Mar 22 12:37:55 2015 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun Mar 22 12:37:55 2015 Local Options hash (VER=V4): '9e7066d2'
Sun Mar 22 12:37:55 2015 Expected Remote Options hash (VER=V4): '162b04de'
Sun Mar 22 12:37:55 2015 UDPv4 link local: [undef]
Sun Mar 22 12:37:55 2015 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sun Mar 22 12:37:55 2015 MANAGEMENT: >STATE:1427045875,WAIT,,,
Sun Mar 22 12:37:55 2015 event_wait returned 3
Sun Mar 22 12:37:55 2015 UDPv4 WRITE [42] to [AF_INET]x.x.x.x:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=9a1777dd 40236cd0 tls_hmac=dbaba66b ade069f4 28cf7b36 bf367f31 13b82d3c pid=[ #1 / time = (1427045875) Sun Mar 22 12:37:55 2015 ] [ ] pid=0 DATA
Sun Mar 22 12:37:55 2015 UDPv4 write returned 42
Sun Mar 22 12:37:55 2015 event_wait returned 2
Sun Mar 22 12:37:55 2015 WIN32 I/O: Socket Completion non-queued error: Invalid argument (WSAEINVAL) (errno=10022)
Sun Mar 22 12:37:55 2015 UDPv4 read returned -1
Sun Mar 22 12:37:55 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 12:37:55 2015 event_wait returned 2
Sun Mar 22 12:37:55 2015 WIN32 I/O: Socket Completion non-queued error: Connection reset by peer (WSAECONNRESET) (errno=10054)
Sun Mar 22 12:37:55 2015 UDPv4 read returned -1
Sun Mar 22 12:37:55 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Mar 22 12:37:55 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 12:37:55 2015 event_wait returned 1
Sun Mar 22 12:37:56 2015 event_wait returned 0
Sun Mar 22 12:37:56 2015 event_wait returned 1
Sun Mar 22 12:37:57 2015 event_wait returned 0
Sun Mar 22 12:37:57 2015 event_wait returned 2
Sun Mar 22 12:37:57 2015 UDPv4 WRITE [42] to [AF_INET]x.x.x.x:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=9a1777dd 40236cd0 tls_hmac=2f46cc07 896468e5 dbc39372 47d53729 8b70f7c9 pid=[ #2 / time = (1427045875) Sun Mar 22 12:37:55 2015 ] [ ] pid=0 DATA
Sun Mar 22 12:37:57 2015 UDPv4 write returned 42
Sun Mar 22 12:37:57 2015 event_wait returned 1
Sun Mar 22 12:37:57 2015 event_wait returned 1
Sun Mar 22 12:37:57 2015 WIN32 I/O: Socket Completion error: Connection reset by peer (WSAECONNRESET) (errno=10054)
Sun Mar 22 12:37:57 2015 UDPv4 read returned -1
Sun Mar 22 12:37:57 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Mar 22 12:37:57 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 12:37:57 2015 event_wait returned 1
Sun Mar 22 12:37:58 2015 event_wait returned 0
Sun Mar 22 12:37:58 2015 event_wait returned 1
Sun Mar 22 12:38:00 2015 event_wait returned 0
Sun Mar 22 12:38:00 2015 event_wait returned 1
I edited all WAN IP listings to "x.x.x.x"


Using Android [Nexus 6], it outputs error:
read UDP [ECONNREFUSED]: Connection refused (code=111)

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 5:59 pm
by JW0914
maikcat wrote: this is not firewall related problem, its win8 + openvpn.
I came across a couple of forum threads that mentioned there was some issues with win8 and openVPN and I followed steps that were given that was said to eliminate that specific issue. The steps were as follows (and is the reason for the uninstall/reinstall this morning):
- open up the network adapters folder applet
- run installer as admin
- set all openvpn exe's to run as administrator in their respective file properties
- set openvpn service to automatic, as well as network connections
- run openvpn as admin and connect successfully (at least those members were able to)

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 7:36 pm
by JW0914
please disregard server and client output in previous post, as I edited the backup conf file instead of the one loaded by openVPN.

After changing to UDP:

Server
root@OpenWRT:~# cat /tmp/openvpn.log
Sun Mar 22 14:29:23 2015 us=68743 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Sun Mar 22 14:29:23 2015 us=69054 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Sun Mar 22 14:29:23 2015 us=363061 Diffie-Hellman initialized with 2048 bit key
Sun Mar 22 14:29:23 2015 us=367716 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Mar 22 14:29:23 2015 us=367946 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 14:29:23 2015 us=368122 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 14:29:23 2015 us=368327 TLS-Auth MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 22 14:29:23 2015 us=368547 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Mar 22 14:29:23 2015 us=376501 TUN/TAP device tun0 opened
Sun Mar 22 14:29:23 2015 us=376793 TUN/TAP TX queue length set to 100
Sun Mar 22 14:29:23 2015 us=377078 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 22 14:29:23 2015 us=377509 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Sun Mar 22 14:29:23 2015 us=396076 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Sun Mar 22 14:29:23 2015 us=402437 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 14:29:23 2015 us=402699 UDPv4 link local (bound): [AF_INET]192.168.200.1:1194
Sun Mar 22 14:29:23 2015 us=402873 UDPv4 link remote: [undef]
Sun Mar 22 14:29:23 2015 us=403053 MULTI: multi_init called, r=256 v=256
Sun Mar 22 14:29:23 2015 us=403461 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Sun Mar 22 14:29:23 2015 us=403671 IFCONFIG POOL LIST
Sun Mar 22 14:29:23 2015 us=403989 Initialization Sequence Completed
Sun Mar 22 14:29:33 2015 us=415337 event_wait returned 0
Client (Windows)
Sun Mar 22 14:32:31 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_protected_authentication = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_private_mode = 00000000
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_cert_private = DISABLED
Sun Mar 22 14:32:31 2015 pkcs11_pin_cache_period = -1
Sun Mar 22 14:32:31 2015 pkcs11_id = '[UNDEF]'
Sun Mar 22 14:32:31 2015 pkcs11_id_management = DISABLED
Sun Mar 22 14:32:31 2015 server_network = 0.0.0.0
Sun Mar 22 14:32:31 2015 server_netmask = 0.0.0.0
Sun Mar 22 14:32:31 2015 server_network_ipv6 = ::
Sun Mar 22 14:32:31 2015 server_netbits_ipv6 = 0
Sun Mar 22 14:32:31 2015 server_bridge_ip = 0.0.0.0
Sun Mar 22 14:32:31 2015 server_bridge_netmask = 0.0.0.0
Sun Mar 22 14:32:31 2015 server_bridge_pool_start = 0.0.0.0
Sun Mar 22 14:32:31 2015 server_bridge_pool_end = 0.0.0.0
Sun Mar 22 14:32:31 2015 ifconfig_pool_defined = DISABLED
Sun Mar 22 14:32:31 2015 ifconfig_pool_start = 0.0.0.0
Sun Mar 22 14:32:31 2015 ifconfig_pool_end = 0.0.0.0
Sun Mar 22 14:32:31 2015 ifconfig_pool_netmask = 0.0.0.0
Sun Mar 22 14:32:31 2015 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Mar 22 14:32:31 2015 ifconfig_pool_persist_refresh_freq = 600
Sun Mar 22 14:32:31 2015 ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 22 14:32:31 2015 ifconfig_ipv6_pool_base = ::
Sun Mar 22 14:32:31 2015 ifconfig_ipv6_pool_netbits = 0
Sun Mar 22 14:32:31 2015 n_bcast_buf = 256
Sun Mar 22 14:32:31 2015 tcp_queue_limit = 64
Sun Mar 22 14:32:31 2015 real_hash_size = 256
Sun Mar 22 14:32:31 2015 virtual_hash_size = 256
Sun Mar 22 14:32:31 2015 client_connect_script = '[UNDEF]'
Sun Mar 22 14:32:31 2015 learn_address_script = '[UNDEF]'
Sun Mar 22 14:32:31 2015 client_disconnect_script = '[UNDEF]'
Sun Mar 22 14:32:31 2015 client_config_dir = '[UNDEF]'
Sun Mar 22 14:32:31 2015 ccd_exclusive = DISABLED
Sun Mar 22 14:32:31 2015 tmp_dir = 'C:\Users\James\AppData\Local\Temp\'
Sun Mar 22 14:32:31 2015 push_ifconfig_defined = DISABLED
Sun Mar 22 14:32:31 2015 push_ifconfig_local = 0.0.0.0
Sun Mar 22 14:32:31 2015 push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 22 14:32:31 2015 push_ifconfig_ipv6_defined = DISABLED
Sun Mar 22 14:32:31 2015 push_ifconfig_ipv6_local = ::/0
Sun Mar 22 14:32:31 2015 push_ifconfig_ipv6_remote = ::
Sun Mar 22 14:32:31 2015 enable_c2c = DISABLED
Sun Mar 22 14:32:31 2015 duplicate_cn = DISABLED
Sun Mar 22 14:32:31 2015 cf_max = 0
Sun Mar 22 14:32:31 2015 cf_per = 0
Sun Mar 22 14:32:31 2015 max_clients = 1024
Sun Mar 22 14:32:31 2015 max_routes_per_client = 256
Sun Mar 22 14:32:31 2015 auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 22 14:32:31 2015 auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 22 14:32:31 2015 client = ENABLED
Sun Mar 22 14:32:31 2015 pull = ENABLED
Sun Mar 22 14:32:31 2015 auth_user_pass_file = '[UNDEF]'
Sun Mar 22 14:32:31 2015 show_net_up = DISABLED
Sun Mar 22 14:32:31 2015 route_method = 2
Sun Mar 22 14:32:31 2015 ip_win32_defined = DISABLED
Sun Mar 22 14:32:31 2015 ip_win32_type = 3
Sun Mar 22 14:32:31 2015 dhcp_masq_offset = 0
Sun Mar 22 14:32:31 2015 dhcp_lease_time = 31536000
Sun Mar 22 14:32:31 2015 tap_sleep = 0
Sun Mar 22 14:32:31 2015 dhcp_options = DISABLED
Sun Mar 22 14:32:31 2015 dhcp_renew = DISABLED
Sun Mar 22 14:32:31 2015 dhcp_pre_release = DISABLED
Sun Mar 22 14:32:31 2015 dhcp_release = DISABLED
Sun Mar 22 14:32:31 2015 domain = '[UNDEF]'
Sun Mar 22 14:32:31 2015 netbios_scope = '[UNDEF]'
Sun Mar 22 14:32:31 2015 netbios_node_type = 0
Sun Mar 22 14:32:31 2015 disable_nbt = DISABLED
Sun Mar 22 14:32:31 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Sun Mar 22 14:32:31 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Sun Mar 22 14:32:31 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 22 14:32:31 2015 Need hold release from management interface, waiting...
Sun Mar 22 14:32:31 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 22 14:32:32 2015 MANAGEMENT: CMD 'state on'
Sun Mar 22 14:32:32 2015 MANAGEMENT: CMD 'log all on'
Sun Mar 22 14:32:32 2015 MANAGEMENT: CMD 'hold off'
Sun Mar 22 14:32:32 2015 MANAGEMENT: CMD 'hold release'
Sun Mar 22 14:32:32 2015 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\OpenWRT-VPNserver\ta.key' as a OpenVPN static key file
Sun Mar 22 14:32:32 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 14:32:32 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 22 14:32:32 2015 LZO compression initialized
Sun Mar 22 14:32:32 2015 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 22 14:32:32 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Mar 22 14:32:32 2015 MANAGEMENT: >STATE:1427052752,RESOLVE,,,
Sun Mar 22 14:32:32 2015 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Mar 22 14:32:32 2015 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun Mar 22 14:32:32 2015 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun Mar 22 14:32:32 2015 Local Options hash (VER=V4): '9e7066d2'
Sun Mar 22 14:32:32 2015 Expected Remote Options hash (VER=V4): '162b04de'
Sun Mar 22 14:32:32 2015 UDPv4 link local: [undef]
Sun Mar 22 14:32:32 2015 UDPv4 link remote: [AF_INET]68.114.212.219:1194
Sun Mar 22 14:32:32 2015 MANAGEMENT: >STATE:1427052752,WAIT,,,
Sun Mar 22 14:32:32 2015 event_wait returned 3
Sun Mar 22 14:32:32 2015 UDPv4 WRITE [42] to [AF_INET]68.114.212.219:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=48c70199 fff916f8 tls_hmac=a880af30 8c5f2d5f 92bb800f 17fda081 8181f860 pid=[ #1 / time = (1427052752) Sun Mar 22 14:32:32 2015 ] [ ] pid=0 DATA
Sun Mar 22 14:32:32 2015 UDPv4 write returned 42
Sun Mar 22 14:32:32 2015 event_wait returned 2
Sun Mar 22 14:32:32 2015 WIN32 I/O: Socket Completion non-queued error: Invalid argument (WSAEINVAL) (errno=10022)
Sun Mar 22 14:32:32 2015 UDPv4 read returned -1
Sun Mar 22 14:32:32 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 14:32:32 2015 event_wait returned 1
Sun Mar 22 14:32:32 2015 event_wait returned 1
Sun Mar 22 14:32:32 2015 WIN32 I/O: Socket Completion error: Connection reset by peer (WSAECONNRESET) (errno=10054)
Sun Mar 22 14:32:32 2015 UDPv4 read returned -1
Sun Mar 22 14:32:32 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Mar 22 14:32:32 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 14:32:32 2015 event_wait returned 1
Sun Mar 22 14:32:33 2015 event_wait returned 0
Sun Mar 22 14:32:33 2015 event_wait returned 1
Sun Mar 22 14:32:34 2015 event_wait returned 0
Sun Mar 22 14:32:34 2015 event_wait returned 2
Sun Mar 22 14:32:34 2015 UDPv4 WRITE [42] to [AF_INET]68.114.212.219:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=48c70199 fff916f8 tls_hmac=01faf748 572b97fd 2a9cd401 fba7b9aa 2e1bf430 pid=[ #2 / time = (1427052752) Sun Mar 22 14:32:32 2015 ] [ ] pid=0 DATA
Sun Mar 22 14:32:34 2015 UDPv4 write returned 42
Sun Mar 22 14:32:34 2015 event_wait returned 1
Sun Mar 22 14:32:34 2015 event_wait returned 1
Sun Mar 22 14:32:34 2015 WIN32 I/O: Socket Completion error: Connection reset by peer (WSAECONNRESET) (errno=10054)
Sun Mar 22 14:32:34 2015 UDPv4 read returned -1
Sun Mar 22 14:32:34 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Mar 22 14:32:34 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 14:32:34 2015 event_wait returned 1
Sun Mar 22 14:32:36 2015 event_wait returned 0
Sun Mar 22 14:32:36 2015 event_wait returned 1
Sun Mar 22 14:32:37 2015 event_wait returned 0
Sun Mar 22 14:32:37 2015 event_wait returned 1
Sun Mar 22 14:32:38 2015 event_wait returned 0
Sun Mar 22 14:32:38 2015 event_wait returned 2
Sun Mar 22 14:32:38 2015 UDPv4 WRITE [42] to [AF_INET]68.114.212.219:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=48c70199 fff916f8 tls_hmac=1f8549bc ed05217d 632ec6ea 0f2aec28 4d2a6b3b pid=[ #3 / time = (1427052752) Sun Mar 22 14:32:32 2015 ] [ ] pid=0 DATA
Sun Mar 22 14:32:38 2015 UDPv4 write returned 42
Sun Mar 22 14:32:38 2015 event_wait returned 1
Sun Mar 22 14:32:38 2015 event_wait returned 1
Sun Mar 22 14:32:38 2015 WIN32 I/O: Socket Completion error: Connection reset by peer (WSAECONNRESET) (errno=10054)
Sun Mar 22 14:32:38 2015 UDPv4 read returned -1
Sun Mar 22 14:32:38 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Mar 22 14:32:38 2015 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Sun Mar 22 14:32:38 2015 event_wait returned 1
Sun Mar 22 14:32:39 2015 event_wait returned 0
Sun Mar 22 14:32:39 2015 event_wait returned 1
Sun Mar 22 14:32:40 2015 event_wait returned 0
Sun Mar 22 14:32:40 2015 event_wait returned 1
Sun Mar 22 14:32:41 2015 event_wait returned 0
Sun Mar 22 14:32:41 2015 event_wait returned 1
Sun Mar 22 14:32:43 2015 event_wait returned 0
Sun Mar 22 14:32:43 2015 event_wait returned 1
Sun Mar 22 14:32:44 2015 event_wait returned 0
Sun Mar 22 14:32:44 2015 event_wait returned 1
Android (Nexus 6)
2015-03-22 14:33:23 Running on Nexus 6 (shamu) google, Android API 21, version 0.6.29, official build
2015-03-22 14:33:23 Log cleared.
2015-03-22 14:33:25 Building configuration…
2015-03-22 14:33:27 started Socket Thread
2015-03-22 14:33:27 Network Status: CONNECTED LTE to MOBILE VZWINTERNET
2015-03-22 14:33:27 Current Parameter Settings:
2015-03-22 14:33:27 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-03-22 14:33:27 mode = 0
2015-03-22 14:33:27 show_ciphers = DISABLED
2015-03-22 14:33:27 show_digests = DISABLED
2015-03-22 14:33:27 show_engines = DISABLED
2015-03-22 14:33:27 genkey = DISABLED
2015-03-22 14:33:27 key_pass_file = '[UNDEF]'
2015-03-22 14:33:27 show_tls_ciphers = DISABLED
2015-03-22 14:33:27 connect_retry_max = 5
2015-03-22 14:33:27 Connection profiles [0]:
2015-03-22 14:33:27 proto = udp
2015-03-22 14:33:27 local = '[UNDEF]'
2015-03-22 14:33:27 local_port = '[UNDEF]'
2015-03-22 14:33:27 remote = 'vpnserver.dyndns-server.com'
2015-03-22 14:33:27 remote_port = '1194'
2015-03-22 14:33:27 remote_float = DISABLED
2015-03-22 14:33:27 bind_defined = DISABLED
2015-03-22 14:33:27 bind_local = DISABLED
2015-03-22 14:33:27 bind_ipv6_only = DISABLED
2015-03-22 14:33:27 connect_retry_seconds = 5
2015-03-22 14:33:27 connect_timeout = 10
2015-03-22 14:33:27 socks_proxy_server = '[UNDEF]'
2015-03-22 14:33:27 socks_proxy_port = '[UNDEF]'
2015-03-22 14:33:27 socks_proxy_retry = DISABLED
2015-03-22 14:33:27 tun_mtu = 1500
2015-03-22 14:33:27 tun_mtu_defined = ENABLED
2015-03-22 14:33:27 link_mtu = 1500
2015-03-22 14:33:27 link_mtu_defined = DISABLED
2015-03-22 14:33:27 tun_mtu_extra = 0
2015-03-22 14:33:27 tun_mtu_extra_defined = DISABLED
2015-03-22 14:33:27 mtu_discover_type = -1
2015-03-22 14:33:27 fragment = 0
2015-03-22 14:33:27 mssfix = 1450
2015-03-22 14:33:27 explicit_exit_notification = 0
2015-03-22 14:33:27 Connection profiles END
2015-03-22 14:33:27 remote_random = DISABLED
2015-03-22 14:33:27 ipchange = '[UNDEF]'
2015-03-22 14:33:27 dev = 'tun'
2015-03-22 14:33:27 dev_type = '[UNDEF]'
2015-03-22 14:33:27 dev_node = '[UNDEF]'
2015-03-22 14:33:27 lladdr = '[UNDEF]'
2015-03-22 14:33:27 topology = 1
2015-03-22 14:33:27 tun_ipv6 = DISABLED
2015-03-22 14:33:27 ifconfig_local = '[UNDEF]'
2015-03-22 14:33:27 ifconfig_remote_netmask = '[UNDEF]'
2015-03-22 14:33:27 ifconfig_noexec = DISABLED
2015-03-22 14:33:27 ifconfig_nowarn = ENABLED
2015-03-22 14:33:27 ifconfig_ipv6_local = '[UNDEF]'
2015-03-22 14:33:27 ifconfig_ipv6_netbits = 0
2015-03-22 14:33:27 ifconfig_ipv6_remote = '[UNDEF]'
2015-03-22 14:33:27 shaper = 0
2015-03-22 14:33:27 mtu_test = 0
2015-03-22 14:33:27 mlock = DISABLED
2015-03-22 14:33:27 keepalive_ping = 0
2015-03-22 14:33:27 keepalive_timeout = 0
2015-03-22 14:33:27 inactivity_timeout = 0
2015-03-22 14:33:27 ping_send_timeout = 0
2015-03-22 14:33:27 ping_rec_timeout = 0
2015-03-22 14:33:27 ping_rec_timeout_action = 0
2015-03-22 14:33:27 ping_timer_remote = DISABLED
2015-03-22 14:33:27 remap_sigusr1 = 0
2015-03-22 14:33:27 persist_tun = ENABLED
2015-03-22 14:33:27 persist_local_ip = DISABLED
2015-03-22 14:33:27 persist_remote_ip = DISABLED
2015-03-22 14:33:27 persist_key = DISABLED
2015-03-22 14:33:27 passtos = DISABLED
2015-03-22 14:33:27 resolve_retry_seconds = 1000000000
2015-03-22 14:33:27 resolve_in_advance = ENABLED
2015-03-22 14:33:27 username = '[UNDEF]'
2015-03-22 14:33:27 groupname = '[UNDEF]'
2015-03-22 14:33:27 chroot_dir = '[UNDEF]'
2015-03-22 14:33:27 cd_dir = '[UNDEF]'
2015-03-22 14:33:27 writepid = '[UNDEF]'
2015-03-22 14:33:27 up_script = '[UNDEF]'
2015-03-22 14:33:27 down_script = '[UNDEF]'
2015-03-22 14:33:27 down_pre = DISABLED
2015-03-22 14:33:27 up_restart = DISABLED
2015-03-22 14:33:27 up_delay = DISABLED
2015-03-22 14:33:27 daemon = DISABLED
2015-03-22 14:33:27 inetd = 0
2015-03-22 14:33:27 log = DISABLED
2015-03-22 14:33:27 suppress_timestamps = DISABLED
2015-03-22 14:33:27 machine_readable_output = ENABLED
2015-03-22 14:33:27 nice = 0
2015-03-22 14:33:27 verbosity = 4
2015-03-22 14:33:27 mute = 0
2015-03-22 14:33:27 gremlin = 0
2015-03-22 14:33:27 status_file = '[UNDEF]'
2015-03-22 14:33:27 status_file_version = 1
2015-03-22 14:33:27 status_file_update_freq = 60
2015-03-22 14:33:27 occ = ENABLED
2015-03-22 14:33:27 rcvbuf = 65536
2015-03-22 14:33:27 sndbuf = 65536
2015-03-22 14:33:27 sockflags = 0
2015-03-22 14:33:27 fast_io = DISABLED
2015-03-22 14:33:27 comp.alg = 2
2015-03-22 14:33:27 comp.flags = 1
2015-03-22 14:33:27 route_script = '[UNDEF]'
2015-03-22 14:33:27 route_default_gateway = '[UNDEF]'
2015-03-22 14:33:27 route_default_metric = 0
2015-03-22 14:33:27 route_noexec = DISABLED
2015-03-22 14:33:27 route_delay = 0
2015-03-22 14:33:27 route_delay_window = 30
2015-03-22 14:33:27 route_delay_defined = DISABLED
2015-03-22 14:33:27 route_nopull = DISABLED
2015-03-22 14:33:27 route_gateway_via_dhcp = DISABLED
2015-03-22 14:33:27 allow_pull_fqdn = DISABLED
2015-03-22 14:33:27 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-03-22 14:33:27 management_port = 'unix'
2015-03-22 14:33:27 management_user_pass = '[UNDEF]'
2015-03-22 14:33:27 management_log_history_cache = 250
2015-03-22 14:33:27 management_echo_buffer_size = 100
2015-03-22 14:33:27 management_write_peer_info_file = '[UNDEF]'
2015-03-22 14:33:27 management_client_user = '[UNDEF]'
2015-03-22 14:33:27 management_client_group = '[UNDEF]'
2015-03-22 14:33:27 management_flags = 806
2015-03-22 14:33:27 shared_secret_file = '[UNDEF]'
2015-03-22 14:33:27 key_direction = 2
2015-03-22 14:33:27 ciphername_defined = ENABLED
2015-03-22 14:33:27 ciphername = 'AES-256-CBC'
2015-03-22 14:33:27 authname_defined = ENABLED
2015-03-22 14:33:27 authname = 'SHA1'
2015-03-22 14:33:27 prng_hash = 'SHA1'
2015-03-22 14:33:27 prng_nonce_secret_len = 16
2015-03-22 14:33:27 keysize = 0
2015-03-22 14:33:27 engine = DISABLED
2015-03-22 14:33:27 replay = ENABLED
2015-03-22 14:33:27 mute_replay_warnings = ENABLED
2015-03-22 14:33:27 replay_window = 64
2015-03-22 14:33:27 replay_time = 15
2015-03-22 14:33:27 packet_id_file = '[UNDEF]'
2015-03-22 14:33:27 use_iv = ENABLED
2015-03-22 14:33:27 test_crypto = DISABLED
2015-03-22 14:33:27 tls_server = DISABLED
2015-03-22 14:33:27 tls_client = ENABLED
2015-03-22 14:33:27 key_method = 2
2015-03-22 14:33:27 ca_file = '[[INLINE]]'
2015-03-22 14:33:27 ca_path = '[UNDEF]'
2015-03-22 14:33:27 dh_file = '[UNDEF]'
2015-03-22 14:33:27 cert_file = '[[INLINE]]'
2015-03-22 14:33:27 "priv_key_file" = EXTERNAL_PRIVATE_KEY
2015-03-22 14:33:27 pkcs12_file = '[UNDEF]'
2015-03-22 14:33:27 cipher_list = '[UNDEF]'
2015-03-22 14:33:27 tls_verify = '[UNDEF]'
2015-03-22 14:33:27 tls_export_cert = '[UNDEF]'
2015-03-22 14:33:27 verify_x509_type = 0
2015-03-22 14:33:27 verify_x509_name = '[UNDEF]'
2015-03-22 14:33:27 crl_file = '[UNDEF]'
2015-03-22 14:33:27 ns_cert_type = 1
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_ku[i] = 0
2015-03-22 14:33:27 remote_cert_eku = '[UNDEF]'
2015-03-22 14:33:27 ssl_flags = 0
2015-03-22 14:33:27 tls_timeout = 2
2015-03-22 14:33:27 renegotiate_bytes = 0
2015-03-22 14:33:27 renegotiate_packets = 0
2015-03-22 14:33:27 renegotiate_seconds = 3600
2015-03-22 14:33:27 handshake_window = 60
2015-03-22 14:33:27 transition_window = 3600
2015-03-22 14:33:27 single_session = DISABLED
2015-03-22 14:33:27 push_peer_info = DISABLED
2015-03-22 14:33:27 tls_exit = DISABLED
2015-03-22 14:33:27 tls_auth_file = '[[INLINE]]'
2015-03-22 14:33:27 client = ENABLED
2015-03-22 14:33:27 pull = ENABLED
2015-03-22 14:33:27 auth_user_pass_file = '[UNDEF]'
2015-03-22 14:33:27 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_629-4c6f7f0d16e1a6b3] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 24 2015
2015-03-22 14:33:27 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07
2015-03-22 14:33:27 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-03-22 14:33:27 MANAGEMENT: CMD 'hold release'
2015-03-22 14:33:27 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-22 14:33:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-22 14:33:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-22 14:33:27 LZO compression initializing
2015-03-22 14:33:27 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
2015-03-22 14:33:27 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:3 ]
2015-03-22 14:33:27 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-22 14:33:27 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-22 14:33:27 Local Options hash (VER=V4): '9e7066d2'
2015-03-22 14:33:27 Expected Remote Options hash (VER=V4): '162b04de'
2015-03-22 14:33:27 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-22 14:33:27 Socket Buffers: R=[163840->131072] S=[163840->131072]
2015-03-22 14:33:27 Protecting socket fd 4
2015-03-22 14:33:27 MANAGEMENT: CMD 'bytecount 2'
2015-03-22 14:33:27 MANAGEMENT: CMD 'state on'
2015-03-22 14:33:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-22 14:33:27 UDP link local: (not bound)
2015-03-22 14:33:27 UDP link remote: [AF_INET]68.114.212.219:1194
2015-03-22 14:33:27 MANAGEMENT: >STATE:1427052807,WAIT,,,
2015-03-22 14:33:27 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:33:29 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:33:34 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:33:42 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:33:58 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:34:27 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2015-03-22 14:34:27 TLS Error: TLS handshake failed
2015-03-22 14:34:27 TCP/UDP: Closing socket
2015-03-22 14:34:27 SIGUSR1[soft,tls-error] received, process restarting
2015-03-22 14:34:27 MANAGEMENT: >STATE:1427052867,RECONNECTING,tls-error,,
2015-03-22 14:34:27 MANAGEMENT: CMD 'hold release'
2015-03-22 14:34:27 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-22 14:34:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-22 14:34:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-22 14:34:27 LZO compression initializing
2015-03-22 14:34:27 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
2015-03-22 14:34:27 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:3 ]
2015-03-22 14:34:27 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-22 14:34:27 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-22 14:34:27 Local Options hash (VER=V4): '9e7066d2'
2015-03-22 14:34:27 Expected Remote Options hash (VER=V4): '162b04de'
2015-03-22 14:34:27 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-22 14:34:27 Socket Buffers: R=[163840->131072] S=[163840->131072]
2015-03-22 14:34:27 Protecting socket fd 4
2015-03-22 14:34:27 MANAGEMENT: CMD 'bytecount 2'
2015-03-22 14:34:27 MANAGEMENT: CMD 'state on'
2015-03-22 14:34:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-22 14:34:27 UDP link local: (not bound)
2015-03-22 14:34:27 UDP link remote: [AF_INET]68.114.212.219:1194
2015-03-22 14:34:27 MANAGEMENT: >STATE:1427052867,WAIT,,,
2015-03-22 14:34:28 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:34:29 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-03-22 14:34:33 read UDP [ECONNREFUSED]: Connection refused (code=111)


Errors appear to be the same, however since I can't see any of my prior posts yet, I wanted to post the above in case anything differed

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 8:08 pm
by Traffic
maikcat wrote:Quote:
Sun Mar 22 12:17:20 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.


this is not firewall related problem, its win8 + openvpn.
where did this come from ?
maikcat wrote:can you try to switch to udp
Stick with TCP until the problem is resolved as it is easier to trouble shoot.
JW0914 wrote:both failing when server connection is attempted (tcp says server rejects, udp times out).
This strongly suggests your WRT Firewall is blocking your openvpn client.
JW0914 wrote:Tunnel [tun0] is set up correctly as I can ping the tunnel subnet [10.10.10.1/24] from within the LAN subnet [192.168.200.0/24]
You can ping the tunnel subnet from the LAN but not connect to your VPN server ... ? How are you doing that from the WRT router ?

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Sun Mar 22, 2015 8:15 pm
by JW0914
this is not firewall related problem, its win8 + openvpn.
where did this come from ?
Whomever moderates this section hasn't approved my posts (not sure why there's an enormous lag in approval), which is why you can't see the posts he quoted from (my guess is since he's on the forum team, he was able to see them)
This strongly suggests your WRT Firewall is blocking your openvpn client.
Per my original post, you can see the firewall should not be blocking any inbound traffic on 1194. As also was mentioned in the original post, disabling the firewall on both the router and PC/Nexus 6 results in the same exact error, meaning it's not the firewall.
You can ping the tunnel subnet from the LAN but not connect to your VPN server ... ? How are you doing that from the WRT router ?
I can ping the VPN subnet via any device on the LAN, which should be able to be done and demonstrates the error is not with the tunnel itself.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 5:31 am
by JW0914
@maikcat

There's two issues I was hoping you might be able to help with since you're on the forum team:

1. I need the second account I created to be removed/deleted (JWO914 - "O" not zero). I created it because when I went to login this morning, my password wasn't recognized. I could have sworn I registered before, so I clicked on forgot password, but I never received an email. This led me to believe I didn't register before and I created the new account. I then realized tonight I must have mistyped the password for the original account (JW0914 - zero, not "O"), as I was able to log in.

2. All of my posts and replies are requiring reviews and I was curious why this is occurring. If there's anything I can do so that replies are posted w/o review please let me know as posts that were posted 12+ hours ago are still not posted and its preventing me from being able to troubleshoot the issue I'm having.

Thanks for taking the time =]

(Once addressed, I'll delete this post, as I'm only posting here because I can't PM and I wasn't able to find an email address to contact forum Adkins or webmasters)

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 12:26 pm
by Traffic
JW0914 wrote:All of my posts and replies are requiring reviews and I was curious why this is occurring
due to spam monkeys all new posts are reviewed ..
JW0914 wrote:Once addressed, I'll delete this post
You cannot .. same as above.

Re: WRT.

I have just setup an openwrt/openvpn connection no problem.

The only rule required (from default) was to forward the external vpn port (1194) to the LAN address as that is where my Openvpn is configured to listen.

Yours:
JW0914 wrote:openvpn.vpnserver.local=192.168.200.1
also appears to be listening on the LAN address .. so:

what is output of netstat -antup

Under >network/firewall/port-forward: make rule to forward external port 1194 to LAN address.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 12:44 pm
by maikcat
Whomever moderates this section hasn't approved my posts (not sure why there's an enormous lag in approval),
There is a lag because mods (like me) are volunteers and they also do have a full time job and a family.

have a nice day.

Michael.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 1:19 pm
by JW0914
maikcat wrote:There is a lag because mods (like me) are volunteers and they also do have a full time job and a family.
@maikcat, My post wasn't intended to be rude or disrespectful, and I apologize as it appears that came across differently than I had intended. I wasn't aware, until @Traffic mentioned it in their prior post, that all posts were reviewed due to OpenVPN having a major problem with spamming.
Traffic wrote: what is output of netstat -antup

Under >network/firewall/port-forward: make rule to forward external port 1194 to LAN address.


I deleted all prior forwarding and input rules in firewall, added the forward, however, it's still providing the same errors as before.

netstat -antup
root@OpenWRT:~# netstat -antup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.200.1:1194 0.0.0.0:* LISTEN 1921/openvpn
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1877/smbd
tcp 0 0 192.168.200.1:2222 0.0.0.0:* LISTEN 1399/dropbear
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2438/uhttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2061/dnsmasq
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1877/smbd
tcp 0 248 192.168.200.1:2222 192.168.200.15:53081 ESTABLISHED 2394/dropbear
tcp 0 0 127.0.0.1:80 127.0.0.1:44567 TIME_WAIT -
tcp 0 0 127.0.0.1:44565 127.0.0.1:80 ESTABLISHED 2394/dropbear
tcp 0 0 127.0.0.1:80 127.0.0.1:44565 ESTABLISHED 2438/uhttpd
tcp 0 0 127.0.0.1:80 127.0.0.1:44566 ESTABLISHED 2438/uhttpd
tcp 0 0 127.0.0.1:44566 127.0.0.1:80 ESTABLISHED 2394/dropbear
tcp 0 0 :::139 :::* LISTEN 1877/smbd
tcp 0 0 :::80 :::* LISTEN 2438/uhttpd
tcp 0 0 :::53 :::* LISTEN 2061/dnsmasq
tcp 0 0 :::445 :::* LISTEN 1877/smbd
udp 0 0 0.0.0.0:53 0.0.0.0:* 2061/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 2061/dnsmasq
udp 0 0 192.168.200.255:137 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.1:137 0.0.0.0:* 1883/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.255:138 0.0.0.0:* 1883/nmbd
udp 0 0 192.168.200.1:138 0.0.0.0:* 1883/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 1883/nmbd
udp 0 0 :::546 :::* 1791/odhcp6c
udp 0 0 :::547 :::* 1302/odhcpd
udp 0 0 :::53 :::* 2061/dnsmasq
udp 0 0 :::123 :::* 1952/ntpd
Firewall
root@OpenWRT:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=REJECT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].input=REJECT
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=REJECT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan wan6
firewall.@zone[2]=zone
firewall.@zone[2].name=vpn
firewall.@zone[2].input=ACCEPT
firewall.@zone[2].forward=ACCEPT
firewall.@zone[2].output=ACCEPT
firewall.@zone[2].network=vpn0
firewall.@zone[2].masq=1
firewall.@zone[2].conntrack=1
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src=vpn
firewall.@forwarding[0].dest=lan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lan
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=1194
firewall.@redirect[0].dest_ip=192.168.200.1
firewall.@redirect[0].dest_port=1194
firewall.@redirect[0].name=VPN
OpenVPN Server Config
root@OpenWRT:~# uci show openvpn
openvpn.vpnserver=openvpn
openvpn.vpnserver.enabled=1
openvpn.vpnserver.dev=tun
openvpn.vpnserver.proto=tcp
openvpn.vpnserver.port=1194
openvpn.vpnserver.local=192.168.200.1
openvpn.vpnserver.server=10.10.10.0 255.255.255.0
openvpn.vpnserver.push=route 192.168.200.0 255.255.255.0
openvpn.vpnserver.ca=/etc/openvpn/keys/ca.crt
openvpn.vpnserver.cert=/etc/openvpn/keys/OpenWRT-VPNserver.crt
openvpn.vpnserver.key=/etc/openvpn/keys/OpenWRT-VPNserver.key
openvpn.vpnserver.dh=/etc/openvpn/keys/dh2048.pem
openvpn.vpnserver.tls_auth=/etc/openvpn/keys/ta.key 0
openvpn.vpnserver.cipher=AES-256-CBC
openvpn.vpnserver.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.vpnserver.log=/tmp/openvpn.log
openvpn.vpnserver.status=/tmp/openvpn-status.log
openvpn.vpnserver.keepalive=10 120
openvpn.vpnserver.comp_lzo=yes
openvpn.vpnserver.client_to_client=1
openvpn.vpnserver.persist_key=1
openvpn.vpnserver.persist_tun=1
openvpn.vpnserver.verb=9
OpenVPN Server Log
root@OpenWRT:~# cat /tmp/openvpn.log
Mon Mar 23 07:56:16 2015 us=315506 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 21 2015
Mon Mar 23 07:56:16 2015 us=317871 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Mon Mar 23 07:56:16 2015 us=761610 Diffie-Hellman initialized with 2048 bit key
Mon Mar 23 07:56:16 2015 us=801089 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Mon Mar 23 07:56:16 2015 us=802806 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 07:56:16 2015 us=803003 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 07:56:16 2015 us=805143 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Mar 23 07:56:16 2015 us=805414 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Mar 23 07:56:16 2015 us=808584 TUN/TAP device tun0 opened
Mon Mar 23 07:56:16 2015 us=808858 TUN/TAP TX queue length set to 100
Mon Mar 23 07:56:16 2015 us=809086 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar 23 07:56:16 2015 us=809366 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Mon Mar 23 07:56:16 2015 us=819206 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Mon Mar 23 07:56:16 2015 us=826509 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 23 07:56:16 2015 us=826798 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Mon Mar 23 07:56:16 2015 us=830886 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Mon Mar 23 07:56:16 2015 us=831180 TCPv4_SERVER link remote: [undef]
Mon Mar 23 07:56:16 2015 us=832244 MULTI: multi_init called, r=256 v=256
Mon Mar 23 07:56:16 2015 us=832556 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Mon Mar 23 07:56:16 2015 us=832731 IFCONFIG POOL LIST
Mon Mar 23 07:56:16 2015 us=833009 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Mar 23 07:56:16 2015 us=840787 Initialization Sequence Completed
Windows Client Config
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.crt"
key "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\OpenWRT-VPNclient-AlienFractals.key"
tls-auth "C:\\Program Files\\OpenVPN\\config\\OpenWRT-VPNserver\\ta.key" 1
ns-cert-type server
#remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 9
#route-method exe
#route-delay 2
#route 0.0.0.0 0.0.0.0 10.10.10.1




#dev tap
#dev-node MyTap
#proto udp
#remote-random
#user nobody
#group nobody
#http-proxy-retry # retry on connection failures
#http-proxy [proxy server] [proxy port #]
#mute 20
Windows Client Log
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_protected_authentication = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_private_mode = 00000000
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_cert_private = DISABLED
Mon Mar 23 08:11:53 2015 pkcs11_pin_cache_period = -1
Mon Mar 23 08:11:53 2015 pkcs11_id = '[UNDEF]'
Mon Mar 23 08:11:53 2015 pkcs11_id_management = DISABLED
Mon Mar 23 08:11:53 2015 server_network = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_network_ipv6 = ::
Mon Mar 23 08:11:53 2015 server_netbits_ipv6 = 0
Mon Mar 23 08:11:53 2015 server_bridge_ip = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_pool_start = 0.0.0.0
Mon Mar 23 08:11:53 2015 server_bridge_pool_end = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_defined = DISABLED
Mon Mar 23 08:11:53 2015 ifconfig_pool_start = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_end = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Mar 23 08:11:53 2015 ifconfig_pool_persist_refresh_freq = 600
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_defined = DISABLED
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_base = ::
Mon Mar 23 08:11:53 2015 ifconfig_ipv6_pool_netbits = 0
Mon Mar 23 08:11:53 2015 n_bcast_buf = 256
Mon Mar 23 08:11:53 2015 tcp_queue_limit = 64
Mon Mar 23 08:11:53 2015 real_hash_size = 256
Mon Mar 23 08:11:53 2015 virtual_hash_size = 256
Mon Mar 23 08:11:53 2015 client_connect_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 learn_address_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 client_disconnect_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 client_config_dir = '[UNDEF]'
Mon Mar 23 08:11:53 2015 ccd_exclusive = DISABLED
Mon Mar 23 08:11:53 2015 tmp_dir = 'C:\Users\James\AppData\Local\Temp\'
Mon Mar 23 08:11:53 2015 push_ifconfig_defined = DISABLED
Mon Mar 23 08:11:53 2015 push_ifconfig_local = 0.0.0.0
Mon Mar 23 08:11:53 2015 push_ifconfig_remote_netmask = 0.0.0.0
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_defined = DISABLED
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_local = ::/0
Mon Mar 23 08:11:53 2015 push_ifconfig_ipv6_remote = ::
Mon Mar 23 08:11:53 2015 enable_c2c = DISABLED
Mon Mar 23 08:11:53 2015 duplicate_cn = DISABLED
Mon Mar 23 08:11:53 2015 cf_max = 0
Mon Mar 23 08:11:53 2015 cf_per = 0
Mon Mar 23 08:11:53 2015 max_clients = 1024
Mon Mar 23 08:11:53 2015 max_routes_per_client = 256
Mon Mar 23 08:11:53 2015 auth_user_pass_verify_script = '[UNDEF]'
Mon Mar 23 08:11:53 2015 auth_user_pass_verify_script_via_file = DISABLED
Mon Mar 23 08:11:53 2015 client = ENABLED
Mon Mar 23 08:11:53 2015 pull = ENABLED
Mon Mar 23 08:11:53 2015 auth_user_pass_file = '[UNDEF]'
Mon Mar 23 08:11:53 2015 show_net_up = DISABLED
Mon Mar 23 08:11:53 2015 route_method = 0
Mon Mar 23 08:11:53 2015 ip_win32_defined = DISABLED
Mon Mar 23 08:11:53 2015 ip_win32_type = 3
Mon Mar 23 08:11:53 2015 dhcp_masq_offset = 0
Mon Mar 23 08:11:53 2015 dhcp_lease_time = 31536000
Mon Mar 23 08:11:53 2015 tap_sleep = 0
Mon Mar 23 08:11:53 2015 dhcp_options = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_renew = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_pre_release = DISABLED
Mon Mar 23 08:11:53 2015 dhcp_release = DISABLED
Mon Mar 23 08:11:53 2015 domain = '[UNDEF]'
Mon Mar 23 08:11:53 2015 netbios_scope = '[UNDEF]'
Mon Mar 23 08:11:53 2015 netbios_node_type = 0
Mon Mar 23 08:11:53 2015 disable_nbt = DISABLED
Mon Mar 23 08:11:53 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Mon Mar 23 08:11:53 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Mon Mar 23 08:11:53 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Mar 23 08:11:53 2015 Need hold release from management interface, waiting...
Mon Mar 23 08:11:53 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'state on'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'log all on'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'hold off'
Mon Mar 23 08:11:54 2015 MANAGEMENT: CMD 'hold release'
Mon Mar 23 08:11:54 2015 Control Channel Authentication: using 'C:\Program Files\OpenVPN\config\OpenWRT-VPNserver\ta.key' as a OpenVPN static key file
Mon Mar 23 08:11:54 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 08:11:54 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 23 08:11:54 2015 LZO compression initialized
Mon Mar 23 08:11:54 2015 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Mar 23 08:11:54 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Mar 23 08:11:54 2015 MANAGEMENT: >STATE:1427116314,RESOLVE,,,
Mon Mar 23 08:11:54 2015 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 23 08:11:54 2015 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Mar 23 08:11:54 2015 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Mar 23 08:11:54 2015 Local Options hash (VER=V4): '2f2c6498'
Mon Mar 23 08:11:54 2015 Expected Remote Options hash (VER=V4): '9915e4a2'
Mon Mar 23 08:11:54 2015 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
Mon Mar 23 08:11:54 2015 MANAGEMENT: >STATE:1427116314,TCP_CONNECT,,,
Mon Mar 23 08:12:04 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Mon Mar 23 08:12:09 2015 MANAGEMENT: >STATE:1427116329,RESOLVE,,,
Mon Mar 23 08:12:09 2015 MANAGEMENT: >STATE:1427116329,TCP_CONNECT,,,
Mon Mar 23 08:12:19 2015 TCP: connect to [AF_INET]68.114.212.219:1194 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Android Config (Static Key Removed)
client
dev tun
proto tcp
remote vpnserver.dyndns-server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 9





# dev tap
# dev-node MyTap
# proto udp
# remote my-server-2 1194
# remote-random
# user nobody
# group nobody
# http-proxy-retry # retry on connection failures
# http-proxy [proxy server] [proxy port #]
# mute 20
Android Client Log
2015-03-23 07:56:36 Running on Nexus 6 (shamu) google, Android API 21, version 0.6.29, official build
2015-03-23 07:56:36 Log cleared.
2015-03-23 07:57:10 Building configuration…
2015-03-23 07:57:13 started Socket Thread
2015-03-23 07:57:13 Network Status: CONNECTED to WIFI "Fibonacci 5G Fractals"
2015-03-23 07:57:13 Current Parameter Settings:
2015-03-23 07:57:13 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-03-23 07:57:13 mode = 0
2015-03-23 07:57:13 show_ciphers = DISABLED
2015-03-23 07:57:13 show_digests = DISABLED
2015-03-23 07:57:13 show_engines = DISABLED
2015-03-23 07:57:13 genkey = DISABLED
2015-03-23 07:57:13 key_pass_file = '[UNDEF]'
2015-03-23 07:57:13 show_tls_ciphers = DISABLED
2015-03-23 07:57:13 connect_retry_max = 5
2015-03-23 07:57:13 Connection profiles [0]:
2015-03-23 07:57:13 proto = tcp-client
2015-03-23 07:57:13 local = '[UNDEF]'
2015-03-23 07:57:13 local_port = '[UNDEF]'
2015-03-23 07:57:13 remote = 'vpnserver.dyndns-server.com'
2015-03-23 07:57:13 remote_port = '1194'
2015-03-23 07:57:13 remote_float = DISABLED
2015-03-23 07:57:13 bind_defined = DISABLED
2015-03-23 07:57:13 bind_local = DISABLED
2015-03-23 07:57:13 bind_ipv6_only = DISABLED
2015-03-23 07:57:13 connect_retry_seconds = 5
2015-03-23 07:57:13 connect_timeout = 10
2015-03-23 07:57:13 socks_proxy_server = '[UNDEF]'
2015-03-23 07:57:13 socks_proxy_port = '[UNDEF]'
2015-03-23 07:57:13 socks_proxy_retry = DISABLED
2015-03-23 07:57:13 tun_mtu = 1500
2015-03-23 07:57:13 tun_mtu_defined = ENABLED
2015-03-23 07:57:13 link_mtu = 1500
2015-03-23 07:57:13 link_mtu_defined = DISABLED
2015-03-23 07:57:13 tun_mtu_extra = 0
2015-03-23 07:57:13 tun_mtu_extra_defined = DISABLED
2015-03-23 07:57:13 mtu_discover_type = -1
2015-03-23 07:57:13 fragment = 0
2015-03-23 07:57:13 mssfix = 1450
2015-03-23 07:57:13 explicit_exit_notification = 0
2015-03-23 07:57:13 Connection profiles END
2015-03-23 07:57:13 remote_random = DISABLED
2015-03-23 07:57:13 ipchange = '[UNDEF]'
2015-03-23 07:57:13 dev = 'tun'
2015-03-23 07:57:13 dev_type = '[UNDEF]'
2015-03-23 07:57:13 dev_node = '[UNDEF]'
2015-03-23 07:57:13 lladdr = '[UNDEF]'
2015-03-23 07:57:13 topology = 1
2015-03-23 07:57:13 tun_ipv6 = DISABLED
2015-03-23 07:57:13 ifconfig_local = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_remote_netmask = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_noexec = DISABLED
2015-03-23 07:57:13 ifconfig_nowarn = ENABLED
2015-03-23 07:57:13 ifconfig_ipv6_local = '[UNDEF]'
2015-03-23 07:57:13 ifconfig_ipv6_netbits = 0
2015-03-23 07:57:13 ifconfig_ipv6_remote = '[UNDEF]'
2015-03-23 07:57:13 shaper = 0
2015-03-23 07:57:13 mtu_test = 0
2015-03-23 07:57:13 mlock = DISABLED
2015-03-23 07:57:13 keepalive_ping = 0
2015-03-23 07:57:13 keepalive_timeout = 0
2015-03-23 07:57:13 inactivity_timeout = 0
2015-03-23 07:57:13 ping_send_timeout = 0
2015-03-23 07:57:13 ping_rec_timeout = 0
2015-03-23 07:57:13 ping_rec_timeout_action = 0
2015-03-23 07:57:13 ping_timer_remote = DISABLED
2015-03-23 07:57:13 remap_sigusr1 = 0
2015-03-23 07:57:13 persist_tun = ENABLED
2015-03-23 07:57:13 persist_local_ip = DISABLED
2015-03-23 07:57:13 persist_remote_ip = DISABLED
2015-03-23 07:57:13 persist_key = DISABLED
2015-03-23 07:57:13 passtos = DISABLED
2015-03-23 07:57:13 resolve_retry_seconds = 1000000000
2015-03-23 07:57:13 resolve_in_advance = ENABLED
2015-03-23 07:57:13 username = '[UNDEF]'
2015-03-23 07:57:13 groupname = '[UNDEF]'
2015-03-23 07:57:13 chroot_dir = '[UNDEF]'
2015-03-23 07:57:13 cd_dir = '[UNDEF]'
2015-03-23 07:57:13 writepid = '[UNDEF]'
2015-03-23 07:57:13 up_script = '[UNDEF]'
2015-03-23 07:57:13 down_script = '[UNDEF]'
2015-03-23 07:57:13 down_pre = DISABLED
2015-03-23 07:57:13 up_restart = DISABLED
2015-03-23 07:57:13 up_delay = DISABLED
2015-03-23 07:57:13 daemon = DISABLED
2015-03-23 07:57:13 inetd = 0
2015-03-23 07:57:13 log = DISABLED
2015-03-23 07:57:13 suppress_timestamps = DISABLED
2015-03-23 07:57:13 machine_readable_output = ENABLED
2015-03-23 07:57:13 nice = 0
2015-03-23 07:57:13 verbosity = 4
2015-03-23 07:57:13 mute = 0
2015-03-23 07:57:13 gremlin = 0
2015-03-23 07:57:13 status_file = '[UNDEF]'
2015-03-23 07:57:13 status_file_version = 1
2015-03-23 07:57:13 status_file_update_freq = 60
2015-03-23 07:57:13 occ = ENABLED
2015-03-23 07:57:13 rcvbuf = 65536
2015-03-23 07:57:13 sndbuf = 65536
2015-03-23 07:57:13 sockflags = 0
2015-03-23 07:57:13 fast_io = DISABLED
2015-03-23 07:57:13 comp.alg = 2
2015-03-23 07:57:13 comp.flags = 1
2015-03-23 07:57:13 route_script = '[UNDEF]'
2015-03-23 07:57:13 route_default_gateway = '[UNDEF]'
2015-03-23 07:57:13 route_default_metric = 0
2015-03-23 07:57:13 route_noexec = DISABLED
2015-03-23 07:57:13 route_delay = 0
2015-03-23 07:57:13 route_delay_window = 30
2015-03-23 07:57:13 route_delay_defined = DISABLED
2015-03-23 07:57:13 route_nopull = DISABLED
2015-03-23 07:57:13 route_gateway_via_dhcp = DISABLED
2015-03-23 07:57:13 allow_pull_fqdn = DISABLED
2015-03-23 07:57:13 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-03-23 07:57:13 management_port = 'unix'
2015-03-23 07:57:13 management_user_pass = '[UNDEF]'
2015-03-23 07:57:13 management_log_history_cache = 250
2015-03-23 07:57:13 management_echo_buffer_size = 100
2015-03-23 07:57:13 management_write_peer_info_file = '[UNDEF]'
2015-03-23 07:57:13 management_client_user = '[UNDEF]'
2015-03-23 07:57:13 management_client_group = '[UNDEF]'
2015-03-23 07:57:13 management_flags = 806
2015-03-23 07:57:13 shared_secret_file = '[UNDEF]'
2015-03-23 07:57:13 key_direction = 2
2015-03-23 07:57:13 ciphername_defined = ENABLED
2015-03-23 07:57:13 ciphername = 'AES-256-CBC'
2015-03-23 07:57:13 authname_defined = ENABLED
2015-03-23 07:57:13 authname = 'SHA1'
2015-03-23 07:57:13 prng_hash = 'SHA1'
2015-03-23 07:57:13 prng_nonce_secret_len = 16
2015-03-23 07:57:13 keysize = 0
2015-03-23 07:57:13 engine = DISABLED
2015-03-23 07:57:13 replay = ENABLED
2015-03-23 07:57:13 mute_replay_warnings = ENABLED
2015-03-23 07:57:13 replay_window = 64
2015-03-23 07:57:13 replay_time = 15
2015-03-23 07:57:13 packet_id_file = '[UNDEF]'
2015-03-23 07:57:13 use_iv = ENABLED
2015-03-23 07:57:13 test_crypto = DISABLED
2015-03-23 07:57:13 tls_server = DISABLED
2015-03-23 07:57:13 tls_client = ENABLED
2015-03-23 07:57:13 key_method = 2
2015-03-23 07:57:13 ca_file = '[[INLINE]]'
2015-03-23 07:57:13 ca_path = '[UNDEF]'
2015-03-23 07:57:13 dh_file = '[UNDEF]'
2015-03-23 07:57:13 cert_file = '[[INLINE]]'
2015-03-23 07:57:13 "priv_key_file" = EXTERNAL_PRIVATE_KEY
2015-03-23 07:57:13 pkcs12_file = '[UNDEF]'
2015-03-23 07:57:13 cipher_list = '[UNDEF]'
2015-03-23 07:57:13 tls_verify = '[UNDEF]'
2015-03-23 07:57:13 tls_export_cert = '[UNDEF]'
2015-03-23 07:57:13 verify_x509_type = 0
2015-03-23 07:57:13 verify_x509_name = '[UNDEF]'
2015-03-23 07:57:13 crl_file = '[UNDEF]'
2015-03-23 07:57:13 ns_cert_type = 1
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_ku[i] = 0
2015-03-23 07:57:13 remote_cert_eku = '[UNDEF]'
2015-03-23 07:57:13 ssl_flags = 0
2015-03-23 07:57:13 tls_timeout = 2
2015-03-23 07:57:13 renegotiate_bytes = 0
2015-03-23 07:57:13 renegotiate_packets = 0
2015-03-23 07:57:13 renegotiate_seconds = 3600
2015-03-23 07:57:13 handshake_window = 60
2015-03-23 07:57:13 transition_window = 3600
2015-03-23 07:57:13 single_session = DISABLED
2015-03-23 07:57:13 push_peer_info = DISABLED
2015-03-23 07:57:13 tls_exit = DISABLED
2015-03-23 07:57:13 tls_auth_file = '[[INLINE]]'
2015-03-23 07:57:13 client = ENABLED
2015-03-23 07:57:13 pull = ENABLED
2015-03-23 07:57:13 auth_user_pass_file = '[UNDEF]'
2015-03-23 07:57:13 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_629-4c6f7f0d16e1a6b3] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 24 2015
2015-03-23 07:57:13 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07
2015-03-23 07:57:13 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-03-23 07:57:13 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:13 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:13 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:13 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:13 LZO compression initializing
2015-03-23 07:57:13 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:13 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:13 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:13 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:13 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:13 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:13 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:13 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:13 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:13 Protecting socket fd 4
2015-03-23 07:57:13 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:13 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:13 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:14 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:14 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:14 MANAGEMENT: >STATE:1427115434,RECONNECTING,init_instance,,
2015-03-23 07:57:17 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:17 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:17 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:17 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:17 LZO compression initializing
2015-03-23 07:57:17 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:17 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:17 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:17 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:17 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:17 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:17 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:17 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:17 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:17 MANAGEMENT: >STATE:1427115437,TCP_CONNECT,,,
2015-03-23 07:57:17 Protecting socket fd 4
2015-03-23 07:57:17 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:17 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:17 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:18 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:18 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:18 MANAGEMENT: >STATE:1427115438,RECONNECTING,init_instance,,
2015-03-23 07:57:21 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:21 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:21 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:21 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:21 LZO compression initializing
2015-03-23 07:57:21 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:21 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:21 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:21 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:21 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:21 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:21 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:21 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:21 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:21 MANAGEMENT: >STATE:1427115441,TCP_CONNECT,,,
2015-03-23 07:57:21 Protecting socket fd 4
2015-03-23 07:57:21 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:21 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:21 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:23 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:23 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:23 MANAGEMENT: >STATE:1427115443,RECONNECTING,init_instance,,
2015-03-23 07:57:26 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:26 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:26 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:26 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:26 LZO compression initializing
2015-03-23 07:57:26 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:26 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:26 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:26 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:26 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:26 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:26 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:26 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:26 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:26 MANAGEMENT: >STATE:1427115446,TCP_CONNECT,,,
2015-03-23 07:57:26 Protecting socket fd 4
2015-03-23 07:57:26 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:26 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:26 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:27 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:27 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:27 MANAGEMENT: >STATE:1427115447,RECONNECTING,init_instance,,
2015-03-23 07:57:30 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:30 Control Channel Authentication: tls-auth using INLINE static key file
2015-03-23 07:57:30 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:30 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-03-23 07:57:30 LZO compression initializing
2015-03-23 07:57:30 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:3 ]
2015-03-23 07:57:30 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:396 ET:0 EL:3 ]
2015-03-23 07:57:30 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2015-03-23 07:57:30 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2015-03-23 07:57:30 Local Options hash (VER=V4): '2f2c6498'
2015-03-23 07:57:30 Expected Remote Options hash (VER=V4): '9915e4a2'
2015-03-23 07:57:30 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 07:57:30 Socket Buffers: R=[2097152->131072] S=[524288->131072]
2015-03-23 07:57:30 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 07:57:30 MANAGEMENT: >STATE:1427115450,TCP_CONNECT,,,
2015-03-23 07:57:30 Protecting socket fd 4
2015-03-23 07:57:30 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 07:57:30 MANAGEMENT: CMD 'state on'
2015-03-23 07:57:30 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 07:57:31 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 07:57:31 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 07:57:31 MANAGEMENT: >STATE:1427115451,RECONNECTING,init_instance,,
2015-03-23 07:57:34 MGMT: Got unrecognized command>FATAL:All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 07:57:34 MANAGEMENT: CMD 'hold release'
2015-03-23 07:57:34 MANAGEMENT: Client disconnected
2015-03-23 07:57:34 All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 07:57:34 Exiting due to fatal error
2015-03-23 07:57:34 Process exited with exit value 1

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 1:48 pm
by JW0914
Does it matter whether certificates are copied/pasted, as I used scp to transfer the certificates to my pc, where I then copied them to their respective clients (ca.crt, client crt and key, and ta.key).

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 9:30 pm
by Traffic
JW0914 wrote: used scp to transfer the certificates
that is ok .. if any corruptions occurs, openvpn will let you know.
Traffic wrote:The only rule required (from default) was to forward the external vpn port (1194) to the LAN address
Not so true .. :oops:

From what I can tell you need:
  • General settings
    • Input accept
      Output accept
      Forward accept
  • Zones
    • wan:WAN0: ⇒ lan accept accept accept
  • Firewall - Port Forwards
    • openvpn IPv4-UDP
      From any host in wan
      Via any router IP at port 1194 IP lan , port 1194 in lan
  • Firewall - Traffic Rules
    • openvpn IPv4-UDP
      From any host in any zone
      To any host, port 1194 in wan Accept forward

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Mon Mar 23, 2015 11:16 pm
by JW0914
Traffic wrote: From what I can tell you need:
  • General settings
    • Input accept
      Output accept
      Forward accept
  • Zones
    • wan:WAN0: ⇒ lan accept accept accept
  • Firewall - Port Forwards
    • openvpn IPv4-UDP
      From any host in wan
      Via any router IP at port 1194 IP lan , port 1194 in lan
  • Firewall - Traffic Rules
    • openvpn IPv4-UDP
      From any host in any zone
      To any host, port 1194 in wan Accept forward
Still getting connection refused... exact same log messages as before.

You said you were able to get openvpn up and running on openwrt; could you please post the output from:

- uci show openvpn
- uci show firewall
- config file for client

I'd like to compare what I have to what someone else who has it working has to see where I'm going wrong.

I'm beginning to wonder if any value(s) in my OpenWRT settings backup became corrupted and is causing an issue, so I'm going to redo everything, starting with a reflash of firmware. I'll then only install the bare minimum packages to get OpenVPN up and running. This should rule out any custom settings on my end.

If that doesn't work, I'm at a loss as both you and another user in the OpenWRT forums [who has the same router and same setup] were able to get a VPN up and running with no issue. I know the tutorials I came across were quite dated, so I would compare the tutorial to the OpenVPN How-To page.

On a side note, would you recommend openssl or polarssl (or does it matter/is there a difference)?

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Tue Mar 24, 2015 1:31 am
by JW0914
There has to be a configuration option I'm missing, as even with the bare minimum packages (trunk base w/ luci, openvpn-openssl, openvpn-easy-rsa and their dependencies) connection is still being refused.

Router: Linksys WRT 1900ac

Firewall (All OpenWRT default Traffic Rules left as is)
root@OpenWrt:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].input=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@zone[1].network=wan wan6
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].name=Allow-Ping
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=ACCEPT
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=lan
firewall.@forwarding[0].src=wan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lan
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp udp
firewall.@redirect[0].src_dport=1194
firewall.@redirect[0].dest_ip=192.168.200.1
firewall.@redirect[0].dest_port=1194
firewall.@redirect[0].name=OpenVPN
firewall.@rule[5]=rule
firewall.@rule[5].target=ACCEPT
firewall.@rule[5].proto=tcp udp
firewall.@rule[5].name=OpenVPN
firewall.@rule[5].family=ipv4
firewall.@rule[5].src=*
firewall.@rule[5].dest=wan
firewall.@rule[5].dest_port=1194
firewall.@zone[2]=zone
firewall.@zone[2].name=vpn
firewall.@zone[2].input=ACCEPT
firewall.@zone[2].forward=ACCEPT
firewall.@zone[2].output=ACCEPT
firewall.@zone[2].network=vpn0
firewall.@zone[2].family=ipv4
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest=lan
firewall.@forwarding[2].src=vpn
firewall.@forwarding[3]=forwarding
firewall.@forwarding[3].dest=vpn
firewall.@forwarding[3].src=lan
firewall.@forwarding[4]=forwarding
firewall.@forwarding[4].dest=vpn
firewall.@forwarding[4].src=wan

OpenVPN Server Config
root@OpenWrt:~# uci show openvpn
openvpn.OpenVPN=openvpn
openvpn.OpenVPN.enable=1
openvpn.OpenVPN.port=1194
openvpn.OpenVPN.proto=tcp
openvpn.OpenVPN.dev=tun
openvpn.OpenVPN.ca=/etc/easy-rsa/keys/ca.crt
openvpn.OpenVPN.cert=/etc/easy-rsa/keys/OpenWRT-VPNserver.crt
openvpn.OpenVPN.key=/etc/easy-rsa/keys/OpenWRT-VPNserver.key
openvpn.OpenVPN.dh=/etc/easy-rsa/keys/dh2048.pem
openvpn.OpenVPN.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.OpenVPN.keepalive=10 120
openvpn.OpenVPN.persist_key=1
openvpn.OpenVPN.persist_tun=1
openvpn.OpenVPN.status=/var/openvpn-status.log
openvpn.OpenVPN.log=/tmp/openvpn.log
openvpn.OpenVPN.verb=11
openvpn.OpenVPN.comp_lzo=no
openvpn.OpenVPN.server=10.10.10.0 255.255.255.0
openvpn.OpenVPN.client_to_client=1
openvpn.OpenVPN.local=192.168.200.1
openvpn.OpenVPN.push=dhcp-option DNS 192.168.200.1 route 192.168.200.0 255.255.255.0

OpenVPN Server Log
root@OpenWrt:~# cat /tmp/openvpn.log
Tue Mar 24 01:05:30 2015 us=84859 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 23 2015
Tue Mar 24 01:05:30 2015 us=85995 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Tue Mar 24 01:05:30 2015 us=341446 Diffie-Hellman initialized with 2048 bit key
Tue Mar 24 01:05:30 2015 us=371712 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Mar 24 01:05:30 2015 us=371912 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Mar 24 01:05:30 2015 us=373130 TUN/TAP device tun0 opened
Tue Mar 24 01:05:30 2015 us=373311 TUN/TAP TX queue length set to 100
Tue Mar 24 01:05:30 2015 us=373448 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 24 01:05:30 2015 us=373627 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500
Tue Mar 24 01:05:30 2015 us=382710 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2
Tue Mar 24 01:05:30 2015 us=388184 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 01:05:30 2015 us=388401 Listening for incoming TCP connection on [AF_INET]192.168.200.1:1194
Tue Mar 24 01:05:30 2015 us=389353 TCPv4_SERVER link local (bound): [AF_INET]192.168.200.1:1194
Tue Mar 24 01:05:30 2015 us=389501 TCPv4_SERVER link remote: [undef]
Tue Mar 24 01:05:30 2015 us=390619 MULTI: multi_init called, r=256 v=256
Tue Mar 24 01:05:30 2015 us=390876 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Tue Mar 24 01:05:30 2015 us=391031 IFCONFIG POOL LIST
Tue Mar 24 01:05:30 2015 us=391245 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Mar 24 01:05:30 2015 us=391849 Initialization Sequence Completed

Android Client Config (pk12 used, WAN IP removed)
client
dev tun
proto tcp
remote *.*.*.* 1194
persist-key
persist-tun
ns-cert-type server
verb 11

Android Client Log
2015-03-23 20:12:27 Running on Nexus 6 (shamu) google, Android API 21, version 0.6.29, official build
2015-03-23 20:12:29 Building configuration…
2015-03-23 20:12:31 started Socket Thread
2015-03-23 20:12:31 Network Status: CONNECTED LTE to MOBILE VZWINTERNET
2015-03-23 20:12:31 Current Parameter Settings:
2015-03-23 20:12:31 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2015-03-23 20:12:31 mode = 0
2015-03-23 20:12:31 show_ciphers = DISABLED
2015-03-23 20:12:31 show_digests = DISABLED
2015-03-23 20:12:31 show_engines = DISABLED
2015-03-23 20:12:31 genkey = DISABLED
2015-03-23 20:12:31 key_pass_file = '[UNDEF]'
2015-03-23 20:12:31 show_tls_ciphers = DISABLED
2015-03-23 20:12:31 connect_retry_max = 5
2015-03-23 20:12:31 Connection profiles [0]:
2015-03-23 20:12:31 proto = tcp-client
2015-03-23 20:12:31 local = '[UNDEF]'
2015-03-23 20:12:31 local_port = '[UNDEF]'
2015-03-23 20:12:31 remote = '68.114.212.219'
2015-03-23 20:12:31 remote_port = '1194'
2015-03-23 20:12:31 remote_float = DISABLED
2015-03-23 20:12:31 bind_defined = DISABLED
2015-03-23 20:12:31 bind_local = DISABLED
2015-03-23 20:12:31 bind_ipv6_only = DISABLED
2015-03-23 20:12:31 connect_retry_seconds = 5
2015-03-23 20:12:31 connect_timeout = 10
2015-03-23 20:12:31 socks_proxy_server = '[UNDEF]'
2015-03-23 20:12:31 socks_proxy_port = '[UNDEF]'
2015-03-23 20:12:31 socks_proxy_retry = DISABLED
2015-03-23 20:12:31 tun_mtu = 1500
2015-03-23 20:12:31 tun_mtu_defined = ENABLED
2015-03-23 20:12:31 link_mtu = 1500
2015-03-23 20:12:31 link_mtu_defined = DISABLED
2015-03-23 20:12:31 tun_mtu_extra = 0
2015-03-23 20:12:31 tun_mtu_extra_defined = DISABLED
2015-03-23 20:12:31 mtu_discover_type = -1
2015-03-23 20:12:31 fragment = 0
2015-03-23 20:12:31 mssfix = 1450
2015-03-23 20:12:31 explicit_exit_notification = 0
2015-03-23 20:12:31 Connection profiles END
2015-03-23 20:12:31 remote_random = DISABLED
2015-03-23 20:12:31 ipchange = '[UNDEF]'
2015-03-23 20:12:31 dev = 'tun'
2015-03-23 20:12:31 dev_type = '[UNDEF]'
2015-03-23 20:12:31 dev_node = '[UNDEF]'
2015-03-23 20:12:31 lladdr = '[UNDEF]'
2015-03-23 20:12:31 topology = 1
2015-03-23 20:12:31 tun_ipv6 = DISABLED
2015-03-23 20:12:31 ifconfig_local = '[UNDEF]'
2015-03-23 20:12:31 ifconfig_remote_netmask = '[UNDEF]'
2015-03-23 20:12:31 ifconfig_noexec = DISABLED
2015-03-23 20:12:31 ifconfig_nowarn = ENABLED
2015-03-23 20:12:31 ifconfig_ipv6_local = '[UNDEF]'
2015-03-23 20:12:31 ifconfig_ipv6_netbits = 0
2015-03-23 20:12:31 ifconfig_ipv6_remote = '[UNDEF]'
2015-03-23 20:12:31 shaper = 0
2015-03-23 20:12:31 mtu_test = 0
2015-03-23 20:12:31 mlock = DISABLED
2015-03-23 20:12:31 keepalive_ping = 0
2015-03-23 20:12:31 keepalive_timeout = 0
2015-03-23 20:12:31 inactivity_timeout = 0
2015-03-23 20:12:31 ping_send_timeout = 0
2015-03-23 20:12:31 ping_rec_timeout = 0
2015-03-23 20:12:31 ping_rec_timeout_action = 0
2015-03-23 20:12:31 ping_timer_remote = DISABLED
2015-03-23 20:12:31 remap_sigusr1 = 0
2015-03-23 20:12:31 persist_tun = ENABLED
2015-03-23 20:12:31 persist_local_ip = DISABLED
2015-03-23 20:12:31 persist_remote_ip = DISABLED
2015-03-23 20:12:31 persist_key = DISABLED
2015-03-23 20:12:31 passtos = DISABLED
2015-03-23 20:12:31 resolve_retry_seconds = 60
2015-03-23 20:12:31 resolve_in_advance = ENABLED
2015-03-23 20:12:31 username = '[UNDEF]'
2015-03-23 20:12:31 groupname = '[UNDEF]'
2015-03-23 20:12:31 chroot_dir = '[UNDEF]'
2015-03-23 20:12:31 cd_dir = '[UNDEF]'
2015-03-23 20:12:31 writepid = '[UNDEF]'
2015-03-23 20:12:31 up_script = '[UNDEF]'
2015-03-23 20:12:31 down_script = '[UNDEF]'
2015-03-23 20:12:31 down_pre = DISABLED
2015-03-23 20:12:31 up_restart = DISABLED
2015-03-23 20:12:31 up_delay = DISABLED
2015-03-23 20:12:31 daemon = DISABLED
2015-03-23 20:12:31 inetd = 0
2015-03-23 20:12:31 log = DISABLED
2015-03-23 20:12:31 suppress_timestamps = DISABLED
2015-03-23 20:12:31 machine_readable_output = ENABLED
2015-03-23 20:12:31 nice = 0
2015-03-23 20:12:31 verbosity = 4
2015-03-23 20:12:31 mute = 0
2015-03-23 20:12:31 gremlin = 0
2015-03-23 20:12:31 status_file = '[UNDEF]'
2015-03-23 20:12:31 status_file_version = 1
2015-03-23 20:12:31 status_file_update_freq = 60
2015-03-23 20:12:31 occ = ENABLED
2015-03-23 20:12:31 rcvbuf = 65536
2015-03-23 20:12:31 sndbuf = 65536
2015-03-23 20:12:31 sockflags = 0
2015-03-23 20:12:31 fast_io = DISABLED
2015-03-23 20:12:31 comp.alg = 0
2015-03-23 20:12:31 comp.flags = 0
2015-03-23 20:12:31 route_script = '[UNDEF]'
2015-03-23 20:12:31 route_default_gateway = '[UNDEF]'
2015-03-23 20:12:31 route_default_metric = 0
2015-03-23 20:12:31 route_noexec = DISABLED
2015-03-23 20:12:31 route_delay = 0
2015-03-23 20:12:31 route_delay_window = 30
2015-03-23 20:12:31 route_delay_defined = DISABLED
2015-03-23 20:12:31 route_nopull = DISABLED
2015-03-23 20:12:31 route_gateway_via_dhcp = DISABLED
2015-03-23 20:12:31 allow_pull_fqdn = DISABLED
2015-03-23 20:12:31 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2015-03-23 20:12:31 management_port = 'unix'
2015-03-23 20:12:31 management_user_pass = '[UNDEF]'
2015-03-23 20:12:31 management_log_history_cache = 250
2015-03-23 20:12:31 management_echo_buffer_size = 100
2015-03-23 20:12:31 management_write_peer_info_file = '[UNDEF]'
2015-03-23 20:12:31 management_client_user = '[UNDEF]'
2015-03-23 20:12:31 management_client_group = '[UNDEF]'
2015-03-23 20:12:31 management_flags = 806
2015-03-23 20:12:31 shared_secret_file = '[UNDEF]'
2015-03-23 20:12:31 key_direction = 0
2015-03-23 20:12:31 ciphername_defined = ENABLED
2015-03-23 20:12:31 ciphername = 'BF-CBC'
2015-03-23 20:12:31 authname_defined = ENABLED
2015-03-23 20:12:31 authname = 'SHA1'
2015-03-23 20:12:31 prng_hash = 'SHA1'
2015-03-23 20:12:31 prng_nonce_secret_len = 16
2015-03-23 20:12:31 keysize = 0
2015-03-23 20:12:31 engine = DISABLED
2015-03-23 20:12:31 replay = ENABLED
2015-03-23 20:12:31 mute_replay_warnings = DISABLED
2015-03-23 20:12:31 replay_window = 64
2015-03-23 20:12:31 replay_time = 15
2015-03-23 20:12:31 packet_id_file = '[UNDEF]'
2015-03-23 20:12:31 use_iv = ENABLED
2015-03-23 20:12:31 test_crypto = DISABLED
2015-03-23 20:12:31 tls_server = DISABLED
2015-03-23 20:12:31 tls_client = ENABLED
2015-03-23 20:12:31 key_method = 2
2015-03-23 20:12:31 ca_file = '[[INLINE]]'
2015-03-23 20:12:31 ca_path = '[UNDEF]'
2015-03-23 20:12:31 dh_file = '[UNDEF]'
2015-03-23 20:12:31 cert_file = '[[INLINE]]'
2015-03-23 20:12:31 "priv_key_file" = EXTERNAL_PRIVATE_KEY
2015-03-23 20:12:31 pkcs12_file = '[UNDEF]'
2015-03-23 20:12:31 cipher_list = '[UNDEF]'
2015-03-23 20:12:31 tls_verify = '[UNDEF]'
2015-03-23 20:12:31 tls_export_cert = '[UNDEF]'
2015-03-23 20:12:31 verify_x509_type = 0
2015-03-23 20:12:31 verify_x509_name = '[UNDEF]'
2015-03-23 20:12:31 crl_file = '[UNDEF]'
2015-03-23 20:12:31 ns_cert_type = 1
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_ku[i] = 0
2015-03-23 20:12:31 remote_cert_eku = '[UNDEF]'
2015-03-23 20:12:31 ssl_flags = 0
2015-03-23 20:12:31 tls_timeout = 2
2015-03-23 20:12:31 renegotiate_bytes = 0
2015-03-23 20:12:31 renegotiate_packets = 0
2015-03-23 20:12:31 renegotiate_seconds = 3600
2015-03-23 20:12:31 handshake_window = 60
2015-03-23 20:12:31 transition_window = 3600
2015-03-23 20:12:31 single_session = DISABLED
2015-03-23 20:12:31 push_peer_info = DISABLED
2015-03-23 20:12:31 tls_exit = DISABLED
2015-03-23 20:12:31 tls_auth_file = '[UNDEF]'
2015-03-23 20:12:31 client = ENABLED
2015-03-23 20:12:31 pull = ENABLED
2015-03-23 20:12:31 auth_user_pass_file = '[UNDEF]'
2015-03-23 20:12:31 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_629-4c6f7f0d16e1a6b3] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 24 2015
2015-03-23 20:12:31 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07
2015-03-23 20:12:31 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-03-23 20:12:31 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:31 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
2015-03-23 20:12:31 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
2015-03-23 20:12:31 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-03-23 20:12:31 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-03-23 20:12:31 Local Options hash (VER=V4): 'db02a8f8'
2015-03-23 20:12:31 Expected Remote Options hash (VER=V4): '7e068940'
2015-03-23 20:12:31 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 20:12:31 Socket Buffers: R=[1048576->131072] S=[524288->131072]
2015-03-23 20:12:31 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 20:12:31 Protecting socket fd 4
2015-03-23 20:12:31 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 20:12:31 MANAGEMENT: CMD 'state on'
2015-03-23 20:12:31 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 20:12:32 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 20:12:32 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 20:12:32 MANAGEMENT: >STATE:1427159552,RECONNECTING,init_instance,,
2015-03-23 20:12:35 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:35 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
2015-03-23 20:12:35 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
2015-03-23 20:12:35 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-03-23 20:12:35 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-03-23 20:12:35 Local Options hash (VER=V4): 'db02a8f8'
2015-03-23 20:12:35 Expected Remote Options hash (VER=V4): '7e068940'
2015-03-23 20:12:35 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 20:12:35 Socket Buffers: R=[1048576->131072] S=[524288->131072]
2015-03-23 20:12:35 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 20:12:35 MANAGEMENT: >STATE:1427159555,TCP_CONNECT,,,
2015-03-23 20:12:35 Protecting socket fd 4
2015-03-23 20:12:35 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 20:12:35 MANAGEMENT: CMD 'state on'
2015-03-23 20:12:35 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 20:12:36 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 20:12:36 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 20:12:36 MANAGEMENT: >STATE:1427159556,RECONNECTING,init_instance,,
2015-03-23 20:12:39 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:39 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
2015-03-23 20:12:39 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
2015-03-23 20:12:39 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-03-23 20:12:39 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-03-23 20:12:39 Local Options hash (VER=V4): 'db02a8f8'
2015-03-23 20:12:39 Expected Remote Options hash (VER=V4): '7e068940'
2015-03-23 20:12:39 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 20:12:39 Socket Buffers: R=[1048576->131072] S=[524288->131072]
2015-03-23 20:12:39 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 20:12:39 MANAGEMENT: >STATE:1427159559,TCP_CONNECT,,,
2015-03-23 20:12:39 Protecting socket fd 4
2015-03-23 20:12:39 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 20:12:39 MANAGEMENT: CMD 'state on'
2015-03-23 20:12:39 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 20:12:40 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 20:12:40 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 20:12:40 MANAGEMENT: >STATE:1427159560,RECONNECTING,init_instance,,
2015-03-23 20:12:43 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:43 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
2015-03-23 20:12:43 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
2015-03-23 20:12:43 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-03-23 20:12:43 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-03-23 20:12:43 Local Options hash (VER=V4): 'db02a8f8'
2015-03-23 20:12:43 Expected Remote Options hash (VER=V4): '7e068940'
2015-03-23 20:12:43 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 20:12:43 Socket Buffers: R=[1048576->131072] S=[524288->131072]
2015-03-23 20:12:43 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 20:12:43 MANAGEMENT: >STATE:1427159563,TCP_CONNECT,,,
2015-03-23 20:12:43 Protecting socket fd 4
2015-03-23 20:12:43 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 20:12:43 MANAGEMENT: CMD 'state on'
2015-03-23 20:12:44 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 20:12:45 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 20:12:45 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 20:12:45 MANAGEMENT: >STATE:1427159565,RECONNECTING,init_instance,,
2015-03-23 20:12:48 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:48 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
2015-03-23 20:12:48 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
2015-03-23 20:12:48 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-03-23 20:12:48 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-03-23 20:12:48 Local Options hash (VER=V4): 'db02a8f8'
2015-03-23 20:12:48 Expected Remote Options hash (VER=V4): '7e068940'
2015-03-23 20:12:48 TCP/UDP: Preserving recently used remote address: [AF_INET]68.114.212.219:1194
2015-03-23 20:12:48 Socket Buffers: R=[1048576->131072] S=[524288->131072]
2015-03-23 20:12:48 Attempting to establish TCP connection with [AF_INET]68.114.212.219:1194 [nonblock]
2015-03-23 20:12:48 MANAGEMENT: >STATE:1427159568,TCP_CONNECT,,,
2015-03-23 20:12:48 Protecting socket fd 4
2015-03-23 20:12:48 MANAGEMENT: CMD 'bytecount 2'
2015-03-23 20:12:48 MANAGEMENT: CMD 'state on'
2015-03-23 20:12:48 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-03-23 20:12:49 TCP: connect to [AF_INET]68.114.212.219:1194 failed: Connection refused
2015-03-23 20:12:49 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2015-03-23 20:12:49 MANAGEMENT: >STATE:1427159569,RECONNECTING,init_instance,,
2015-03-23 20:12:52 MANAGEMENT: CMD 'hold release'
2015-03-23 20:12:52 MANAGEMENT: Client disconnected
2015-03-23 20:12:52 All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 20:12:52 MGMT: Got unrecognized command>FATAL:All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-03-23 20:12:52 Exiting due to fatal error
2015-03-23 20:12:52 Process exited with exit value 1



One thing I am concerned with is the allowance of all inbound, outbound, and forwarded traffic, as that defeats the purpose of a firewall by allowing all traffic through. From the tutorials I posted in the OP, everything is allowed through the VPN zone, with WAN and general left unchanged. You should have to have an allow all policy for any VPN to function, as adding accept rules allow only traffic you wish to pass through to actually pass through

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Tue Mar 24, 2015 1:03 pm
by maikcat
can you for testing try to remove local directive so openvpn can listen to all interfaces?

Michael.

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Tue Mar 24, 2015 1:07 pm
by JW0914
Does local directive mean the firewall on OpenWRT?

Re: Followed OpenWRT OpenVPN tutorials OpenWRT refuse connec

Posted: Tue Mar 24, 2015 1:10 pm
by maikcat
local directive inside server config,

also your win 8 run symantec endpoint protection?

Michael.
All times are UTC
Page 1 of 4
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/