DD-WRT OpenVPN and iOS Client
Posted: Sun Jul 10, 2016 2:27 pm
Hi,
This is my first post on the forum and whilst I thought I had a tiny bit of knowledge of networking and VPN tunnels I find myself a bit lost with OpenVPN.
A bit of background to how I got to where I am now.
I am a home user in the UK, my internet provider is Virgin Media and I use their Superhub2 .. For explanation purposes I will say that my external WAN address is 78.102.6.128 (obviously not my real address). On the LAN side my gateway IP is address 192.168.7.1 with subnet 255.255.255.0
The subnet has lots of devices assigned mainly via DHCP beginning at 192.168.7.100 and above.
I have recently gone to my attic and found an old Linksys WRT54GS v4 router and installed DD-WRT firmware v24 with built in VPN.
I initially set this Linksys up on my home network a bit like a cabled client bridge in that the WAN side of the linksys was assigned a static IP address 192.168.7.7 and the LAN side was set to 192.168.7.11 ... However I have now changed the setup and removed the WAN cable and now use the wireless setup as a client-bridge.
So the Linksys router is accessible and simply located on my home network at IP address 192.168.7.11 and is effectively connected to my home LAN subnet via a wireless connection.
I initially setup a simple PPTP VPN server on the Linksys dd-wrt interface and had this working just fine and was able to remotely connect to my home network using my iPad and the iOS built in VPN client. So no problems with that.
Anyhow I decided to switch things over to OpenVPN and downloaded the necessary software to my PC and generated the 'usual' certificates and keys using the easy-rsa commands.
I generated the following:
ca certificate and key
Server certificate and key
dh1024 pem
And 3 client certificates and keys
Cutting a long story short, I pasted the necessary certificates in the DD-WRT server interface and a config file that says the following:
push "route 192.168.7.0 255.255.255.0"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
Obviously I forwarded UDP port 1194 on my Virgin Media Superhub2 to direct it to 192.168.7.11
I downloaded the OpenVPN client for iOS and installed that on my iPad and my final step was to create and import the .ovpn file... Here are the contents of that file but obviously with my client certificate and key details removed:
dev tun0
proto udp
remote 78.102.6.128 1194
cipher bf-cbc
auth md5
resolv-retry infinite
nobind
persist-key
persist-tun
client
comp-lzo
remote-cert-tls server
verb 3
float
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
Obviously (once again) I have changed my external WAN IP address in the .ovpn above to protect things.
Anyhow at the moment using my iPad App (VPN client) and this imported .ovpn file the iPad does connect to the DD-WRT VPN server from a remote location... Yippe! .. But obviously the iPad client is being assigned an IPv4 IP address in the 192.168.66.0 subnet ... In fact it is usually 192.168.66.6 for some reason?
The problem...
Clearly the configuration above is absolutely of no use to me, as I need an IP address in the 192.168.7.0 home subnet ... In fact I would like it to assign my iPad client an IP address between 192.168.7.15 and 192.168.7.20
Despite all my efforts so far, I cannot make this work for me ... I tried changing the following line in the server config file:
server 192.168.66.0 255.255.255.0
To read as follows;
server 192.168.7.0 255.255.255.0
But this then stops the client connecting and appears to occasionally lock up the Linksys server... Change it back and it all works again.
One more thing I forgot to say is the firewall on the Linksys DD-WRT interface has been completely disabled as I don't need that.
I think that either my server config file is incorrect or something is wrong in my .ovpn file or possibly I need to somehow bridge the subnet 192.168.66 0 with the 192.168.7.0 subnet.
I am quite a new user of the DD-WRT software too... I have now spent a week or so learning and configuring the above to get it connected and have started to lose the will to live ... I'm sure the answer must be simple and others here have hopefully encountered and overcome this issue.
I apologise if I have missed something obvious .. I will mention that I did have a tap adapter setup with a Windows PC client initially and had that working, but when I switched to my iPad I then discovered that iOS does not support tap and I therefore had to switch to dev tun and play around with the config file etc.
So clearly all my certificates and keys are okay ... It's just the config files and the IP subnet issue that I need to resolve
Anyhow .. Any help or advice is appreciated ... I have pulled all my hair out and I am nearly bald anyway.
Sorry for quite a lengthy first post ... and hello to everyone here.
Kind regards...
Ken Griffiths
This is my first post on the forum and whilst I thought I had a tiny bit of knowledge of networking and VPN tunnels I find myself a bit lost with OpenVPN.
A bit of background to how I got to where I am now.
I am a home user in the UK, my internet provider is Virgin Media and I use their Superhub2 .. For explanation purposes I will say that my external WAN address is 78.102.6.128 (obviously not my real address). On the LAN side my gateway IP is address 192.168.7.1 with subnet 255.255.255.0
The subnet has lots of devices assigned mainly via DHCP beginning at 192.168.7.100 and above.
I have recently gone to my attic and found an old Linksys WRT54GS v4 router and installed DD-WRT firmware v24 with built in VPN.
I initially set this Linksys up on my home network a bit like a cabled client bridge in that the WAN side of the linksys was assigned a static IP address 192.168.7.7 and the LAN side was set to 192.168.7.11 ... However I have now changed the setup and removed the WAN cable and now use the wireless setup as a client-bridge.
So the Linksys router is accessible and simply located on my home network at IP address 192.168.7.11 and is effectively connected to my home LAN subnet via a wireless connection.
I initially setup a simple PPTP VPN server on the Linksys dd-wrt interface and had this working just fine and was able to remotely connect to my home network using my iPad and the iOS built in VPN client. So no problems with that.
Anyhow I decided to switch things over to OpenVPN and downloaded the necessary software to my PC and generated the 'usual' certificates and keys using the easy-rsa commands.
I generated the following:
ca certificate and key
Server certificate and key
dh1024 pem
And 3 client certificates and keys
Cutting a long story short, I pasted the necessary certificates in the DD-WRT server interface and a config file that says the following:
push "route 192.168.7.0 255.255.255.0"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
Obviously I forwarded UDP port 1194 on my Virgin Media Superhub2 to direct it to 192.168.7.11
I downloaded the OpenVPN client for iOS and installed that on my iPad and my final step was to create and import the .ovpn file... Here are the contents of that file but obviously with my client certificate and key details removed:
dev tun0
proto udp
remote 78.102.6.128 1194
cipher bf-cbc
auth md5
resolv-retry infinite
nobind
persist-key
persist-tun
client
comp-lzo
remote-cert-tls server
verb 3
float
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
Obviously (once again) I have changed my external WAN IP address in the .ovpn above to protect things.
Anyhow at the moment using my iPad App (VPN client) and this imported .ovpn file the iPad does connect to the DD-WRT VPN server from a remote location... Yippe! .. But obviously the iPad client is being assigned an IPv4 IP address in the 192.168.66.0 subnet ... In fact it is usually 192.168.66.6 for some reason?
The problem...
Clearly the configuration above is absolutely of no use to me, as I need an IP address in the 192.168.7.0 home subnet ... In fact I would like it to assign my iPad client an IP address between 192.168.7.15 and 192.168.7.20
Despite all my efforts so far, I cannot make this work for me ... I tried changing the following line in the server config file:
server 192.168.66.0 255.255.255.0
To read as follows;
server 192.168.7.0 255.255.255.0
But this then stops the client connecting and appears to occasionally lock up the Linksys server... Change it back and it all works again.
One more thing I forgot to say is the firewall on the Linksys DD-WRT interface has been completely disabled as I don't need that.
I think that either my server config file is incorrect or something is wrong in my .ovpn file or possibly I need to somehow bridge the subnet 192.168.66 0 with the 192.168.7.0 subnet.
I am quite a new user of the DD-WRT software too... I have now spent a week or so learning and configuring the above to get it connected and have started to lose the will to live ... I'm sure the answer must be simple and others here have hopefully encountered and overcome this issue.
I apologise if I have missed something obvious .. I will mention that I did have a tap adapter setup with a Windows PC client initially and had that working, but when I switched to my iPad I then discovered that iOS does not support tap and I therefore had to switch to dev tun and play around with the config file etc.
So clearly all my certificates and keys are okay ... It's just the config files and the IP subnet issue that I need to resolve
Anyhow .. Any help or advice is appreciated ... I have pulled all my hair out and I am nearly bald anyway.
Sorry for quite a lengthy first post ... and hello to everyone here.
Kind regards...
Ken Griffiths
... It seems I have to start over again and setup the Linksys router in some other way possibly on its own subnet and then route the two subnets so that they see each other. I'm not sure I know how to do that at the moment, so it looks like I have some more reading and 'hair pulling' to do.