Skip to content
I plan on setting up a DD-WRT box when I get the chance to take a look, however I'm afraid it has been flat out around here so far!
Regards,
James
server 192.168.90.0 is the lan network that is created by openvpn on the tun interface... no need set that the same as your 'real' local network
At my work the where i use viscosity to connect to my router they have a 192.168.80.1 network.
I think openvpn doesn't work if both the lan at place x and then lan at home are the same range.
I had the tls error too i think something wrong with your keys
follow the steps from this thread http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=openvpn
starting from
Try to use http and not https to enter all the stuff into you router theres a bug in dd-wrt that cuts of a portion of pasted text when saving and as a result you get a partially stored key
Sorry for all the cut and pasting cause it was alot of trying and rebooting of the router before everything was ok.
Sending all traffic through the VPN?
Got a problem with Viscosity or need help? Ask here!
hmmm seems that enabling send all trafic over vpn connection doesn't workIf using a TUN interface DD-WRT needs to be configured to perform NAT on the interface (and firewall rules adjusted to allow the VPN traffic out and in). If using a TAP based interface, it would need to be bridged with the main LAN interface, and the firewall rules also adjusted.
I plan on setting up a DD-WRT box when I get the chance to take a look, however I'm afraid it has been flat out around here so far!
Regards,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
thanks for the reply
here are my settings
Firmware: DD-WRT v24-sp2 (01/29/09) vpn
All my machines have static IP's
DD-WRT server settings
If you want i can give you access to my router or i can try to use new configurations...
cheers
Lieven
If you want i can give you the output of the dd-wrt console when connecting.
here are my settings
Firmware: DD-WRT v24-sp2 (01/29/09) vpn
All my machines have static IP's
DD-WRT server settings
Code: Select all
dd-wrt firewall settings
push "route 192.168.80.0 255.255.255.0"
server 192.168.90.0 255.255.255.0
verb 5
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
comp-lzo
Code: Select all
viscosity settings
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.90.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
Code: Select all
output when viscosity is connecting
#-- Config Auto Generated By Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name VPN
persist-key
tls-client
remote ****redacted**** 1194
proto udp
ca ca.crt
dev tun
persist-tun
cert cert.crt
comp-lzo
nobind
key key.key
pull
ns-cert-type server
Code: Select all
Always get the "Options error: Unrecognized option or missing... "Fri Mar 6 10:37:51 2009: IMPORTANT: OpenVPN's default port number is now 1194
Fri Mar 6 10:37:51 2009: LZO compression initialized
Fri Mar 6 10:37:52 2009: UDPv4 link local: [undef]
Fri Mar 6 10:37:52 2009: UDPv4 link remote: ***redacted***:1194
Fri Mar 6 10:37:53 2009: [server] Peer Connection Initiated with ***redacted***:1194
Fri Mar 6 10:37:54 2009: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: topology (2.0.9)
Fri Mar 6 10:37:54 2009: gw 192.168.1.100
Fri Mar 6 10:37:54 2009: TUN/TAP device /dev/tun0 opened
Fri Mar 6 10:37:54 2009: /sbin/ifconfig tun0 delete
Fri Mar 6 10:37:54 2009: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Fri Mar 6 10:37:54 2009: /sbin/ifconfig tun0 192.168.90.10 192.168.90.9 mtu 1500 netmask 255.255.255.255 up
Fri Mar 6 10:37:54 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tun0 1500 1542 192.168.90.10 192.168.90.9 init
Fri Mar 6 10:37:54 2009: Initialization Sequence Completed
If you want i can give you access to my router or i can try to use new configurations...
cheers
Lieven
If you want i can give you the output of the dd-wrt console when connecting.
Update!!!
Finally got it working
my new viscosity settings
didn't try dhcp yet i'm always using static ips's... but so far so good
http://www.opendns.com/
Finally got it working
my new viscosity settings
Code: Select all
The problem seemed to be a DNS server problem at my work we used isp (adsl) x dns-servers and at home i use opendns servers with Y isp (cable). You can't use the isp x dns-servers on isp y network. Switching to opendns did the trick#-- Config Auto Generated By Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name VPN_kerberos test ok
persist-key
tls-client
remote xxxredactedxxx 1194
proto udp
ca ca.crt
redirect-gateway def1
dev tun
persist-tun
cert cert.crt
comp-lzo
nobind
key key.key
pull
ns-cert-type server
didn't try dhcp yet i'm always using static ips's... but so far so good
http://www.opendns.com/
mutz,
Can you explain
Can you explain
Code: Select all
for me? I'm trying to connect to a router with a LAN of 192.168.1.1, handing out DHCP addresses starting at 192.168.1.100. I changed both the 80.0 & 90.0 to 1.1 (192.168.1.1), but I'm still getting: "TLS Error: TLS key negotiation failed to occur within 60 seconds... SIGUSR1[soft", etc. So that means I either have bad certificates (just generated them this morning using OpenVPN's easy-rsa tools) or I'm missing something in the config. I've copied your config and I'm using a slightly newer VPN build (3/19/09) but it should work....push "route 192.168.80.0 255.255.255.0"
server 192.168.90.0 255.255.255.0
Code: Select all
the push is my 192.168.80.0 is my lan network at homepush "route 192.168.80.0 255.255.255.0"
server 192.168.90.0 255.255.255.0
server 192.168.90.0 is the lan network that is created by openvpn on the tun interface... no need set that the same as your 'real' local network
At my work the where i use viscosity to connect to my router they have a 192.168.80.1 network.
I think openvpn doesn't work if both the lan at place x and then lan at home are the same range.
I had the tls error too i think something wrong with your keys
follow the steps from this thread http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=openvpn
starting from
Paste in the Certificatesto create your keys correctly look at http://openmaniak.com/openvpn_pki.php
The certs (and keys) generated above, on your regular workstation computer, will located be in the new directory "keys". Paste those files into the DD-WRT web interface as follows:
For a DD-WRT OpenVPN Server:
Code:
Public Server Cert > ca.crt
Certificate Revoke List (CRL) > (blank)
Public Client Cert > server.crt
Private Client Key > server.key
DH PEM > dh1024.pem
OpenVPN Config > (see below)
OpenVPN TLS Auth > (blank)
NOTE: Only paste in the sections that appear between
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
in the text files, including the two ---BEGIN/END CERTIFICATE--- lines above. Do not paste all the descriptive stuff above that section.
Also, set "Start OpenVPN: Enable" and "Start type: WAN Up". (Bug: 2008-07-31 setting "Start type: System" causes OpenVPN to die during the first connection attempt.)
Try to use http and not https to enter all the stuff into you router theres a bug in dd-wrt that cuts of a portion of pasted text when saving and as a result you get a partially stored key
TroubleshootingWas helpful for me to get everything running
Prerequisite: Running commands and watching logs.
Use telnet, SSH, or Administration > Commands to run commands.
The default username/password are user: "root", password: "admin".
To troubleshoot, you should turn on logging, and then watch the log file using this command:
Code:
tail -f /var/log/messages
Sorry for all the cut and pasting cause it was alot of trying and rebooting of the router before everything was ok.
This is my log... it looks like I have an invalid certificate, but it doesn't make sense, as I've generated all new keys/certs/etc. on a Windows machine twice (using OpenVPN's easy-rsa) and then on OS X 10.5 twice (using built-in OpenSSL & OpenVPN config files). Rebooted router, reset configs, etc.
Code: Select all
Mar 24 22:03:33 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 Re-using SSL/TLS context
Mar 24 22:03:33 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 LZO compression initialized
Mar 24 22:03:33 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 22:03:33 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 22:03:33 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 TLS: Initial packet from xx.xxx.xxx.xxx:60432, sid=xxxxxxxxx xxxxxxxxx
Mar 24 22:03:39 DD-WRT daemon.err openvpn[15502]: xx.xxx.xxx.xxx:60432 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=XX/L=TEST/O=TEST/CN=master-TEST/[email protected]
Mar 24 22:03:39 DD-WRT daemon.err openvpn[15502]: xx.xxx.xxx.xxx:60432 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
Mar 24 22:03:39 DD-WRT daemon.err openvpn[15502]: xx.xxx.xxx.xxx:60432 TLS Error: TLS object -> incoming plaintext read error
Mar 24 22:03:39 DD-WRT daemon.err openvpn[15502]: xx.xxx.xxx.xxx:60432 TLS Error: TLS handshake failed
Mar 24 22:03:39 DD-WRT daemon.notice openvpn[15502]: xx.xxx.xxx.xxx:60432 SIGUSR1[soft,tls-error] received, client-instance restarting
Hi kev.
Not sure that's the problem but my experience with kerberos and open directory says your date/time have to be OK for all the certificate magic to work
another good info page
http://openvpn.net/index.php/documentation/howto.html
Code: Select all
First of all, is your system date/time of dd-wrt running okay? i would suggest you setup NTP on dd-wrt somewhere so you have a correct date/time do the same on your mac...60432 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=US/ST=XX/L=TEST/O=TEST/CN=master-TEST/[email protected]
Not sure that's the problem but my experience with kerberos and open directory says your date/time have to be OK for all the certificate magic to work
another good info page
http://openvpn.net/index.php/documentation/howto.html
check out http://forum.openwrt.org/viewtopic.php?id=4925
remove the tls option and try again
Oh one more thing
DD-wrt uses openvpn 2.0.x i think i tried viscosity on 2.1 and it doesn't work (preferences -> advanced)
remove the tls option and try again
Oh one more thing
DD-wrt uses openvpn 2.0.x i think i tried viscosity on 2.1 and it doesn't work (preferences -> advanced)