OpenVPN help

B

briang

Weaksauce
Joined
Aug 5, 2004
Messages
122
I'm going on one week now trying to get this working right. I am trying to set up an OpenVPN server on my WRT54G running DD-WRT v23 SP2. Client is my XP laptop (can't connect from linux either). Been searching everywhere for a solution, and found nothing that helps.

Here is my startup script:
Code: 
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "
-----BEGIN OpenVPN Static key V1-----
KEY HERE
-----END OpenVPN Static key V1-----
" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 1194 --proto udp --verb 3 --daemon

firewall (just added the last two lines yesterday, didnt help):

Code: 
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT


here is one of my client config files from XP:
Code: 
# Use the following to have your client computer send all traffic through your router
# (remote gateway)
remote xxxx.dyndns.org
port 1194
dev tap
secret static.key
proto udp
comp-lzo
route-gateway 192.168.1.1
redirect-gateway
route-delay 2

The other one doesn't redirect, but neither work. Here is what happens when I try using the redirect config. I connect fine. I can't ping anything on the lan, I can't connect to my router via HTTP, and MOST of the time, websites don't load. Packets get sent, but I get nothing back (according to the connection status window).

Last night I hooked my laptop to the WAN port of my router and gave them both static addresses, I was able to connect and browse the LAN, everything worked. I've tried different ports, TCP instead of UDP, etc.

I have this question: my home IP scheme is 192.168.1.x, router/gateway is 192.168.1.1

What if the network on the clients end had the same scheme? and the router/gateway on that network was also 192.168.1.1? Would that cause an issue? If not, maybe my ISP is blocking my connection (have tried different ports).
 
briang said:
I have this question: my home IP scheme is 192.168.1.x, router/gateway is 192.168.1.1

What if the network on the clients end had the same scheme? and the router/gateway on that network was also 192.168.1.1? Would that cause an issue? If not, maybe my ISP is blocking my connection (have tried different ports).
Click to expand...
Your clients are going to have to be on the same subnet as your router if you want access to your home network and to the Internet (server 192.168.1.0 255.255.255.0).

What does your server.conf look like that?
 
briang said:
I have this question: my home IP scheme is 192.168.1.x, router/gateway is 192.168.1.1

What if the network on the clients end had the same scheme? and the router/gateway on that network was also 192.168.1.1? Would that cause an issue?
Click to expand...

With "most" VPN setups...yes it does cause an issue. I'm not positive about OpenVPN software client..but from day 1 when I learned about doing VPNs...different IP ranges were the desired setup for most packages.
 
I don't have a server.conf because my router doesnt have enough free space. I am starting and configuring openVPN via startup commands.

I am using this guide in the DD-WRT howto.
 
YeOldeStonecat said:
With "most" VPN setups...yes it does cause an issue. I'm not positive about OpenVPN software client..but from day 1 when I learned about doing VPNs...different IP ranges were the desired setup for most packages.
Click to expand...
well i just changed my home over to 10.10.10.x, so we will see how it goes trying to connect from the road.
 
YeOldeStonecat said:
With "most" VPN setups...yes it does cause an issue. I'm not positive about OpenVPN software client..but from day 1 when I learned about doing VPNs...different IP ranges were the desired setup for most packages.
Click to expand...
Yeah. I use 192.168.224.0 255.255.224.0 for my VPN addresses and 192.168.245.0 255.255.255.0 for my internal addresses.
 
briang said:
well i just changed my home over to 10.10.10.x, so we will see how it goes trying to connect from the road.
Click to expand...

Should be OK..assuming no "clients" will be 10.10.10.xxx.

When setting up an office that will be the center for VPNs..I'll select an IP range that's not a common one. Most home users will have home grade routers...which are commonly 192.168.0.xxx or 192.168.1.xxx. I'll have the office at something like 192.168.10.xxx. If satellite offices..192.168.9.xxx, 192.168.8.xxx, etc etc.
 
You must log in or register to reply here.
Back
Top