Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
Very frustrated. The past 4-5 hours I've been trying to get OpenVPN to work for the second time. First time was many months ago and had also spent around 4-5 hours.
I used http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24+ to try do this (which by the way can be overwhelming, confusing, and difficult to understand/read at times).
Company internal IP network: 10.0.255.0/23
Desired VPN IP network: 192.168.1.0/24
client1 = My personal workstation at home (Windows 7 Professional)
client2 = My personal laptop at home (Windows 7 Professional)
OpenVPN Server
Start OpenVPN Server: Enabled
Start Type: WAN Up
Config via: Config File
CA Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of ca.crt
Public Server Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of server.crt
Private Server Key: pasted "BEGIN/END CERTIFICATE" (included) contents of server.key
DH PEM: pasted "BEGIN/END CERTIFICATE" (included) contents of dh2048.pem
Additional Config:
Certificate Revoke List: (blank)
Administration->Commands->Firewall:
Have tried adding a Port Forward with Protocol(Both), Source Net(), Port from(1194), IP Address(0.0.0.0), and Port to(1194).
I generated certificates for client1 and client2 using the same value and challenge password for everything except for the Common Name which is client1, client2, and company (saved as server.* in files). I copied ca.crt and client#.crt/csr/key to both my personal machines to "C:\Program Files (x86)\OpenVPN\config". I have OpenVPN Client and OpenVPN Desktop Client installed.
I kept getting "Connection reset by peer (WSAECONNRESET) (code=10054)" errors, and I had checked http://www.dd-wrt.com/wiki/index.ph...y_peer_.28WSAECONNRESET.29_.28code.3D10054.29 for solutions. When I did an NMap on the Company's external IP address on port 1194 TCP, it showed up as red identified as 'filtered' 'openvpn', even when I Port Forwarded 1194 from anything to anything on Both (TCP/UDP).
After I did Port Forward on 1194 from anything to anything on Both (TCP/UDP), I instead received "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" after a long minute or two.
For both client1 and client2 I am using the following client#.ovpn configuration file:
I used http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24+ to try do this (which by the way can be overwhelming, confusing, and difficult to understand/read at times).
Company internal IP network: 10.0.255.0/23
Desired VPN IP network: 192.168.1.0/24
client1 = My personal workstation at home (Windows 7 Professional)
client2 = My personal laptop at home (Windows 7 Professional)
OpenVPN Server
Start OpenVPN Server: Enabled
Start Type: WAN Up
Config via: Config File
CA Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of ca.crt
Public Server Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of server.crt
Private Server Key: pasted "BEGIN/END CERTIFICATE" (included) contents of server.key
DH PEM: pasted "BEGIN/END CERTIFICATE" (included) contents of dh2048.pem
Additional Config:
TLS Auth Key: (blank)push "route 10.0.255.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
server 192.168.1.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001
Certificate Revoke List: (blank)
Administration->Commands->Firewall:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
Have tried adding a Port Forward with Protocol(Both), Source Net(), Port from(1194), IP Address(0.0.0.0), and Port to(1194).
I generated certificates for client1 and client2 using the same value and challenge password for everything except for the Common Name which is client1, client2, and company (saved as server.* in files). I copied ca.crt and client#.crt/csr/key to both my personal machines to "C:\Program Files (x86)\OpenVPN\config". I have OpenVPN Client and OpenVPN Desktop Client installed.
countryName RINTABLE:'US'
stateOrProvinceName RINTABLE:'MO'
localityName RINTABLE:'Springfield'
organizationName RINTABLE:'company'
organizationalUnitNameRINTABLE:'company'
commonName RINTABLE:'company/client1/client2'
name RINTABLE:'company'
emailAddress :IA5STRING:'[email protected]'
I kept getting "Connection reset by peer (WSAECONNRESET) (code=10054)" errors, and I had checked http://www.dd-wrt.com/wiki/index.ph...y_peer_.28WSAECONNRESET.29_.28code.3D10054.29 for solutions. When I did an NMap on the Company's external IP address on port 1194 TCP, it showed up as red identified as 'filtered' 'openvpn', even when I Port Forwarded 1194 from anything to anything on Both (TCP/UDP).
After I did Port Forward on 1194 from anything to anything on Both (TCP/UDP), I instead received "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" after a long minute or two.
For both client1 and client2 I am using the following client#.ovpn configuration file:
remote CompanyExternalIP 1194
client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float
#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 30
ca ca.crt
cert client#.crt
key client#.key
Last edited: