Spent 8-12 hours trying to get OpenVPN to work on DD-WRT and *STILL* can't connect

[Cerulean]

Very frustrated. The past 4-5 hours I've been trying to get OpenVPN to work for the second time. First time was many months ago and had also spent around 4-5 hours.



I used http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24+ to try do this (which by the way can be overwhelming, confusing, and difficult to understand/read at times).

Company internal IP network: 10.0.255.0/23
Desired VPN IP network: 192.168.1.0/24

client1 = My personal workstation at home (Windows 7 Professional)
client2 = My personal laptop at home (Windows 7 Professional)

OpenVPN Server
Start OpenVPN Server: Enabled
Start Type: WAN Up
Config via: Config File
CA Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of ca.crt
Public Server Cert: pasted "BEGIN/END CERTIFICATE" (included) contents of server.crt
Private Server Key: pasted "BEGIN/END CERTIFICATE" (included) contents of server.key
DH PEM: pasted "BEGIN/END CERTIFICATE" (included) contents of dh2048.pem
Additional Config:

push "route 10.0.255.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
server 192.168.1.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl

# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001

TLS Auth Key: (blank)
Certificate Revoke List: (blank)

Administration->Commands->Firewall:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Have tried adding a Port Forward with Protocol(Both), Source Net(), Port from(1194), IP Address(0.0.0.0), and Port to(1194).

I generated certificates for client1 and client2 using the same value and challenge password for everything except for the Common Name which is client1, client2, and company (saved as server.* in files). I copied ca.crt and client#.crt/csr/key to both my personal machines to "C:\Program Files (x86)\OpenVPN\config". I have OpenVPN Client and OpenVPN Desktop Client installed.

countryName RINTABLE:'US'
stateOrProvinceName RINTABLE:'MO'
localityName RINTABLE:'Springfield'
organizationName RINTABLE:'company'
organizationalUnitNameRINTABLE:'company'
commonName RINTABLE:'company/client1/client2'
name RINTABLE:'company'
emailAddress :IA5STRING:'[email protected]'

I kept getting "Connection reset by peer (WSAECONNRESET) (code=10054)" errors, and I had checked http://www.dd-wrt.com/wiki/index.ph...y_peer_.28WSAECONNRESET.29_.28code.3D10054.29 for solutions. When I did an NMap on the Company's external IP address on port 1194 TCP, it showed up as red identified as 'filtered' 'openvpn', even when I Port Forwarded 1194 from anything to anything on Both (TCP/UDP).

After I did Port Forward on 1194 from anything to anything on Both (TCP/UDP), I instead received "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" after a long minute or two.

For both client1 and client2 I am using the following client#.ovpn configuration file:

remote CompanyExternalIP 1194

client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float

#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 30

ca ca.crt
cert client#.crt
key client#.key

 

[/usr/home]

OpenVPN is a pain in the ass...

 

[diizzy]

I honestly find OpenVPN a bit of a hassle too, vtund works great and performs well on consumer routers. If you're just looking for one connection I would probably have a look at quicktun instead.
No idea if these are available on DD-WRT since I use OpenWRT myself.
//Danne