yes i am trying from my local LAN since I have no other connection to test it with, I am using the build that is in your current build no changes as for the DDNS you could pull it from
/etc/config and in the ddns file is this line
option domain 'www.domainname.org'

I have the Build from the 16th also
Is there another VPN option that works native with Windows built in VPN Client? I would like to be able to use a system without having to install openvpn on each system.

as far as open vpn here is the file I am trying to set this up so I can connect to home while I am away.

remote domain
dev tun
persist-key
persist-tun
port 1143
ifconfig-nowarn
ifconfig 192.168.2.51 192.168.2.50
comp-lzo
dhcp-option DNS 192.168.2.1
dhcp-option DOMAIN lan
redirect-gateway
<secret>

I think Windows supports PPTP and IPSec natively, but you'll quickly find that almost no hotspots have passthrough support. What's the use of a native VPN client when you can't use it on public wifi? What I like about OpenVPN is that it's compatible and runs well on every platform.

I like openvpn also but so far there is no windows phone client for openvpn, I used the PPTP just fine everywhere I have gone in the US so far and now that the windows phone has built in VPN options that is a plus, IKEV2 would be another option but not sure how that works around other areas

I will try and test this outside my house to see if it works,

One issue I see is when I try and connect at home I am getting an error saying
ifconfig endpoints [local=192.168.2.51, remote=192.168.2.50]. The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet.This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.

This seems to be a subnet issue since it seems to be limited to 255.255.255.252

if I change the file to show local at 50 and remote at 49 then it says it fails to connect which could be since this does not work from the house so I can test tomorrow

(Last edited by wesleyhey on 18 Jun 2014, 02:23)

Hm post your /etc/config/openvpn and .ovpn please.

ok here is what I get away from home
Wed Jun 18 15:17:26 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
Wed Jun 18 15:17:26 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Wed Jun 18 15:17:30 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jun 18 15:17:30 2014 open_tun, tt->ipv6=0
Wed Jun 18 15:17:30 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{0782EF41-9CD3-4054-B796-C37569C06D4F}.tap
Wed Jun 18 15:17:30 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.50/255.255.255.252 on interface {0782EF41-9CD3-4054-B796-C37569C06D4F} [DHCP-serv: 192.168.2.49, lease-time: 31536000]
Wed Jun 18 15:17:30 2014 Successful ARP Flush on interface [21] {0782EF41-9CD3-4054-B796-C37569C06D4F}
Wed Jun 18 15:17:30 2014 UDPv4 link local (bound): [undef]
Wed Jun 18 15:17:30 2014 UDPv4 link remote: [AF_INET]IP

the problem now is that I cannot see anything on my home network 192.168.2.1 network, I am missing something
here is the openvpn client

This could be a default gateway issue and DNS since the home network is on 192.168.2.1 and subnet of 255.255.255.0

one thing is that the /etc/config/openvpn file seems blank there is nothing in that file there is an openvpn-opkg file.  not sure why it is blank do you have an example of what the file should look like?

Here is what is in the config except the remote name changed and secret key removed
remote homeip
dev tun
persist-key
persist-tun
port 1194
ifconfig-nowarn
ifconfig 192.168.2.50 192.168.2.49 comp-lzo
dhcp-option DNS 192.168.2.1
dhcp-option DOMAIN lan
redirect-gateway
<secret>
</secret>

Is there a way to use the IP's from my current DHCP server so it looks like I am home when using the VPN software.

(Last edited by wesleyhey on 19 Jun 2014, 04:25)

If your config file is blank then that is the problem... openvpn-opkg means you tried installing openvpn and it left that file there because you had a config file already. Look at /rom/etc/config/openvpn that is the build default.

Again, I can't do OpenVPN support for every possible config. This build should work with the defaults, if you make changes you are on your own.

ok I replaced that file, it allowed me to connect but when connecting it still does not allow me to route all my traffic through the VPN,

I cannot see any of my home systems and it routes my internet traffic through the network I am attached to.
I must be missing something simple.

I Notice you have a new build that I will test tonight that says it has a 192.168.2.X address range.

I cannot tell since there is TUN and TAP which is the best to use? for a laptop that I take with me on travel I want everything to go through the VPN. there is no real good info on why I would choose one over the other for this type of setup.
Thank you arokh for your help and the builds you do.

There's lots of info on that, google is your friend Difference is tap lets you do bridging, but that adds overhead and isn't supported on every platform. Most people won't need that, you can do everything you need with a layer 3 tunnel which has better performance. Anyways, my build is set up using TUN and you should use the .ovpn that is generated for you. Should be plug n play, let me know if it's not.

ok one question with the new build I see that you have the IP as 192.169.2.1 and .2 I have my main router as 192.168.2.1 and my wireless bridge as .2 this will cause a conflict, what do you recommend I set it to?

Just change it to what you like. On second thought maybe 192.168.2.x is quite a commonly used network range, I'll change the OpenVPN addresses to 192.168.10.x or something in the next build.

(Last edited by arokh on 19 Jun 2014, 19:12)

I did this and still having issues I copied the file changed the IP's and when I connect the Windows Client using the openvpn file like posted before it connects and pings the router IP but it still will not route, is there an IPTABLE rule missing allowing the TUN adapter to Bridge or talk to the 192.168.2.1 ip range?

Yes there is a "vpn" zone that has forward rules to and from the lan/wan.
Does the output of

uci show firewall.@zone[1]

equal

firewall.cfg06dc81=zone
firewall.cfg06dc81.name=vpn
firewall.cfg06dc81.device=tun+
firewall.cfg06dc81.input=ACCEPT
firewall.cfg06dc81.output=ACCEPT
firewall.cfg06dc81.forward=ACCEPT

?

Even using the default VPN configuration, I still can't connect (via LAN, at least...). "uci show firewall.@zone[1]" does show the same results as you quoted.

yep it looks just like that still no routing from the VPN to the home systems and does not redirect my internet traffic.

I'll do a clean install tomorrow and check.

Hi arokh
i have downloaded what i think is the correct img file for my 3700v2,
http://enduser.subsignal.org/~trondah/r … pgrade.bin

i have had problems flashing the firmware before the loader says the file is not valid.
what is the best way to load it up.
i am currently running v1.1.0.15 i think in the device from the factory.

are you able to assist please

That's the file for upgrading, not for doing clean installs. Whenever you flash for the first time, remember to use the '...factory.img' files, not the '...sysupgrade.bin' files. Those are only used if you already have this build installed and want to update without losing your settings.

Anyway, here's an image that should work .

(Last edited by bmccoy11 on 20 Jun 2014, 06:24)

thanks i will give it a try tonight.
will this upgrade form the GUI or do I need to do it via TFTP

I'd say that you should install it via TFTP, just to be sure that it's completely installed from scratch.

r41226 had a nasty boot loop if you flashed the factory, sorry if anybody got that.  I flashed r41181 factory image, loaded up the generated .ovpn in "OpenVPN for Android" and connected without problems. Redirected traffic and forwarding works fine. So I don't know what kind of problems you guys are having, it works out of the box. Tested from internet.

Do not flash factory r41226 if you already downloaded it! New build coming soon.

I want to change the default 192.168.1.1, any good suggestions? Thinking maybe 10.1.1.1 or can anyone come up with an even simpler address to punch in?

How about 172.20.1.1? That's a very uncommon local address, however it isn't as easy to remember... Although I do have great memory when it comes to IP addresses, some others don't...

Or, how about 10.10.10.10?

(Last edited by bmccoy11 on 20 Jun 2014, 07:56)

Sounds good but 10.10.10.10 is more difficult to punch in than 10.1.1.1. Didn't like the 172 address

10.1.1.1 should work good anyway (as it's still a very uncommon local address).
Anyway, I'll be back in a few days to start working on a new download website! Peace!

do you have a Windows box to test with? I do not have android devices and maybe it is the way routing works with Windows and openvpn, I did a flash from an old netgear version to yours and cannot get it working with a windows box. does this client.ovpn file work correctly on a Windows box, Windows 7 and Windows 8 X64 bit.

one interesting bit.

if I tracert my home IP it is going out over the local connection not going trough the VPN connection, there is no routing, this could be something with Windows 7 and Windows 8.1 that the client.ovpn does not work correctly.

(Last edited by wesleyhey on 20 Jun 2014, 15:26)

Sorry I do not use Windows. Same .ovpn works with Tunnelblick for OSX as well, don't see why Windows should not work it's a very simple TUN setup with static key.

Execute this command after trying to connect:

sed -n '1,/secret/p' /etc/openvpn/OpenWRT.ovpn && uci export openvpn && uci export firewall && logread | grep openvpn 

Then put it on pastebin and give me the link.

(Last edited by arokh on 20 Jun 2014, 17:18)