OpenWrt Forum Archive

Hello All,

Following on my experiments to setup an openVPN Server and client on 2 OpenWrt routers.
Using Whiterussian 0.9 on WRT54GS and WRTSL54GS ...

The client now seems to connect to the Server but i am just unsure if it works properly ...
... using iptraf on the server side (WRTSL54GS) i see that no data seems to transit on the tap0 interface ...
but strangely the data transitioning on eth2 (wlan on WRTSL54GS) seem to go trough tap0 (the packet counts match in iptraf)
.. and there is no tun0 interface displayed on the client although the log and Status / OpenVPN webif page show it's there)

Also the log on the server show that the openVPN seems to restart (inactivity timer) every 2 minutes and then the server side seems to
disconnect (?):

+----------------------------------------------------------------+

Server traces:

Jul 17 13:43:19 (none) kern.notice openvpn[2140]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Feb 13 2007
Jul 17 13:43:19 (none) kern.warn openvpn[2140]: WARNING: file '/etc/openvpn/shared.key' is group or others accessible
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: TUN/TAP device tap0 opened
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Local Options hash (VER=V4): '8b888ddc'
Jul 17 13:43:19 (none) kern.notice openvpn[2140]: Expected Remote Options hash (VER=V4): '8b888ddc'
Jul 17 13:43:19 (none) kern.notice openvpn[2148]: UDPv4 link local (bound): [undef]:1194
Jul 17 13:43:19 (none) kern.notice openvpn[2148]: UDPv4 link remote: [undef]
Jul 17 13:43:53 (none) kern.notice openvpn[2148]: Peer Connection Initiated with 66.36.152.25:1031
Jul 17 13:43:53 (none) kern.notice openvpn[2148]: Initialization Sequence Completed
... 2 minutes after (

Jul 17 13:45:55 (none) kern.notice openvpn[2148]: Inactivity timeout (--ping-restart), restarting
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: TCP/UDP: Closing socket
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: Closing TUN/TAP interface
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: SIGUSR1[soft,ping-restart] received, process restarting
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: Restart pause, 2 second(s)
...
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: UDPv4 link local (bound): [undef]:1194
Jul 17 13:45:55 (none) kern.notice openvpn[2148]: UDPv4 link remote: [undef]

Also the tap0 interface show (almost) no packets received ...
tap0 Link encap:Ethernet HWaddr 00:FF:56:FA:12:85
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:929 errors:0 dropped:15 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:198 (198.0 B) TX bytes:262697 (256.5 KiB)

Client:

Jul 17 13:34:44 (none) kern.notice openvpn[2122]: OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Feb 13 2007
Jul 17 13:34:44 (none) kern.warn openvpn[2122]: WARNING: file '/etc/openvpn/shared.key' is group or others accessible
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: LZO compression initialized
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: TUN/TAP device tun0 opened
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Local Options hash (VER=V4): '62cf4b05'
Jul 17 13:34:44 (none) kern.notice openvpn[2122]: Expected Remote Options hash (VER=V4): '62cf4b05'
Jul 17 13:34:44 (none) kern.notice openvpn[2128]: UDPv4 link local: [undef]
Jul 17 13:34:44 (none) kern.notice openvpn[2128]: UDPv4 link remote: 216.239.76.188:1194

and the client tun0 interface (via webif Status / OpenVPN or or cat /proc/net/dev) shows all zeros ...

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

+------------------------------------------------------------------------------------+

relevant Configs:
Server:

/etc/openvpn/server.ovpn

keepalive 10 120
comp-lzo
persist-key
persist-tun
status /tmp/openvpn-status.log
verb 3
#Static Key
secret /etc/openvpn/shared.key

I have the openvpnbridge file in /etc/openvpn set as in the OpenVPN Server Howto ... http://wiki.openwrt.org/OpenVPNHowTo?hi … 28HowTo%29
I have added the entries to the firewall script for the tap / tun interface (as in howto).

Client:
root@OpenWrt:~$ nvram show | grep openvpn | sort
size: 8864 bytes (23904 left)
openvpn_cli=1
openvpn_cli_auth=psk
openvpn_cli_port=1194
openvpn_cli_proto=udp
openvpn_cli_server=<my-openvpn-server>.dyndns.org

+---------------------------------------------+

Questions ?

1 - I setup properly, all trafic in between client / server should got trough the tap0 / tun0 inteface. Right ???
... and be displayed by iptraf under the tap0 interface (right ?)

2- Why no tun0 interface displays on client with ifconfig ? (bug ?)

3- Anyone has succesfully setup an openVPN client server between 2 openWRT ystems ?

It would be nice if we could setup the openVPN as a server trough the Webif2 interface ... It currently only support
openVPN client config.

Any help would be appreciated ...

Noel

(Last edited by noelbou on 17 Jul 2007, 19:17)