OpenWrt Forum Archive

Hello,
I installed openvpn following this quide on my Asus 500gp
http://forum.openwrt.org/viewtopic.php?id=9689

I want my openwrt to act as a openvpn gateway so I can connect to my private network from the Internet.

When I start the server the interface tap0 is created.

root@ap:/# /etc/init.d/openvpn start
Mon Mar  3 15:46:45 2008 TUN/TAP device tap0 opened
Mon Mar  3 15:46:45 2008 Persist state set to: ON
Mon Mar  3 15:46:45 2008 us=192950 OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Sep 30 2007
Mon Mar  3 15:46:45 2008 us=195279 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Mar  3 15:46:45 2008 us=200882 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar  3 15:46:45 2008 us=202289 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  3 15:46:45 2008 us=204191 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar  3 15:46:45 2008 us=205207 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  3 15:46:45 2008 us=206287 LZO compression initialized
Mon Mar  3 15:46:45 2008 us=207844 TUN/TAP device tap0 opened
Mon Mar  3 15:46:45 2008 us=208786 TUN/TAP TX queue length set to 100
Mon Mar  3 15:46:45 2008 us=210757 Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Mar  3 15:46:45 2008 us=211986 Local Options String: 'V4,dev-type tap,link-mtu 1577,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Mar  3 15:46:45 2008 us=212931 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1577,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Mar  3 15:46:45 2008 us=214311 Local Options hash (VER=V4): '83c3b015'
Mon Mar  3 15:46:45 2008 us=215391 Expected Remote Options hash (VER=V4): '83c3b015'
Mon Mar  3 15:46:45 2008 us=217251 GID set to nogroup
Mon Mar  3 15:46:45 2008 us=218367 UID set to nobody
Mon Mar  3 15:46:45 2008 us=219375 Socket Buffers: R=[108544->131072] S=[108544->131072]
Mon Mar  3 15:46:45 2008 us=220723 UDPv4 link local (bound): [undef]:1194
Mon Mar  3 15:46:45 2008 us=221636 UDPv4 link remote: [undef]

When I try to connect the client, nothing happens:

#openvpn client.conf
Mon Mar  3 15:42:37 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Mon Mar  3 15:42:37 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Mar  3 15:42:37 2008 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar  3 15:42:37 2008 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  3 15:42:37 2008 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Mar  3 15:42:37 2008 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  3 15:42:37 2008 LZO compression initialized
Mon Mar  3 15:42:37 2008 TUN/TAP device tap0 opened
Mon Mar  3 15:42:37 2008 Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Mar  3 15:42:37 2008 Local Options hash (VER=V4): '83c3b015'
Mon Mar  3 15:42:37 2008 Expected Remote Options hash (VER=V4): '83c3b015'
Mon Mar  3 15:42:37 2008 UDPv4 link local: [undef]
Mon Mar  3 15:42:37 2008 UDPv4 link remote: 88.75.86.XX:1194

I added the following iptables

## VPN
iptables -t nat -A prerouting_wan -p udp --dport 1194 -j ACCEPT
iptables        -A input_wan      -p udp --dport 1194 -j ACCEPT
iptables -A INPUT   -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

What am I doing wrong ?

Thanks for your help,
Tex

(Last edited by Tex-Twil on 3 Mar 2008, 15:49)