OpenWrt Forum Archive

Topic: I need help

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
sangul
10 Nov 2009, 21:16

Hi,
i have a wrt54gs router and kamikaze 8.09 installed.
I have a problem with open vpn, if i want to connect to swissvpn it displays a error:

root@OpenWrt:~# openvpn --cd /etc/openvpn --config swissvpn.ovpn
Tue Nov 10 20:53:11 2009 OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] built on Feb  2 2009
Enter Auth Username:swissvpntest
Enter Auth Password:
Tue Nov 10 20:53:18 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Nov 10 20:53:18 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 10 20:53:18 2009 Attempting to establish TCP connection with 80.254.79.87:443
Tue Nov 10 20:53:18 2009 TCP connection established with 80.254.79.87:443
Tue Nov 10 20:53:18 2009 TCPv4_CLIENT link local: [undef]
Tue Nov 10 20:53:18 2009 TCPv4_CLIENT link remote: 80.254.79.87:443
Tue Nov 10 20:53:20 2009 [server] Peer Connection Initiated with 80.254.79.87:443
Tue Nov 10 20:53:21 2009 Options error: unknown --redirect-gateway flag: bypass-dhcp
Tue Nov 10 20:53:21 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: topology (2.0.9)
Tue Nov 10 20:53:21 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: socket-flags (2.0.9)
Tue Nov 10 20:53:21 2009 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.128) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Tue Nov 10 20:53:21 2009 TUN/TAP device tun0 opened
Tue Nov 10 20:53:21 2009 /sbin/ifconfig tun0 80.254.76.136 pointopoint 255.255.255.128 mtu 1500
ifconfig: SIOCSIFDSTADDR: Invalid argument
Tue Nov 10 20:53:22 2009 Linux ifconfig failed: shell command exited with error status: 1
Tue Nov 10 20:53:22 2009 Exiting
root@OpenWrt:~#

if i do -ifconfig there is no tun/tap adpater availiable:

root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:13:10:27:E7:00
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2256 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2375 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:310920 (303.6 KiB)  TX bytes:1662308 (1.5 MiB)

eth0      Link encap:Ethernet  HWaddr 00:13:10:27:E7:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5952 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2570959 (2.4 MiB)  TX bytes:856380 (836.3 KiB)
          Interrupt:5

eth0.0    Link encap:Ethernet  HWaddr 00:13:10:27:E7:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:559 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:184103 (179.7 KiB)

eth0.1    Link encap:Ethernet  HWaddr 00:13:10:27:E7:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5952 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5621 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2463823 (2.3 MiB)  TX bytes:576697 (563.1 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:49 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3580 (3.4 KiB)  TX bytes:3580 (3.4 KiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:217.233.175.24  P-t-P:217.0.116.218  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:2349 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1628601 (1.5 MiB)  TX bytes:295572 (288.6 KiB)

wl0       Link encap:Ethernet  HWaddr 00:13:10:27:E7:02
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4534 errors:0 dropped:0 overruns:0 frame:9479
          TX packets:5097 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:672602 (656.8 KiB)  TX bytes:2625965 (2.5 MiB)
          Interrupt:4 Base address:0x1000


What can i do to fix the problem?

(Last edited by sangul on 10 Nov 2009, 21:18)

Post #2
jow
11 Nov 2009, 00:30

I don't know what options are required for swissvpn but the error you see is caused by a faulty ifconfig setting. The reason is that you use a tun, not a tap interface but OpenVPN tries to configure a netmask on it. With tun interfaces you need to use ifconfig in the form "local-address peer-address" while "local-address netmask" is needed for tap interfaces.

Your client uses the netmask variant on the tun interface which is obviously wrong. I assume swissvpn pushes the ip settings to you so most likely the "dev" parameter in your local config is tun instead of tap.

~ JoW

Post #3
sangul
11 Nov 2009, 14:13

Hi, i have edited the following file: swissvpn.ovpn from dev tun to dev tap

dev tap
client
proto tcp-client
remote connect-openvpn.swissvpn.net 443
ca ca.crt
auth-user-pass
reneg-sec 86400
ns-cert-type server

now i get the following message:

root@OpenWrt:~# openvpn --cd /etc/openvpn --config swissvpn.ovpn
Wed Nov 11 20:37:20 2009 OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] built on Sep  7 2009
Enter Auth Username:swissvpntest
Enter Auth Password:
Wed Nov 11 20:37:25 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Nov 11 20:37:25 2009 Attempting to establish TCP connection with 80.254.79.87:443
Wed Nov 11 20:37:25 2009 TCP connection established with 80.254.79.87:443
Wed Nov 11 20:37:25 2009 TCPv4_CLIENT link local: [undef]
Wed Nov 11 20:37:25 2009 TCPv4_CLIENT link remote: 80.254.79.87:443
Wed Nov 11 20:37:27 2009 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Wed Nov 11 20:37:27 2009 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1575', remote='link-mtu 1543'
Wed Nov 11 20:37:27 2009 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Nov 11 20:37:27 2009 [server] Peer Connection Initiated with 80.254.79.87:443
Wed Nov 11 20:37:28 2009 Options error: unknown --redirect-gateway flag: bypass-dhcp
Wed Nov 11 20:37:28 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: topology (2.0.9)
Wed Nov 11 20:37:28 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: socket-flags (2.0.9)
Wed Nov 11 20:37:28 2009 TUN/TAP device tap0 opened
Wed Nov 11 20:37:28 2009 /sbin/ifconfig tap0 80.254.76.249 netmask 255.255.255.128 mtu 1500 broadcast 80.254.76.255
Wed Nov 11 20:37:28 2009 Initialization Sequence Completed

After a few minutes i abroad it with strg+c then this message comes:

Wed Nov 11 21:03:32 2009 event_wait : Interrupted system call (code=4)
Wed Nov 11 21:03:32 2009 SIGINT[hard,] received, process exiting


At   "Wed Nov 11 20:37:28 2009 Initialization Sequence Completed" it doesen't continue and i have to abroad it with strg+c.

ifconfig:

tap0    Link encap:Ethernet  HWaddr 00:FF:88:F4:F4:7C
          inet addr:80.254.76.203  Bcast:80.254.76.255  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)



What should i do next?

to the file /etc/config/firewall i have add, like described here https://forum.perfect-privacy.com/showthread.php?t=1013:

###
# OpenVPN rule - accepts incoming udp connections on wan interface at port 1194
###
# cisco acl equiv
# permit udp any any eq 1194
# ip access-group aclname in
###
config 'rule'
option 'src' 'wan'
option 'target' 'ACCEPT'
option 'proto' 'udp'
option 'dest_port' '1194'


to the file /etc/firewall.user i have add:

iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE



here you can read a few infos about the swissvpn settings:  http://www.swissvpn.net/index.php?cot=faq&lang=en

please help me..

(Last edited by sangul on 11 Nov 2009, 22:27)

The discussion might have continued from here.