OpenWrt Forum Archive

Topic: Open Vpn Problem

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
sangul
12 Nov 2009, 17:16

Hello, i try to connect to swiss vpn but there comes the following message:

root@OpenWrt:~# openvpn --cd /etc/openvpn --config swissvpn.ovpn
Tue Nov 10 20:53:11 2009 OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] built on Feb  2 2009
Enter Auth Username:swissvpntest
Enter Auth Password:
Tue Nov 10 20:53:18 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Nov 10 20:53:18 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 10 20:53:18 2009 Attempting to establish TCP connection with 80.254.79.87:443
Tue Nov 10 20:53:18 2009 TCP connection established with 80.254.79.87:443
Tue Nov 10 20:53:18 2009 TCPv4_CLIENT link local: [undef]
Tue Nov 10 20:53:18 2009 TCPv4_CLIENT link remote: 80.254.79.87:443
Tue Nov 10 20:53:20 2009 [server] Peer Connection Initiated with 80.254.79.87:443
Tue Nov 10 20:53:21 2009 Options error: unknown --redirect-gateway flag: bypass-dhcp
Tue Nov 10 20:53:21 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: topology (2.0.9)
Tue Nov 10 20:53:21 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: socket-flags (2.0.9)
Tue Nov 10 20:53:21 2009 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.128) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Tue Nov 10 20:53:21 2009 TUN/TAP device tun0 opened
Tue Nov 10 20:53:21 2009 /sbin/ifconfig tun0 80.254.76.136 pointopoint 255.255.255.128 mtu 1500
ifconfig: SIOCSIFDSTADDR: Invalid argument
Tue Nov 10 20:53:22 2009 Linux ifconfig failed: shell command exited with error status: 1
Tue Nov 10 20:53:22 2009 Exiting
root@OpenWrt:~#


here the swissvpn.ovpn file:

dev tun
client
proto tcp-client
remote connect-openvpn.swissvpn.net 443
ca ca.crt
auth-user-pass
reneg-sec 86400
ns-cert-type server


What can i do now that it works?

Post #2
doddel
12 Nov 2009, 17:25

out of curiosity visited the sitte of swissvpn. They indicate that
quote
Download the latest OpenVPN version from the 2.1 branch (2.1_rc18 at the time of this writing). Important: OpenVPN 2.0 will not work!
unquote.
Your log says:
OpenVPN 2.0.9

Post #3
sangul
12 Nov 2009, 17:31

hi, how can i make open vpn 2.1 on the router? I made yesterday a update with this command:
opkg update
opkg install openvpn
But it istalled OpenVPN 2.0.9.

exist open vpn v. 2.1 for openwrt?

(Last edited by sangul on 12 Nov 2009, 17:32)

Post #4
doddel
12 Nov 2009, 18:42

2.1_rc18 is available under snapshots from downloads.openwrt.org.
Choose the proper architecture and make sure OpenWrt itself and all the packages you want to install are of the same kernel version.

Post #5
sangul
13 Nov 2009, 00:23

Ok, i will test it tomorrow and write back

cu

(Last edited by sangul on 13 Nov 2009, 00:40)

Post #6
sangul
13 Nov 2009, 16:13

hi doodel,

now it works the only problem was:

the resolv.conf.auto was not updated so i had manually write the dns of swissvpn in it.

On this page:  https://forum.openwrt.org/viewtopic.php?id=21408

there is a solution the this works automatically with two scirpts

up:

#!/bin/sh
mv /tmp/resolv.conf.auto /tmp/resolv.conf.auto.hold
echo $foreign_option_1 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' > /tmp/resolv.conf.auto
echo $foreign_option_2 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto
echo $foreign_option_3 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto

down:

#!/bin/sh
mv /tmp/resolv.conf.auto.hold /tmp/resolv.conf.auto


i made it like discribed but if i make in putty/ssh:

openvpn --up ./up --down ./down --config swissvpn.ovpn

it comes this message:


Options error: In [CMD-LINE]:1: Error opening configuration file: swissvpn.ovpn
Use --help for more information.

What can i do?

(Last edited by sangul on 13 Nov 2009, 17:28)

Post #7
doddel
14 Nov 2009, 14:50

it looks as if it is looking for the conf file but cannot find it. Perhaps add a path to it, like you did with the up and down scripts.

Post #8
sangul
14 Nov 2009, 15:05

Hi, with open vpn 2.1 you can't load own scipts in open vpn.
So i installed the version 2.0.9 and add the path:

openvpn --up ./up --down ./down --config /etc/openvpn/swissvpn.ovpn

But now this message comes:

Sat Nov 14 15:05:16 2009 Cannot load CA certificate file ca.crt (SSL_CTX_load_verify_locations): error:02001002:lib(2):func(1):reason(2): error:2006D080:lib(32):func(109):reason(128): error:0B084002:lib(11):func(132):reason(2)
Sat Nov 14 15:05:16 2009 Exiting

Post #9
sangul
14 Nov 2009, 16:30

the problem is solved the problem was that i wrote:

openvpn --up ./up --down ./down --config /etc/openvpn/swissvpn.ovpn

instead of


openvpn --cd /etc/openvpn/ --up /etc/openvpn/up --down /etc/openvpn/down --config /etc/openvpn/swissvpn.ovpn


cu

The discussion might have continued from here.