OpenWrt Forum Archive

Topic: OpenVPN Problem

The content of this topic has been archived on 29 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
EgonLebt
22 Mar 2006, 19:19

Hi!

I have a lot of troubles with OpenVPN on the WGT634U with Kamikaze, Revision 3800.

I Use OpenVPN for bridging my WLAN to my LAN oven a bridge between vlan0 and tun0. All this worked fine, but after I flashed a new version ( on the change to Kernel 2.6.15.6) no connection can be established. On my first tries ( before it worked the first time) I forgot to set the System time and the certificates did not work. Now this is fixed I also used the example keys to prefent wrong keys.

I tried a lot, hope I havn't killed my config with this.


Hope anyone have ideas, suggestions or any other answers.

Dennis


The Output I get on the Server:
------------------------------------------------------------------------------------------------------------------------
Wed Mar 22 18:58:14 2006 OpenVPN 2.0.5 mipsel-linux [SSL] [LZO] [EPOLL] built on Mar  8 2006
Wed Mar 22 18:58:16 2006 Diffie-Hellman initialized with 1024 bit key
Wed Mar 22 18:58:16 2006 Control Channel Authentication: using '/config/keys/ta.key' as a OpenVPN static key file
Wed Mar 22 18:58:16 2006 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 22 18:58:16 2006 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 22 18:58:16 2006 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 22 18:58:16 2006 TUN/TAP device tap0 opened
Wed Mar 22 18:58:16 2006 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Mar 22 18:58:16 2006 UDPv4 link local (bound): [undef]:1194
Wed Mar 22 18:58:16 2006 UDPv4 link remote: [undef]
Wed Mar 22 18:58:16 2006 MULTI: multi_init called, r=256 v=256
Wed Mar 22 18:58:16 2006 IFCONFIG POOL: base=192.168.1.100 size=51
Wed Mar 22 18:58:16 2006 Initialization Sequence Completed
Wed Mar 22 19:00:53 2006 MULTI: multi_create_instance called
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 Re-using SSL/TLS context
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 LZO compression initialized
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 Local Options hash (VER=V4): '360696c5'
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 Expected Remote Options hash (VER=V4): '13a273ba'
Wed Mar 22 19:00:53 2006 192.168.3.127:1194 TLS: Initial packet from 192.168.3.127:1194, sid=9a7866da 514825dc
Wed Mar 22 19:00:56 2006 192.168.3.127:1194 VERIFY OK: depth=1, /C=DE/ST=CA/L=Hamburg/O=xxxx/CN=xxxVPN/emailAddress=xxx@xxx.xx
Wed Mar 22 19:00:56 2006 192.168.3.127:1194 VERIFY OK: depth=0, /C=DE/ST=CA/L=Hamburg/O=xxxx/CN=client1/emailAddress=xxx@xxx.xx
Wed Mar 22 19:00:58 2006 192.168.3.127:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140D108E:lib(20):func(209):reason(142)
Wed Mar 22 19:00:58 2006 192.168.3.127:1194 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 22 19:00:58 2006 192.168.3.127:1194 TLS Error: TLS handshake failed
Illegal instruction
----------------------------------------------------------------------------------------------------------

My Server-Config:

------------------------------------------------------------------------------------------------------------

port 1194
dev tap0
tls-server
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.150

ca /config/keys/ca.crt
cert /config/keys/server.crt
key /config/keys/server.key
dh /config/keys/dh1024.pem
keepalive 10 120
persist-key
persist-tun
comp-lzo
verb 3

-------------------------------------------------------------------------------------------------------------------

My Client-Config:
--------------------------------------------------------------------------------------------------------------------
dev tap
remote 192.168.3.1 1194
tls-client

ca /etc/openvpn/client1/ca.crt
cert /etc/openvpn/client1/client1.crt
key /etc/openvpn/client1/client1.key

port 1194
route-gateway 192.168.1.1
persist-tun
persist-key
comp-lzo
verb 3
------------------------------------------------------------------------------------------------------------


Changed to new config, biut nothing works....

(Last edited by EgonLebt on 24 May 2006, 16:21)

Post #2
knetknight
2 Apr 2006, 13:35

I suggest temporarily disabling the "tls-auth" lines in both the server and the client config, then try it again. tls-auth provides additional but optional security.

If that doesn't work I suggest trying a config that's as simple as possible and then build up in complexity if that works.

Let me know how it goes, glad to help.

The discussion might have continued from here.