Hey guys,
am trying to make an openvpn server of my router, so i can connect from the outside/inside with my local lan to do some maintance on my pi.
I installed opkg install openvpn-openssl openvpn-easy-rsa and followed the post on:
wiki.openwrt.org/doc/howto/vpn.openvpn
I opened the ports on my ISP modem/router and forwarded it to my openwrt router.
but the connection wont come up, the openvpn log says: MANAGEMENT: >STATE:1503950087,WAIT,,,,,,
Here is my output of the commands:
cat /tmp/openvpn.log
cat /etc/config/network
cat /etc/config/firewall
cat /etc/config/openvpn
root@Unknown:~# cat /tmp/openvpn.log
cat: can't open '/tmp/openvpn.log': No such file or directory
root@Unknown:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XX.XX.XX.XX::/48'
config interface 'lan'
option ifname 'eth1'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.254'
option dns 'XX.XX.XX.22 XX.XX.XX.23 8.8.8.8 8.8.4.4'
config interface 'wan'
option ifname 'eth0'
option _orig_ifname 'eth0'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.178.11'
option netmask '255.255.255.0'
option gateway '192.168.178.1'
option delegate '0'
option type 'bridge'
option dns '.XX.XX.XX.22 XX.XX.XX.23'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6'
config route
option interface 'lan'
option target '0.0.0.0'
option gateway '192.168.178.1'
config route
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
root@Unknown:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
option family 'IPv4'
option reload '1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.104'
option dest_port '80'
option name 'Apache Server to Pi'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '8080'
option dest_ip '192.168.1.104'
option dest_port '8080'
option name 'Apache Server to Pi'
option enabled '0'
config rule 'Allow_OpenVPN_Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone 'vpn'
option name 'vpn'
option network 'vpn0'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
config forwarding 'vpn_forwarding_lan_in'
option src 'vpn'
option dest 'lan'
config forwarding 'vpn_forwarding_lan_out'
option src 'lan'
option dest 'vpn'
config forwarding 'vpn_forwarding_wan'
option src 'vpn'
option dest 'wan'
config redirect
option enabled '1'
option target 'DNAT'
option src 'wan'
option dest 'vpn'
option proto 'udp'
option src_dport '1194'
option dest_ip '192.168.1.254'
option dest_port '1194'
option name 'VPN'
root@Unknown:~# cat /etc/config/openvpn
config openvpn 'lan'
option enable '1'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/easy-rsa/keys/ca.crt'
option cert '/etc/easy-rsa/keys/server.crt'
option key '/etc/easy-rsa/keys/server.key'
option dh '/etc/easy-rsa/keys/dh2048.pem'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option comp_lzo 'no'
option persist_key '1'
option persist_tun '1'
option status '/var/log/openvpn-status.log'
option verb '3'
option server '10.0.0.0 255.255.255.0'
option client_to_client '1'
list push 'redirect-gateway def1'
list push 'dhcp-option DNS 192.168.1.254'
list push 'route 192.168.1.0 255.255.255.0'
option enabled '1'Could someone please help with a push in the right direction. Maybe it is something noobish what am asking, just let me know 
Thanks in regards!
Hpower
