Jump to content
Not connected, Your IP: 3.137.178.122
Sign in to follow this  
privado

Config guide for setting up VPN with DD-WRT router

Recommended Posts

Hi,

I was wondering if anyone could link/post a guide on configuring the vpn to run direct from a router. I have a cisco/linksys E2000 router already fw changed to DD-WRT. So far I have downloaded the files from the "connect witout our client" section.

Any help greatly appreciated

Share this post


Link to post

ok, so I start filling in the parts under services -> vpn -> openvpn client, down as far as hash algorithm.

Share this post


Link to post

privado wrote:

ok, so I start filling in the parts under services -> vpn -> openvpn client, down as far as hash algorithm.

Hello!

If you have already flashed the DD-WRT firmware with OpenVPN support, you should now generate all the files you need with our configuration generator.

Go to menu "Member"->"Access without our client" and choose server and port. Download air.zip. Inside the archive, you will find the air.ovpn configuration file which has all the parameters to copy according to the interface you have on your router.

A quite complete guide is available here:

http://www.dd-wrt.com/wiki/index.php/OpenVPN

Do not hesitate to contact us for any further information.

Kind regards

Paolo

AirVPN

Share this post


Link to post

Thanks for the quick reply. I had downloaded that file and had a look inside each file. I was just a bit unsure what to paste in as the public client cert & private client key. Also if nscertType verification needed checking.

thanks agin.

Share this post


Link to post

privado wrote:

Thanks for the quick reply. I had downloaded that file and had a look inside each file. I was just a bit unsure what to paste in as the public client cert & private client key. Also if nscertType verification needed checking.

thanks agin.

Hello!

Yes, ns-cert-type is "server". You need to activate the option.

The certificate and the key you cite are both inside the archive air.zip.

Do not hesitate to contact us for any further information.

Kind regards

AirVPN admins

Share this post


Link to post

Hi again,

Sorry, not had much time to get this working properly.

Is it possible to have some sort of tutorial made for DD-WRT openvpn capable routers ??

I am sure this would benefit quite a lot of the people here, or perhaps a preconfigured firmware upgrade file? From the time I have free, its been a pain having to read different web sites getting information, and still not having it working correctly.

I would just like to add that the WRT router will be connecting to my DSL modem router.

I would really like to sort this out before my subscription is due again.

Thank you.

Share this post


Link to post

privado wrote:

Hi,

I was wondering if anyone could link/post a guide on configuring the vpn to run direct from a router. I have a cisco/linksys E2000 router already fw changed to DD-WRT. So far I have downloaded the files from the "connect witout our client" section.

Any help greatly appreciated

Hello!

You can find a good tutorial is in the DD-WRT wiki (see the "Client Mode"):

'>http://www.dd-wrt.com/wiki/index.php/OpenVPN#Enable_OpenVPN_in_the_Router>

If you have any doubt on any parameter to insert, please do not hesitate to contact us or write in the forum.

Kind regards

AirVPN admins

Share this post


Link to post

Hello,

Yes I have been using that guide but cannot get it to connect to the VPN. This is why I was asking if admins here could make a tutorial instead of using a 3rd party website. My problem I think is that I am using a DD-WRT openvpn router to connect to my DSL router.

Thank you.

Share this post


Link to post

privado wrote:

Hello,

Yes I have been using that guide but cannot get it to connect to the VPN. This is why I was asking if admins here could make a tutorial instead of using a 3rd party website. My problem I think is that I am using a DD-WRT openvpn router to connect to my DSL router.

Thank you.

Hello!

To clarify, is the connection of this kind:

Your PCs/devices ((())) DD-WRT router----DSL router----ISP ?

Does your DSL router use DHCP for LAN? Does it support IP forwarding? When you don't use OpenVPN, is the connection ok?

Looking forward to hearing from you

Kind regards

Share this post


Link to post

Hi,

yes that is correct. devices --> e2000 ddwrt openvpn router ---> 320N DSL router (ISP) is what im trying to achieve.

The e2000 is connected to my DSL router wired and working fine. I have added the .crt /keys in the openvpn section, configured it as what is stated in the openvpn.conf file. What seems to be happening is that all devices connect to the e2000 fine and connect to the internet, but not thru the VPN.

Thanks.

Share this post


Link to post

privado wrote:

Hi,

yes that is correct. devices --> e2000 ddwrt openvpn router ---> 320N DSL router (ISP) is what im trying to achieve.

The e2000 is connected to my DSL router wired and working fine. I have added the .crt /keys in the openvpn section, configured it as what is stated in the openvpn.conf file. What seems to be happening is that all devices connect to the e2000 fine and connect to the internet, but not thru the VPN.

Thanks.

Hello!

The optimal solution would be to configure the DSL router in full bridge mode. Currently, does your DSL router use DHCP? And the E2000? Can you please send us the DD-WRT router OpenVPN connection logs to check (you may need to turn on logging)?

Kind regards

Share this post


Link to post

Hi,

Yes DSL router is in full bridge mode and DHCP enabled. I will send you the openvpn connection logs once i worked out where they are saved . Thanks.

Share this post


Link to post

privado wrote:

Hi,

Yes DSL router is in full bridge mode and DHCP enabled. I will send you the openvpn connection logs once i worked out where they are saved . Thanks.

Hello!

Sorry, it was assumed that you were already monitoring the logs.

Here are two scripts that may help troubleshoot. They require minimal adjustment to fit your needs and according to your network configuration. If you startup with the 1st script, you'll find the logs in the file /tmp/openvpn.log

Also, check that you have enough free memory in the router (8 kB free are enough).

You might want to look here for further details:

http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client1_Configuration

There you'll find how to enable syslog on your router as well.

The first script is for the "Startup" section of your router.

===========

cd /tmp 
ln -s /usr/sbin/openvpn /tmp/openvpn

echo "
[[PASTE air.ovpn HERE]]
keepalive 15 60
daemon
log /tmp/openvpn.log
" > airvpn.conf

echo "
-----BEGIN CERTIFICATE-----
[[PASTE ca.crt CONTENT HERE]]
-----END CERTIFICATE-----
" > ca.crt

echo "
-----BEGIN CERTIFICATE-----
[[PASTE user.crt CONTENT HERE]]
-----END CERTIFICATE-----
" > user.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
[[PASTE user.key CONTENT HERE]]
-----END RSA PRIVATE KEY-----
" > user.key

# Create tun0 interface
/tmp/openvpn --mktun --dev tun0
ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up
[MODIFY 'x' - SEE https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141)

# Create routes
route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d [[FIND ADDRESS ACCORDING TO SERVER YOU CONNECT TO]]

# Start openvpn
sleep 5
/tmp/openvpn --config airvpn.conf

========================

Script for the "Firewall" section:

# Open firewall holes - you might want to modify according to your connection
iptables -I INPUT 2 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT
iptables -I INPUT 2 -p udp --dport 80 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 2 -p udp --dport 443 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 443 -j ACCEPT

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Looking forward to hearing from you.

Kind regards

AirVPN

Share this post


Link to post

Hi,

Ok I have tried doing the things yhat you have said, but do not seem to be progressing any further. To be honest I am looking for a premium service that does not involve having to get technical, I really do not have the time to be playing with configurations etc.

I think it would be helpful in future if you did something similar as the more commercial VPN providers (strongvpn. etc) where you have a firmware file pre configured for DD-WRT routers. With the popularity of VPN's with normal web users, who value their privacy, but do not have the time or understanding to play with configurations, I think you are losing out a lot on potential customers.

Thank you for your time anyway, and if you can think of anything to help me get up and running, without having to look at error logs and configs, pleae let me know, as I would rather give you guys a years subscription than the likes of strongvpn etc.

Thanks.

Share this post


Link to post

privado wrote:

Hi,

Ok I have tried doing the things yhat you have said, but do not seem to be progressing any further. To be honest I am looking for a premium service that does not involve having to get technical, I really do not have the time to be playing with configurations etc.

I think it would be helpful in future if you did something similar as the more commercial VPN providers (strongvpn. etc) where you have a firmware file pre configured for DD-WRT routers. With the popularity of VPN's with normal web users, who value their privacy, but do not have the time or understanding to play with configurations, I think you are losing out a lot on potential customers.

Thank you for your time anyway, and if you can think of anything to help me get up and running, without having to look at error logs and configs, pleae let me know, as I would rather give you guys a years subscription than the likes of strongvpn etc.

Thanks.

Hello!

Thank you for your feedback.

The troubleshooting with DD-WRT routers with any s&t OpenVPN-based VPN provider requires exactly the same information we asked (network configuration, logs). They are necessary to give proper assistance.

We will keep on our involvement to make life easier for non-techies, however there are certain minimal technical requirements which are mandatory if someone wants to be serious about privacy and anonymity layers. It's a small price to pay for a greater benefit.

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

Hi,

Ok, so i spent some time going through this and have progressed quite far I think. Can you tell though what

" [[YOUR CLIENT NETWORK SUBNET HERE]] " is and where I could find it. This is in regard to the script that you asked me to run:

# Create routes

route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d

Thanks.

Share this post


Link to post

privado wrote:

Hi,

Ok, so i spent some time going through this and have progressed quite far I think. Can you tell though what

" [[YOUR CLIENT NETWORK SUBNET HERE]] " is and where I could find it. This is in regard to the script that you asked me to run:

# Create routes

route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d

Thanks.

Hello!

In the bottom of this message we report the settings for web interface configuration, just in case you wish to try with that again.

If you insert the 1st script in the "Startup" section the router will execute it when it boots and will write the openvpn logs in /tmp/openvpn.log. If everything is fine it will also connect automatically to the VPN server of your choice (the one specified in the air.ovpn that you have pasted there).

YOUR CLIENT NETWORK SUBNET depends on the configuration of your DSL modem+router. Since it is in full bridge mode but DHCP is enabled, it will provide an IP address to the DD-WRT router. You are in a situation where you have two DHCP servers, one in the DSL m+r, the other in the E2000, and this makes things a little bit more complicated: you must pick IP subnets which do not overlap with each other.

You should check that. It might be an address of the type 192.168.1.*, but it is also not uncommon that it might be 192.168.2.*. It all depends on the customization your ISP made to your DSL modem+router, just browse to the web configuration interface of the DSL router and check internal IP and subnet. When you're there, take also note of the internal gateway IP address, you will need it later.

So, if the DSL router has internal IP 192.168.1.1 subnet 255.255.255.0 pick 192.168.2.1 for the local IP address of the DD-WRT router. If it is 192.168.2.1, pick 192.168.1.1. etc. The local IP address must also be set in the "Setup" page, tab "Basic setup" of the E2000. Example:

local IP 192.168.2.1

Subnet Mask 255.255.255.0

Gateway .

In this tab, also make sure that "DHCP Mode" is set to "Server" and that the "Enable" option is active.

a.b.c.d is the IP address of the DSL router gateway.

PARAMETERS FOR THE DD-WRT ROUTER WEB INTERFACE

Start OpenVPN: Yes

Server IP / Name: your favourite VPN server IP address (see the line "remote" in air.ovpn)

Port: your favourite port (53, 80 or 443) [this is useful in case your ISP slows down connections on port 443 or 80 UDP]

Use LZO Compression: Yes

Tunnel Protocol: UDP or TCP [uDP is more efficient, but TCP with its full error-correction is precious when there are connection issues or your ISP throttles UDP connections]

nsCertType: Server

Public Server Cert: Paste the contents of ca.crt from "------BEGIN CERTIFICATE" to "END CERTIFICATE-----" included

Public Client Cert: Paste the contents of user.crt like above

Private Client Key: Paste the contents of user.key

Save settings.

Now, enable ssh connections in the E2000 so that you will be later able to access via ssh to the router for deeper troubleshooting. To enable SSH:

- Using the Web Interface, go to the Administration tab. (in v24 use Services tab)

- Under the Services sub-tab, Enable SSHd in the Secure Shell section. If new options don't appear, Save Settings

- Enable Password Login to enable the password login

- Save and Apply Settings

Finally, please reboot the router, wait a couple of minutes, check the connection and verify your exit-IP to the Internet (you can see it by connecting to https://airvpn.org and looking at the central box in the bottom of the page). To access the openvpn logs for troubleshooting, login to your E2000 via telnet or ssh port 22.

For telnet, default login: root default psw: admin. For ssh, default login: root.

telnet

ssh >

If you use Windows Vista/7, you will need to install telnet from "Programs and features". Or you can download PuTTY which supports both ssh and telnet http://www.putty.org

Once you log in the E2000, go to the /tmp dir and print the log. Copy it and please paste it to us, it may be really helpful for troubleshooting:

cd /tmp

cat openvpn.log

Note: if you don't use PuTTY and you have Windows 7/Vista, use the Powershell to have improved screening and copy & paste functionalities. To copy a text inside the powershell, select it with the left mouse button pressed. When you have selected it all, release the left button and click once the right button. The text will be put in the clipboard, ready for pasting.

We're looking forward to hearing from you.

Kind regards

Share this post


Link to post

Hi,

To make things easier I have installed a wimax system temporarily so I am connecting directly to the internet with the e2000. Once I can get this working I will try again via my DSL router and connection.

I have installed and configured the scripts to connect to the .DE vpn on port 443.

I seem to be connecting to the vpn fine :

Server: : SUCCESS Local Address: 10.4.5.230 Remote Address: 10.4.0.1 Client: CONNECTED: SUCCESS Local Address: 10.4.5.230 Remote Address: 10.4.0.1

However I still do not know what my subnet is, so I have put in 192.168.1.1 (How can I find out wha the correct address is to enter?). I am getting the following errors from the log:

Serverlog Clientlog 20111216 22:00:53 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20111216 22:00:53 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20111216 22:00:53 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20111216 22:00:53 Local Options hash (VER=V4): '22188c5b'

20111216 22:00:53 Expected Remote Options hash (VER=V4): 'a8f55717'

20111216 22:00:53 I UDPv4 link local: [undef]

20111216 22:00:53 I UDPv4 link remote: 89.149.226.185:443

20111216 22:00:53 TLS: Initial packet from 89.149.226.185:443 sid=7ae3953c cdc4639a

20111216 22:00:54 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20111216 22:00:54 VERIFY OK: nsCertType=SERVER

20111216 22:00:54 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20111216 22:00:58 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20111216 22:00:58 NOTE: --mute triggered...

20111216 22:00:58 4 variation(s) on previous 5 message(s) suppressed by --mute

20111216 22:00:58 I [server] Peer Connection Initiated with 89.149.226.185:443

20111216 22:01:00 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20111216 22:01:00 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 120 ifconfig 10.4.5.230 10.4.5.229'

20111216 22:01:00 OPTIONS IMPORT: timers and/or timeouts modified

20111216 22:01:00 OPTIONS IMPORT: LZO parms modified

20111216 22:01:00 OPTIONS IMPORT: --ifconfig/up options modified

20111216 22:01:00 NOTE: --mute triggered...

20111216 22:01:00 2 variation(s) on previous 5 message(s) suppressed by --mute

20111216 22:01:00 I TUN/TAP device tun1 opened

20111216 22:01:00 TUN/TAP TX queue length set to 100

20111216 22:01:00 I /sbin/ifconfig tun1 10.4.5.230 pointopoint 10.4.5.229 mtu 1500

20111216 22:01:00 /sbin/route add -net 89.149.226.185 netmask 255.255.255.255 gw 192.168.0.1

20111216 22:01:00 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.5.229

20111216 22:01:00 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.5.229

20111216 22:01:00 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.5.229

20111216 22:01:00 I Initialization Sequence Completed

20111216 22:01:00 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20111216 22:01:01 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20111216 22:01:02 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20111216 22:01:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20111216 22:01:08 D MANAGEMENT: CMD 'state'

20111216 22:01:08 MANAGEMENT: Client disconnected

20111216 22:01:08 MANAGEMENT: Client connected from 127.0.0.1:5001

20111216 22:01:08 D MANAGEMENT: CMD 'state'

20111216 22:01:08 MANAGEMENT: Client disconnected

Thanks.

Share this post


Link to post

privado wrote:

20111216 22:01:00 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20111216 22:01:01 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

20111216 22:01:02 N write UDPv4 [EMSGSIZE Path-MTU=1500]: Message too long (code=97)

 

Hello!

Your guess about 192.168.1.1 seems correct from the logs. 192.168.1.1 is the default IP address of a DD-WRT router.

To be sure, browse the web interface, go to "Setup"-->"Basic setup" and see the IP reported in the "Local IP address" field.

About the errors, they are probably related to MTU size. First of all, go to "Basic Setup" again and set the following values (probably they are already set so):

TUN MTU Setting 1500

TUN MTU Extra 32

TCP MSS 1450

If they showed different settings, try the connection again after the modification.

On the contrary, if those values were already 1500, 32 and 1450 and/or the log still shows errors of that kind, then launch OpenVPN with the --fragment 1000 and --mssfix parameters, i.e. modify the line in the "startup" script which launches OpenVPN in the following way:

# Start openvpn
sleep 5
/tmp/openvpn --config airvpn.conf --fragment 1000 --mssfix

If this fixes the problem, progressively increase those values to 1100, 1200, 1300, ..., 1450 (that is, increase them until the logs show again an error code 91) to determine the optimal maximum segment size (the lower the max segment size is, the worse can be the performance, so this would be fine tuning).

Unfortunately, it is in general impossible to conclude in a network what MTU will be at any moment.

We're looking forward to hearing from you.

Kind regards

Share this post


Link to post

Hi,

I tried a few diff vpn locations and a few other things and I am now getting the following error :

State

Server: : SUCCESS Local Address: 10.5.1.162 Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.5.1.162 Remote Address:

Status

Log

Serverlog Clientlog 20111217 21:44:04 Socket Buffers: R=[87380->131072] S=[16384->131072]

20111217 21:44:04 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

20111217 21:44:04 Local Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_CLIENT comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20111217 21:44:04 Expected Remote Options String: 'V4 dev-type tun link-mtu 1560 tun-mtu 1500 proto TCPv4_SERVER comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20111217 21:44:04 Local Options hash (VER=V4): '958c5492'

20111217 21:44:04 Expected Remote Options hash (VER=V4): '79ef4284'

20111217 21:44:04 I Attempting to establish TCP connection with 94.75.255.91:443 [nonblock]

20111217 21:44:05 I TCP connection established with 94.75.255.91:443

20111217 21:44:05 I TCPv4_CLIENT link local: [undef]

20111217 21:44:05 I TCPv4_CLIENT link remote: 94.75.255.91:443

20111217 21:44:06 TLS: Initial packet from 94.75.255.91:443 sid=9ef423b3 c49741bb

20111217 21:44:07 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20111217 21:44:07 VERIFY OK: nsCertType=SERVER

20111217 21:44:07 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20111217 21:44:12 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20111217 21:44:12 NOTE: --mute triggered...

20111217 21:44:12 4 variation(s) on previous 5 message(s) suppressed by --mute

20111217 21:44:12 I [server] Peer Connection Initiated with 94.75.255.91:443

20111217 21:44:14 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20111217 21:44:14 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.5.0.1 comp-lzo no route 10.5.0.1 topology net30 ping 10 ping-restart 120 ifconfig 10.5.1.162 10.5.1.161'

20111217 21:44:14 OPTIONS IMPORT: timers and/or timeouts modified

20111217 21:44:14 OPTIONS IMPORT: LZO parms modified

20111217 21:44:14 OPTIONS IMPORT: --ifconfig/up options modified

20111217 21:44:14 NOTE: --mute triggered...

20111217 21:44:14 2 variation(s) on previous 5 message(s) suppressed by --mute

20111217 21:44:14 I TUN/TAP device tun1 opened

20111217 21:44:14 TUN/TAP TX queue length set to 100

20111217 21:44:14 I /sbin/ifconfig tun1 10.5.1.162 pointopoint 10.5.1.161 mtu 1500

20111217 21:44:14 /sbin/route add -net 94.75.255.91 netmask 255.255.255.255 gw 192.168.0.1

20111217 21:44:14 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.1.161

20111217 21:44:14 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.1.161

20111217 21:44:14 /sbin/route add -net 10.5.0.1 netmask 255.255.255.255 gw 10.5.1.161

20111217 21:44:14 I Initialization Sequence Completed

20111217 21:46:39 MANAGEMENT: Client connected from 127.0.0.1:5001

20111217 21:46:39 D MANAGEMENT: CMD 'state'

20111217 21:46:39 MANAGEMENT: Client disconnected

20111217 21:46:39 MANAGEMENT: Client connected from 127.0.0.1:5001

20111217 21:46:39 D MANAGEMENT: CMD 'state'

20111217 21:46:39 MANAGEMENT: Client disconnected

thanks

Share this post


Link to post

privado wrote:

Hi,

I tried a few diff vpn locations and a few other things and I am now getting the following error :

State

Server: : SUCCESS Local Address: 10.5.1.162 Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.5.1.162 Remote Address:

Status

Log

20111217 21:44:14 I /sbin/ifconfig tun1 10.5.1.162 pointopoint 10.5.1.161 mtu 1500

thanks

Hello!

It's good that the MTU problem has been fixed by --fragment and --mssfix.

We gave you a script which configures tun0, not tun1, in promisc mode, because of the previous bridged configuration with the DSL router, which now is not there anymore.

Please delete or comment out the following line from the startup script:

ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up

then delete or comment out the following lines from the "Firewall" script:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

and check the logs to see what happens.

We're looking forward to hearing from you.

Kind regards

Share this post


Link to post

Hi,

Stil getting errors Im afraid. Is it possible you could paste the revised startup command line.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...