OpenVPN setup

All about firmwares for routers. Support for RouterTech firmwares is here too.
Post Reply
cele82
Newbie
Newbie
Posts: 9
Joined: Sat Feb 01, 2014 10:53 pm

OpenVPN setup

Post by cele82 » Sun Feb 09, 2014 5:44 pm

Hi all,
I've red entirely the PDF regarding the OpenVPN setup and I've generated successfully all the keys and created the minix partition on my G604T

Now these are all the parameters added....

Code: Select all

mtd5	0x903b0000,0x903f0000
RT_init_nvram	mount -t minix /dev/mtdblock/5 /nvram/
openvpn_cert_dir	/nvram
openvpn	1
if I run iptables -L I see that I have the rules setup at every boot...

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere           udp dpt:1194 
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere           icmp fragmentation-needed 
DROP       icmp -f  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere           udp dpt:1194 
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             10.1.1.4           udp dpt:4141 
ACCEPT     tcp  --  anywhere             10.1.1.4           tcp dpt:4141 
TCPMSS     tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
ACCEPT     icmp --  anywhere             anywhere           icmp fragmentation-needed 
UPNP       all  --  anywhere             anywhere           
DROP       all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere           udp dpt:1194 
ACCEPT     icmp --  anywhere             anywhere           icmp fragmentation-needed 
DROP       icmp --  anywhere             anywhere           icmp destination-unreachable 
DROP       icmp --  anywhere             anywhere           state INVALID

Question shouldn't openvpn listed in PS or TOP ?

Because I don't have any...

Code: Select all

/var # ps
  PID USER       VSZ STAT COMMAND
    1 root      1056 S    init
    2 root         0 SW   [keventd]
    3 root         0 SWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    7 root         0 SW   [mtdblockd]
  466 root      2300 S    /usr/sbin/mini_httpd -d /usr/www -u root -p 80 -c /cgi-bin/* -l /dev/null
  467 root      2168 S    /usr/bin/cm_pc
  469 root      3664 S    /usr/bin/cm_logic -m /dev/ticfg -c /etc/config.xml
  512 root       768 S    /sbin/dproxy -c /etc/resolv.conf -d
  513 root       996 S    /usr/sbin/wlan/wpa_authenticator
  552 root      1056 S    init
  846 root      2396 S    /usr/sbin/pppd plugin pppoa 8.35 user XXXXX password XXXXXX nodetach defaultrou
  882 root       716 S    /usr/sbin/upnpd ppp0 br0
  887 root       684 S    /usr/sbin/udhcpd /var/tmp/udhcpd.conf
 1476 root      1996 S    /usr/sbin/dropbear
 1477 root      1072 S    -sh
 1566 root      1056 R    ps

And of course I can't connect externally....anything that I need to check ? Any logs ?



PS is it possible to change the default port for SSH of the router ? How ?
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: OpenVPN setup

Post by thechief » Mon Feb 10, 2014 8:33 pm

Yes, it should show up in "ps". Clearly, something is not set up correctly. Look for /var/log/ovpn.log. If it is empty or non-existent, then run (from a telnet/ssh login session)

Code: Select all

openvpn.sh --slog=debug_openvpn.log
Then have a look at /var/log/debug_openvpn.log
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
cele82
Newbie
Newbie
Posts: 9
Joined: Sat Feb 01, 2014 10:53 pm

Re: OpenVPN setup

Post by cele82 » Tue Feb 18, 2014 10:35 pm

Found it .... I've called the server.crt and server.key, like the hostname of the router... instead of server.

I've changed them back to normal. umounted and mounted /nvram... all good.

-rw-r--r-- 1 root 0 3556 Jan 31 2012 server.crt
-rw-r--r-- 1 root 0 891 Jan 31 2012 server.key


Thanks!


PS the OpenVPN app for iPhone does not support TAP tunnels... do you know if there's an alternative solution ?
Post Reply