You are not logged in.
I have an old linksys router at home running tomatovpn (tomato firmware + openvpn).
I'm currently in another country for work and am forced to use unsecured wifi connections and I want to tunnel all of my traffic from my laptop through my home router.
I can access the router from my laptop using it's external IP address / dyndns account to make changes to it, but I can't seem to ping it.
Here is the openvpn.config sitting on my arch laptop:
remote ####.dyndns.org
port ####
dev tun
secret static.key
proto udp
comp-lzo
route-gateway 192.168.1.1
#redirect-gateway
floatRunning the above config will end with "Initialization Sequence Completed" but I'm still unable to ping the router.
If I run it without commenting out "redirect-gateway" I get this error:
TUN/TAP device tap0 opened
SIOCADDRT: No such process
ERROR: Linux route add command failed: external program exited with error status: 7
Also, running ifconfig doesn't list tap0, iwconfig does, but it says "no wireless extensions"
I've been reading various wikis, blogs, and tutorials on the web for the past few weeks and I'm going crazy trying to get this to work.
Offline
I have tomatoVPN 1.27 on a WRT54GS, and all is working 100% using networkmanager, nm-applet and the ovpn plugin.
For starters, what config options have you set on the tomatoVPN router?
Last edited by sultanoswing (2010-08-30 21:16:43)
6.5.3.arch1-1(x86_64) w/Gnome 44.4
Arch on: ASUS Pro-PRIME x470, AMD 5800X3D, AMD 6800XT, 32GB, | Intel NUC 7i5RYK | ASUS ux303ua | Surface Laptop
Offline
Cool, I'm running the exact same setup, with these settings:
VPN Tunneling / Server:
- Start with WAN is checked
- interfeace type TUN
- protocol UDP
- port 1194
- firewall auto
- authorization Static Key
- local/remote endpoint addresses 10.8.0.1 & 10.8.0.2
On the Advanced tab:
- respond to DNS is checked
- encryption cypher is default
- compression is adaptive
I've forwarded port 1194 to the router's internal ip and have tried changing firewall to custom but with the same results.
Other than that, under "Advanced", "DHCP/DNS" I have both "use internal DNS" and "Intercept DNS port" checked.
I also have the firewall set to respont to ICMP ping.
Offline
Tomato Server Setup
Firstly, might I suggest (once you get home!) using "Authorization Mode: TLS" with HMAC (0)
It's much more secure, given your stated reasons for wanting to use a VPN in the first place. Sure, it's a bit more fuss to setup the keys, but not THAT difficult, and you'll learn a bit as you go. If you want to be extra geeky, you can store the keys on the router's jffs partition to free up valuable free nvram on the router (this involves some cut and pasting of keys using the router's ssh shell login and vi editor).
And I'm assuming your "port ####" is in fact set to the same as that of your VPN server i.e. 1194.
My Basic settings are the same as yours (other than Auth / HMAC).
My Advanced settings are all checked except 'Manage Client-specific Options', and I use the BF-CBC cipher (low overhead, good security).
My Custom Configuration is as follows:
dh /jffs/dh.pem
ca /jffs/ca.crt
cert /jffs/server.crt
key /jffs/server.key
tls-auth /jffs/ta.key 0
mssfix 1400
user nobody
group nobody'Keys' config page is empty, since I've specified their locations in the jffs partition using the Custom Configuration above.
Laptop Client Setup
Networkmanager, nm-applet and the ovpn plugin had some difficulties under the 'Authentication' settings: it wouldn't 'see' the CA Cert and Private Key files. I overcame this by importing my config file (save the following, with your modifications, as "my-ovpn.conf", then import the conf using nm-applet's GUI).
client
remote xxx.dyndns.org
ca /home/user/openvpn/ca.crt
cert /home/user/openvpn/laptop.crt
key /home/user/openvpn/laptop.key
tls-auth /home/user/openvpn/ta.key 1
remote-cert-tls server
comp-lzo yes
cipher BF-CBC
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
mute-replay-warnings
float
user nobody
group nobodyObviously amend the above details to suit e.g. xxxx for your dyndns name, and the locations and names of the key files on your laptop.
Final points:
1. nm-applet wouldn't connect properly on a weak wireless signal, although using the terminal was successful:
sudo openvpn my-ovpn.conf2. You might need to add 'tun' to your modules array in rc.conf
3. networkmanager ovpn can suffer from permissions issues... although this seems to be on older versions. Google "networkmanager no valid VPN secrets" for more.
4. I couldn't get networkmanager's VPN client to work when testing it out from within the LAN. You need to be outside the LAN, on the WAN connecting back in, to 'test' it... otherwise the nm-applet VPN just times out (so don't get frustrated thinking it isn't working - don't ask how I know!)
5. It is suggested to set your internal home LAN address ranges (and router) to something like: 192.168.90.x, since the default 192.168.1.x is common to many networks you will be connecting from, although I have had no problems with this in the past.
Good luck!
Last edited by sultanoswing (2010-08-31 02:57:26)
6.5.3.arch1-1(x86_64) w/Gnome 44.4
Arch on: ASUS Pro-PRIME x470, AMD 5800X3D, AMD 6800XT, 32GB, | Intel NUC 7i5RYK | ASUS ux303ua | Surface Laptop
Offline