Help with OpenVPN on RT-N66U

[hondaguy28]

Currently I have OpenVPN running on a Linksys WRT54GL that is on DD-WRT.

When I set this up a few years ago I went through and created all of the keys like ca.crt, client.crt, client.key, etc..... I created a total of 15 keys for like 15 users (client1, client2, client3, etc). It has been working OK but now I need to upgrade as the 54GL can't handle the amount of traffic any longer.

So I got an Asus RT-N66U and people recommended this modified firmware for OpenVPN.

Here are my questions (I just flashed to 270.26 firmware):

1. Can I reuse all of those keys I created or do I have to start over from scratch?
2. Can I have multiple users connected to the VPN at the same time? At times there maybe upwards of 10 people at a time. I saw on OpenVPN that there are only client1 and client2.
3. I currently am using tap but I saw that the OpenVPN app for iOS and Android only supports tun and not tap. How easy is it to make the switch to tun? Is it just a matter of having the OpenVPN on the Asus set to tun and the same in the OpenVPN config file?

Thanks for any advice.

Vince

 

[hondaguy28]

Bump. Anyone? Sorry for being a pain but I'm sorta in a bind because the WRT54GL is really choking right now and I really need to put this RT-N66U into production. Thanks.

 

[smolesen]

1) Don't know, but I'd guess it should work, if you use the same server keys

2) Yes you can have multiple users.... Client1 and Client2 (I beleive) )is for the router to work as a client against another router running OpenVPN

3) Yes

 

[hondaguy28]

1) Don't know, but I'd guess it should work, if you use the same server keys

2) Yes you can have multiple users.... Client1 and Client2 (I beleive) )is for the router to work as a client against another router running OpenVPN

3) Yes

Awesome. Thanks so much. I'm gonna try this today and will let you know how I make out. Thanks again.

 

[hondaguy28]

1) Don't know, but I'd guess it should work, if you use the same server keys

2) Yes you can have multiple users.... Client1 and Client2 (I beleive) )is for the router to work as a client against another router running OpenVPN

3) Yes

Hi, so I connect laptopA to the Asus and put in all of the certs and keys and started the VPN on the Asus. I only enabled server1 and configured that to use UDP and everything else is standard setting as shown below in red.

I have laptop B connected on another WAN IP and changed my ovpn config file to use tun. It was able to connect right away onto the VPN and the VPN status on the Asus said I was connected and showed the IP of laptop B.

However, every minute or so it would like disconnect and reconnect again and this is what I get in the log below in blue. Not sure why that is.

Also after I connect to VPN it said I am assigned an IP of 10.8.0.6 but the server I am trying to get to is 192.168.50.2 and I cannot ping the server and I cannot map to the folder on the server either. How can I have it so that once connected via VPN I am assigned an IP of 192.168.50.x that is on same subnet as the internal LAN? This is how it was before when I was using the WRT54GL on DD-WRT. Is it because I was using TAP then and TUN now?

Thanks for your help.

Vince




Select server instance
Service state

Warning: any unsaved change will be lost.
Start with WAN Yes
Interface Type TUN
Protocol UDP
Port 1194
Firewall Automatic
Authorization Mode TLS
Extra HMAC authorization Disabled
(tls-auth)
VPN Subnet / Netmask 10.8.0.0 255.255.255.0

Advanced Settings
Poll Interval 0
(in minutes, 0 to disable)
Push LAN to clients Yes
Direct clients to redirect Internet traffic Yes
Respond to DNS Yes
Advertise DNS to clients Yes
Encryption cipher AES-128-CBC
Compression Adaptive
TLS Renegotiation Time -1
(in seconds, -1 for default)
Manage Client-Specific Options No

Wed Jun 12 17:13:44 2013 MANAGEMENT: >STATE:1371071624,WAIT,,,
Wed Jun 12 17:14:44 2013 [UNDEF] Inactivity timeout (--ping-restart), restarting
Wed Jun 12 17:14:44 2013 SIGUSR1[soft,ping-restart] received, process restarting
Wed Jun 12 17:14:44 2013 MANAGEMENT: >STATE:1371071684,RECONNECTING,ping-restart,,
Wed Jun 12 17:14:44 2013 Restart pause, 2 second(s)
Wed Jun 12 17:14:46 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 12 17:14:46 2013 UDPv4 link local: [undef]

 

[RMerlin]

Personally I prefer to use TCP. More reliable than UDP.

Make sure you do enable NAT to allow routing to work between the two network segments.

 

[hondaguy28]

Personally I prefer to use TCP. More reliable than UDP.

Make sure you do enable NAT to allow routing to work between the two network segments.

Hi Eric, I followed your suggestion and changed it to tcp and when I connect it would connect but within a few seconds it would disconnect and keeps trying to reconnect and will be able to reconnect again and then disconnect right away and keeps repeating this cycle.

NAT is enabled in the WAN settings. Do you have any idea?

 

[RMerlin]

The only difference between your configuration and mine is that I don't tell my clients to redirect all their traffic through the tunnel.

I would double check to ensure you have the correct settings on your client configuration, especially the cipher, compression and TUN mode. Also make sure you run your client with elevated privileges so it can properly establish the routes on the client.

 

[hondaguy28]

The only difference between your configuration and mine is that I don't tell my clients to redirect all their traffic through the tunnel.

I would double check to ensure you have the correct settings on your client configuration, especially the cipher, compression and TUN mode. Also make sure you run your client with elevated privileges so it can properly establish the routes on the client.

I just disabled the redirect setting on mine as well. The OpenVPN client on the client laptop is "run as administrator".

Not sure how to check the rest of the things you mentioned. This is so frustrating. :-(

 

[hondaguy28]

The only difference between your configuration and mine is that I don't tell my clients to redirect all their traffic through the tunnel.

I would double check to ensure you have the correct settings on your client configuration, especially the cipher, compression and TUN mode. Also make sure you run your client with elevated privileges so it can properly establish the routes on the client.

I changed the cipher to default and left compression as adaptive and it now connects perfectly. I can ping the router once connect via vpn.

So does that mean that I should be able to connect to server folder using \\serverIP\sharename?

Will try tomorrow. I am exhausted now.

 

[kfmfe04]

Which OpenVPN client are you using?

ymmv, but when I used TunnelBlick on OSX, I, too, initially found that it would drop and relog in every 15-20 seconds.

In the end, I found that the issue was caused by the client end : under Advanced... While Connected, there are settings to tell the client what to do when there is a change in DNS Server, domain, or search domain.

The initial settings said to "Restart Connection" - when I changed these three to "Ignore", everything worked great.

KEY TO FINDING OUT ISSUES: check your client logs. I found that my client was connecting perfectly. After a brief pause, it would attempt to restart the connection.