Hi gurus.
need your help. i am struggling to make openvpn connection working.
Client network is based on old wl500gp (lan 192.168.3.x). Located in remote location. Connected via 3g network (i.e. "gray" ip). In order to make it accessible outside it is connected with OpenVPN server (rt-n66u) (lan 192.168.2.x) network.
Connection succeed. Tun is working (192.168.4.x). However i can't acces any client/network machine from server/network and vice-versa. Remote ping of wl500gp(client nw router) using vpn address (192.168.4.2) is succesfull. Remote ping of wl500gp using lan address (192.168.3.1) is not succesfull. Remote ping of rtn66u(server nw route) using vpn address (192.168.4.1) is succesfull. Remote ping of rtn66u using lan address (192.168.2.1) is succesfull.
I tried to add/modify routes using client-config-dir and manually, adjusted iptables - result is the same.
reading openvpn.howto i realized the problem is - duplicate-cn option is used in config.ovp on rtn66u always. The questions is - how can i (manually?) remove duplicate-cn from config.ovpn? I didn't find relevant gui option.
Any other suggestions/ideas?
Below is my server.ovpn
client-config in /jffs/configs/openvpn/ccd1/dacha
client.ovpn
need your help. i am struggling to make openvpn connection working.
Client network is based on old wl500gp (lan 192.168.3.x). Located in remote location. Connected via 3g network (i.e. "gray" ip). In order to make it accessible outside it is connected with OpenVPN server (rt-n66u) (lan 192.168.2.x) network.
Connection succeed. Tun is working (192.168.4.x). However i can't acces any client/network machine from server/network and vice-versa. Remote ping of wl500gp(client nw router) using vpn address (192.168.4.2) is succesfull. Remote ping of wl500gp using lan address (192.168.3.1) is not succesfull. Remote ping of rtn66u(server nw route) using vpn address (192.168.4.1) is succesfull. Remote ping of rtn66u using lan address (192.168.2.1) is succesfull.
I tried to add/modify routes using client-config-dir and manually, adjusted iptables - result is the same.
reading openvpn.howto i realized the problem is - duplicate-cn option is used in config.ovp on rtn66u always. The questions is - how can i (manually?) remove duplicate-cn from config.ovpn? I didn't find relevant gui option.
Any other suggestions/ideas?
Below is my server.ovpn
daemon
topology subnet
server 192.168.4.0 255.255.255.0
proto tcp-server
rcvbuf 0
sndbuf 0
port 1194
dev tun21
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.2.0 255.255.255.0"
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
client-config-dir /jffs/configs/openvpn/ccd1
route 192.168.3.0 255.255.255.0
topology subnet
server 192.168.4.0 255.255.255.0
proto tcp-server
rcvbuf 0
sndbuf 0
port 1194
dev tun21
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.2.0 255.255.255.0"
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
client-config-dir /jffs/configs/openvpn/ccd1
route 192.168.3.0 255.255.255.0
client-config in /jffs/configs/openvpn/ccd1/dacha
iroute 192.168.3.0 255.255.255.0
client.ovpn
client
dev tun
proto tcp-client
remote secret 1194
float
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
ca /opt/etc/openvpn/keys/ca.crt
cert /opt/etc/openvpn/keys/dacha.crt
key /opt/etc/openvpn/keys/dacha.key
resolv-retry infinite
nobind
dev tun
proto tcp-client
remote secret 1194
float
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
ca /opt/etc/openvpn/keys/ca.crt
cert /opt/etc/openvpn/keys/dacha.crt
key /opt/etc/openvpn/keys/dacha.key
resolv-retry infinite
nobind
Last edited:
