Menu
What's new
By:
Filters Better Search

OpenVPN Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bilboSNB

Senior Member
I am trying to set up the openvpn server so that I can securley connect to my home network.

Is this just a case of setting up the parameters on the webgui , exporting the .ovpn file and using that? Or do I also need to generate the certificates 1st?
 
Well using the exported config file with the keys part if the file seems to be working okay.

In the past I have had to generate certificates, is the method I am using now any less secure?

Oh and how can I access my lan as at present I can only access the router.
 
I can't comment on the strength of security of the in-router generated certs vs. self-made ones. You can still apply your own, if you want (which is what I did when I migrated from my old router to the Asus).

In order to access the Home-LAN...there is a switch called "push LAN to clients" in the router VPN settings.
Enabling this should do the trick.
 
Ah right thanks, yes I have selected that option. I can ping the router but nothing on else on the lan eg 192.168.0.2

Code: 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.100     25
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
         10.0.0.0    255.255.255.0         On-link        10.0.0.100    281
       10.0.0.100  255.255.255.255         On-link        10.0.0.100    281
       10.0.0.255  255.255.255.255         On-link        10.0.0.100    281
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     30
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    286
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    286
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    286
    37.18.137.x  255.255.255.255         10.0.0.1       10.0.0.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
      192.168.0.0    255.255.255.0         10.8.0.5         10.8.0.6     30
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    286
        224.0.0.0        240.0.0.0         On-link        10.0.0.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    286
  255.255.255.255  255.255.255.255         On-link        10.0.0.100    281

Whats gateway 10.8.0.5 I dont seem to be able to ping that either.
 
I had your same problem on my RT-AC68U with .40alpha4. Now I am trying out .41alpha5 and it worked with the same config. Looks like the "push LAN to clients" was broken on .40alpha4.
 
That combo works for me, and worked pre alpha4 too.
so I guess it could be something else.
Have not tried "alpha5"

chtse53 said:
I had your same problem on my RT-AC68U with .40alpha4. Now I am trying out .41alpha5 and it worked with the same config. Looks like the "push LAN to clients" was broken on .40alpha4.
Click to expand...
 
I am on FW374.40 on a N66U, where is the server config file, can this be edited manually?
 
It wouldn't be anything to do with changing the default lan ip subnet of the router would it?
 
I am sure it is something to do with 10.8.0.5 as a gateway causing an issue. Could someone else possibly do a route print that can access their lan please?
 
Perhaps someone can tell from this:

Code: 
  GNU nano 2.2.6                        File: server1-fw.sh

#!/bin/sh
iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -I INPUT -i tun21 -j ACCEPT
iptables -I FORWARD 4 -i tun21 -j ACCEPT
iptables -A ipttolan -i tun21 -m account --aaddr 192.168.0.0/255.255.255.0 --aname lan -j RETURN
iptables -A iptfromlan -o tun21 -m account --aaddr 192.168.0.0/255.255.255.0 --aname lan -j RETURN



# Automatically generated configuration
daemon
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
tls-auth static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration


-----------------


admin@RT-N66U:/tmp/home/root# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1194
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            192.168.0.1         tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            192.168.0.1         tcp dpt:8443
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ipttolan   all  --  0.0.0.0/0            0.0.0.0/0
iptfromlan  all  --  0.0.0.0/0            0.0.0.0/0
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME on Sun,Mon,Tue,Wed,Thu MAC BC:67:7
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 3:0 on Fri MAC BC:67:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 17:0 on Fri MAC BC
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME on Sat MAC BC:67
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC BC:67:78:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 21:0 on Sun MAC 5C:FXXXX
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Mon MAC 5C:F9:3;ewd;w
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Tue MAC 5C:F9:38:66:5B:4D
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Wed MAC 5C:oepowje
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Thu MAC 5C:F9:3XXXX
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 23:0 on Fri MAC 5C:F9:3XXX
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 23:0 on Sat MAC 5C:F9:38:66:5B:4D
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC 5C:F9:38:66:5B:4D
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 21:0 on Sun MAC 5C:F9:38:3C:32:04
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Mon MAC 5C:F9:XXXXXXX
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Tue MAC 5C:F9:xxxxxx
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Wed MAC 5C:F9:38xxxxxx
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 21:0 on Thu MAC 5C:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 6:0 to 23:0 on Fri MAC 5C:F9:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 23:0 on Sat MAC 5C: etc
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC 5C:F9:38:3C:32:04
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME on Sun,Mon,Tue,Wed,Thu MAC 14:99:E
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME to 3:0 on Fri MAC 14:99:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME from 16:0 on Fri MAC 14:99:
PControls  all  --  0.0.0.0/0            0.0.0.0/0           TIME on Sat MAC 14:99
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC 14:99:E2
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           ctstate DNAT
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain FUPNP (0 references)
target     prot opt source               destination

Chain PControls (22 references)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain iptfromlan (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.0.0/255.255.255.0 name: lan
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.0.0/255.255.255.0 name: lan

Chain ipttolan (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.0.0/255.255.255.0 name: lan
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.0.0/255.255.255.0 name: lan

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0           state NEW LOG flags 7 level 4 prefix `ACCEPT '
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0           state NEW LOG flags 7 level 4 prefix `DROP '
DROP       all  --  0.0.0.0/0            0.0.0.0/0





admin@RT-N66U:/tmp/etc/openvpn/server1#



Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
195.10.125.x   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun21
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun21
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         195.10.125.83   0.0.0.0         UG    0      0        0 ppp0
 
On the latest beta now and still cant ping the lan, it timed out.

I am stumped, any ideas please?
 
You must log in or register to reply here.

Similar threads

T
[Help] Problems setting up OpenVPN
Replies
7
Views
317
Thookie
T
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
221
eibgrad
eibgrad
N
Solved OpenVPN Server split tunnell config
Replies
5
Views
377
elorimer
E
Z
Sudden VPN client issues with RX-AX82U
Replies
5
Views
262
eibgrad
eibgrad
F
OpenVPN DNS
Replies
7
Views
611
fotingo
F
Similar threads
Thread starter Title Forum Replies Date
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7
H Can no longer get OpenVPN Server to work Asuswrt-Merlin 4
Sunny786 Help Needed: Configuring OpenVPN Server and Instant Guard on Asus GT-AX11000 with Technicolor CobraXh Modem Router Asuswrt-Merlin 11
P Problem connecting to OpenVPN server on AX86U Asuswrt-Merlin 4
bengalih Bug with corrupted passwords in OpenVPN Server Asuswrt-Merlin 14
S OpenVPN server fails after reboot Asuswrt-Merlin 6
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 593 (members: 20, guests: 573)
Top