What's new

OpenVPN TAP Server Setup Help in Kong DD-WRT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

starbux

Occasional Visitor
Hello,

I need help setting up an openVPN TAP Server on DD-WRT for the R7000 (kong version).

I want to do 2 things with the VPN server: 1) redirect/tunnel all internet traffic through the VPN including DNS information and 2) be able to access my home network as if I was on local wifi or ethernet.

I don't know what I'm doing wrong but currently the VPN client on my computer connects, but does not redirect internet traffic (I did an IP check and it still shows my non-VPN IP address) and also, I do not have access to my private home network.

Here are my settings. I'm also posting my old tomato router settings because it worked just fine on my tomato router, and I tried to copy over the same settings to the best of my ability.

OpenVPN Client Log
Code:
Fri Jun 27 00:46:15 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Jun 27 00:46:15 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Fri Jun 27 00:46:15 2014 Need hold release from management interface, waiting...
Fri Jun 27 00:46:16 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Fri Jun 27 00:46:16 2014 MANAGEMENT: CMD 'state on'
Fri Jun 27 00:46:16 2014 MANAGEMENT: CMD 'log all on'
Fri Jun 27 00:46:16 2014 MANAGEMENT: CMD 'hold off'
Fri Jun 27 00:46:16 2014 MANAGEMENT: CMD 'hold release'
Fri Jun 27 00:46:16 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 27 00:46:16 2014 UDPv4 link local: [undef]
Fri Jun 27 00:46:16 2014 UDPv4 link remote: [AF_INET]XXXXXXX:443
Fri Jun 27 00:46:16 2014 MANAGEMENT: >STATE:1403855176,WAIT,,,
Fri Jun 27 00:46:16 2014 MANAGEMENT: >STATE:1403855176,AUTH,,,
Fri Jun 27 00:46:16 2014 TLS: Initial packet from [AF_INET]XXXXXXXX:443, sid=6f54dc97 e5af5528
Fri Jun 27 00:46:17 2014 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=tomatovpn, name=tomatovpn, emailAddress=mail@host.domain
Fri Jun 27 00:46:17 2014 VERIFY OK: nsCertType=SERVER
Fri Jun 27 00:46:17 2014 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=server, emailAddress=mail@host.domain
Fri Jun 27 00:46:17 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 27 00:46:17 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 27 00:46:17 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 27 00:46:17 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 27 00:46:17 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES128-SHA, 1024 bit RSA
Fri Jun 27 00:46:17 2014 [server] Peer Connection Initiated with [AF_INET]XXXXXXXX:443
Fri Jun 27 00:46:18 2014 MANAGEMENT: >STATE:1403855178,GET_CONFIG,,,
Fri Jun 27 00:46:19 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Jun 27 00:46:19 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.8.0.0,ping 10,ping-restart 120,ifconfig 10.8.0.1 255.255.255.0'
Fri Jun 27 00:46:19 2014 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 27 00:46:19 2014 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 27 00:46:19 2014 OPTIONS IMPORT: route options modified
Fri Jun 27 00:46:19 2014 OPTIONS IMPORT: route-related options modified
Fri Jun 27 00:46:19 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jun 27 00:46:19 2014 MANAGEMENT: >STATE:1403855179,ASSIGN_IP,,10.8.0.1,
Fri Jun 27 00:46:19 2014 open_tun, tt->ipv6=0
Fri Jun 27 00:46:19 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{XXXXXXXXXXX}.tap
Fri Jun 27 00:46:19 2014 TAP-Windows Driver Version 9.9 
Fri Jun 27 00:46:19 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {XXXXXXXXXXXXXXXX} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Fri Jun 27 00:46:19 2014 Successful ARP Flush on interface [12] {XXXXXXXXXXXXXX}
Fri Jun 27 00:46:21 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri Jun 27 00:46:21 2014 C:\WINDOWS\system32\route.exe ADD XXXXXXXXXX MASK 255.255.255.255 172.20.10.1
Fri Jun 27 00:46:21 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Jun 27 00:46:21 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.0
Fri Jun 27 00:46:21 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Jun 27 00:46:21 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.0
Fri Jun 27 00:46:21 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Jun 27 00:46:21 2014 Initialization Sequence Completed
Fri Jun 27 00:46:21 2014 MANAGEMENT: >STATE:1403855181,CONNECTED,SUCCESS,10.8.0.1,XXXXXXXXXX

Old Tomato TAP Server Config
TvsRVyO.png


DD-WRT TAP Server Config
b8McxMB.png


OpenVPN Client Config
Code:
client
dev tap
proto udp
remote XXXXXXXXXXXXXX 443

script-security 3
resolv-retry infinite
nobind


ca "C:\\Program Files\\OpenVPN\\easy-rsa\\tomato\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\tomato\\client2.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\tomato\\client2.key"
ns-cert-type server

cipher BF-CBC
comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2

Note that I changed the port the TAP server used to 443 in DD-WRT.
 
I should mention that the problem seems to be that on the client, it receives a VPN DHCP IP address and subnet mask, but no default gateway.

I am able to browse the internet, but traffic is not tunneled through to the VPN, and I cannot access local LAN of the bridged connection.

Also this is strange, but it seems that OpenVPN on DD-WRT creates a tap server called 'tap2'. Why is this the case? I've had to change my client config file to dev tap2 from dev tap. What does the number do?
 
Just changed gateway IP to 10.8.0.1, and the ip range for the DHCP server for the VPN from 10.8.0.2 to 10.8.0.50, and still the same problems. Really need help here, I am absolutely puzzled.
 
i tested a TAP server some time ago, the biggest differences i'm seeing between our configs is that i had the following in mine

Code:
dev-node tap-vpn
float
persist-tun
persist-remote-ip

and i did NOT have the following;

Code:
[COLOR="red"]route-method exe
route-delay 2[/COLOR]
explicit-exit-notify 2
ping 10
ping-restart 60
script-security 3

on a Win8 machine
 
Hi,

I removed those and added your client config, and that has not fixed the issue.

I'm pretty sure this is server side config issue.

My tomato router with its openVPN Tap server config runs just fine using the same client config.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top