Test builds with OpenVPN available

[RMerlin]

2. The Option "Accept DNS Configuration" can´t set with the gui.

There lies the real issue. That field doesn't work properly.

 

[Gingernut]

Hello Merlin, i found here the solution for my dns problem?

http://www.linksysinfo.org/index.php?threads/openvpn-client-cant-resolve-dns.37076/#post-180431

But i don´t know how i can find the dns masq options.

Custom dnsmasq options dont exist in Asuswrt-Merlin/Stock web interface for easy user configuration, it's something you'd have to do using startup scripts or similar.

This is one of the things I requested a while back but Eric saw no real benefit in adding it, maybe if it's a wanted option his opinion could be changed.

Will the driver be updated in next ASUSWRT-MERLIN fw? I noticed that the driver in official FW 188 for AC66U have been updated.


6.30 RC39.31
wl0: Aug 29 2012 12:34:30 version 6.30.39.31 (r341183)

It will as AsusWRT-Merlin is based on Asus code but I think he's waiting on something new from Asus to merge and thorough OpenVPN debugging before next release.

 

[RMerlin]

Custom dnsmasq options dont exist in Asuswrt-Merlin/Stock web interface for easy user configuration, it's something you'd have to do using scripts or similar.

This is one of the thing's I requested a while back but Eric saw no real benefit in adding it, maybe if it's a wanted option his opinion could be changed.

Custom configs (not just dnsmasq, but smb.conf and others as well) is something still on the radar, just not a high priority at the moment.

 

[Gingernut]

Great news, thanks.

 

[RichardNixon]

OpenVPN works on Merlin WRT

I just set up OpenVPN on Merlin WRT works like a charm. Easy to configure and port from from my Windows computer. Great work!!!!

 

[RMerlin]

Thanks everyone who has tested this over the past week!

I'll see if Asus releases new GPL code in time for the weekend. If they do, I'll start working on rebasing on it before making a new release. However if they don't, I will make a second beta release either Friday or Saturday which will include:

• OpenSSL upgraded from 1.0.0b (used by Asus) to 1.0.0j, fixing various security vulnerabilities
• Adding easy-rsa, allowing you to generate your certs/keys from the router itself - (depending on if I can finish it in time)
• Fixed client DNS option
• Allow entering a hostname for the client's server address (not just an IP)
• Fixed default value for HDD idle spindown (unrelated to OpenVPN)

 

[geko53]

Great news, Eric!

I'm really looking forward to the implementation of host name instead of IP to be able to get OpenVPN working in my system...

Thank you very much indeed for your valuable efforts!

 

[RMerlin]

New beta builds uploaded to Github. Includes the previously mentionned changes, as well as a fix for the corrupted WOL list under IE. Also, Easy-RSA has been integrated in the firmware, so you can now generate your key/cert pairs from the router itself. See here for instructions on how to use it.

I'm especially interested in confirming that the OpenSSL update didn't break anything, and also of any remaining UI issue.

 

[geko53]

I'm especially interested in confirming that the OpenSSL update didn't break anything, and also of any remaining UI issue.

After having entered my DynDNS host name at Server Adress in OpenVPN Client Settings the router froze when I tried to activate these OpenVPN settings... I wasn't able to access 192.168.1.1 on WebGUI or via Telnet and had to powercycle the router to gain access again.

I've tried different variations to exclude a local fault proceeded by me (erasing nvram via telnet and via WebGUI, entering everything "by hand" etc., but didn't succeed do get rid of that issue... As I couldn't access the router after activating OpenVPN I wasn't able to take a look into syslog so I don't know what was going wrong.

 

[RMerlin]

After having entered my DynDNS host name at Server Adress in OpenVPN Client Settings the router froze when I tried to activate these OpenVPN settings... I wasn't able to access 192.168.1.1 on WebGUI or via Telnet and had to powercycle the router to gain access again.

I've tried different variations to exclude a local fault proceeded by me (erasing nvram via telnet and via WebGUI, entering everything "by hand" etc., but didn't succeed do get rid of that issue... As I couldn't access the router after activating OpenVPN I wasn't able to take a look into syslog so I don't know what was going wrong.

Please provide more details on your setup. My test RT-N66U is permanently connected to my DD-WRT running WRT320N here over OpenVPN, and I don't have any problem accessing the RT-N66U.

 

[geko53]

Please provide more details on your setup. My test RT-N66U is permanently connected to my DD-WRT running WRT320N here over OpenVPN, and I don't have any problem accessing the RT-N66U.

I'm connected to Internet via 3G-modem (Huawei E372), therefore, the WAN IP is dynamic and I have to use DYNDNS.

I've produced the keys for OpenVPN as it was described on the site you linked to, therefore in the first run I didn't succeed dot connect as I didn't copy the "BEGIN"-line of the keys. After your suggestion to enter the key including the "BEGIN"-line I was able to activate the server as well as the client using the dynamic IP I got from the network map and succeeded to connect with my notebook.

As 178.16 Beta1 didn't yet provide the possibility to enter DynDNS host name I deactivated OpenVPN as my provider ("3" - Hutchinson) changes IPs very frequently. Flashing 178.16 Beta2 I saw that you have implemented the possibility to enter host names too and gave it a try. After trying to activate Server and Client the router froze and had to be activated via power cycling...

The other functions in Beta2 are running as they should as far as I can tell...

• Router RT-N66U running with 178.16 Beta2
• External USB-drive TOSHIBA MQ01ABD050 mounted on the first USB-port
• USB-Modem Huawei E372 on the second USB-port

Hope I made the point. Do you need more details? Please tell me what else...

 

[RMerlin]

I'm connected to Internet via 3G-modem (Huawei E372), therefore, the WAN IP is dynamic and I have to use DYNDNS.

I've produced the keys for OpenVPN as it was described on the site you linked to, therefore in the first run I didn't succeed dot connect as I didn't copy the "BEGIN"-line of the keys. After your suggestion to enter the key including the "BEGIN"-line I was able to activate the server as well as the client using the dynamic IP I got from the network map and succeeded to connect with my notebook.

As 178.16 Beta1 didn't yet provide the possibility to enter DynDNS host name I deactivated OpenVPN as my provider ("3" - Hutchinson) changes IPs very frequently. Flashing 178.16 Beta2 I saw that you have implemented the possibility to enter host names too and gave it a try. After trying to activate Server and Client the router froze and had to be activated via power cycling...

The other functions in Beta2 are running as they should as far as I can tell...

• Router RT-N66U running with 178.16 Beta2
• External USB-drive TOSHIBA MQ01ABD050 mounted on the first USB-port
• USB-Modem Huawei E372 on the second USB-port

Hope I made the point. Do you need more details? Please tell me what else...

One thing I don't understand: why are you configuring the client on the router? What is it connecting to?

 

[geko53]

One thing I don't understand: why are you configuring the client on the router? What is it connecting to?

Now that you mention it...

Obviously, I couldn't see the wood for the trees - thought, I had to enter the certificates for the client and to enable server AND client on the router at the same time... Therefore, the whole thing didn't have another chance as to freeze.

Hope you don't blame me too much for my unhandiness...

OpenVPN works perfectly now...

 

[RMerlin]

Now that you mention it...

Obviously, I couldn't see the wood for the trees - thought, I had to enter the certificates for the client and to enable server AND client on the router at the same time... Therefore, the whole thing didn't have another chance as to freeze.

Hope you don't blame me too much for my unhandiness...

OpenVPN works perfectly now...

No problem. That's why I asked for more details, cause you never know

 

[tungsten]

Great Works, Rmerlin! As I always wanted to try out openvpn on the optware but those certificates location always post a problem. Now that I can get it work natively.

Btw, will your .220 be incorporated with openvpn?

 

[RMerlin]

Great Works, Rmerlin! As I always wanted to try out openvpn on the optware but those certificates location always post a problem. Now that I can get it work natively.

Btw, will your .220 be incorporated with openvpn?

Yes, next release will be 220.16 and will include OpenVPN.

 

[geko53]

Yes, next release will be 220.16 and will include OpenVPN.

Really 220.16? Shouldn't it be 220.17?

 

[RMerlin]

Really 220.16? Shouldn't it be 220.17?

16 or 17, they're just numbers. The point is more that I won't make a non-beta release of 178.16 before the next build based on 220.

 

[darksamus]

Yes, next release will be 220.16 and will include OpenVPN.

Will your next release have support both openvpn certificate and user/password login as extra layer of security? Also, will it allow us point the certificate to a file (stored in the internal microsd) instead of pasting the certificate into the router GUI?

 

[RMerlin]

Will your next release have support both openvpn certificate and user/password login as extra layer of security? Also, will it allow us point the certificate to a file (stored in the internal microsd) instead of pasting the certificate into the router GUI?

No plan on either points. First one can probably be done by adding custom config entries, and the second one would make the whole code unnecessarily complex for no real reason.