Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bootstrap.php(430) : eval()'d code on line 123
HowTo install OpenVPN server - Page 3
Page 3 of 3 FirstFirst 123
Results 31 to 42 of 42

Thread: HowTo install OpenVPN server

  1. #31
    Join Date
    Jun 2004
    Location
    Hungary
    Posts
    10

    Unhappy OpenVpn will not start

    Hi,

    I read the tutorial and installed OpenVpn via ipkg on my wl500gpv2.

    My problem is that I cannot start openvpn:

    [user@WL500gpv2 sbin]$ /opt/sbin/openvpn
    -sh: /opt/sbin/openvpn: not found
    [user@WL500gpv2 sbin]$ ls -l /opt/sbin/openvpn
    -rwxr-xr-x 1 user root 769724 Feb 22 05:12 /opt/sbin/openvpn

    What could be the problem???

  2. #32
    Hi,
    thanks for this tutorial! but i have a problem with it. When i trying to connect from Xp client outside the router, the client do not connect to the router:
    Code:
    Wed Mar 31 14:41:00 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Wed Mar 31 14:41:00 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Mar 31 14:41:00 2010 TAP-WIN32 device [tun0] opened: \\.\Global\{CEA93030-2985-4747-B3D3-4267FB40C32B}.tap
    Wed Mar 31 14:41:00 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.252 on interface {CEA93030-2985-4747-B3D3-4267FB40C32B} [DHCP-serv: 10.8.0.1, lease-time: 31536000]
    Wed Mar 31 14:41:00 2010 Successful ARP Flush on interface [196612] {CEA93030-2985-4747-B3D3-4267FB40C32B}
    Wed Mar 31 14:41:00 2010 UDPv4 link local (bound): [undef]:1194
    Wed Mar 31 14:41:00 2010 UDPv4 link remote: **.**.**.**:1194
    I tryng to telnet **.**.**.** 1194 and there is no answer
    Code:
    C:\Documents and Settings\alexx>telnet **.**.**.** 1194
    Подключение к **.**.**.**...Не удалось открыть подключение к этому узлу, на по
    рт 1194: Сбой подключения
    I think that may be a port 1194 is not opened...
    Please help!)

  3. #33
    Join Date
    Nov 2004
    Location
    Sweden
    Posts
    259
    Quote Originally Posted by rej View Post
    No I have not gotten it to work. I will take it up on a later time, first I got to get the router stable while running with a USB stick attached...

    By the way, I don't think working on the samba server on the router will help you - in theory you don't even need samba running on your router to access samba on computers in your workgroup.

    BR,
    René
    You need to route the traffic between tun0 and eth0 interfaces. Use iptables.

  4. #34
    Join Date
    Feb 2007
    Location
    CzechRep
    Posts
    151

    Question

    1. Are the red lines necessary? There is nothing similar in other openvpn tutorials.
    Code:
    iptables -I INPUT -i tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -j ACCEPT
    iptables -I FORWARD -o tun0 -j ACCEPT
    iptables -I OUTPUT -o tun0 -j ACCEPT
    2. How can I reload firewall rules (on the fly) without rebooting correctly?
    __________________________________________________ _
    WL-500gP Oleg firmware v.1.9.2.7-rtn
    vsftp,lighttp,php5,mysql4,samba3,
    syslog-ng,rrdtools,cron,openvpn
    WD MyBook 250GB
    __________________________________________________ _
    OpenSUSE 13.1

  5. #35
    Join Date
    Feb 2007
    Location
    CzechRep
    Posts
    151
    Quote Originally Posted by Tamadite View Post
    You need to route the traffic between tun0 and eth0 interfaces. Use iptables.
    How? This way?

    Code:
    iptables -t nat -I PREROUTING -i vlan1 -p udp --dport 1194 -j DNAT --to-destination 192.168.1.1:1194
    better -I or -A?

    (WL-500gP)
    __________________________________________________ _
    WL-500gP Oleg firmware v.1.9.2.7-rtn
    vsftp,lighttp,php5,mysql4,samba3,
    syslog-ng,rrdtools,cron,openvpn
    WD MyBook 250GB
    __________________________________________________ _
    OpenSUSE 13.1

  6. #36
    Hi,

    Tried to follow the tutorial exactly, didn't work. Then I tried to tweak the post-firewall rules, yet no matter what I'm doing, I keep getting:
    Code:
    xxx.dyndns.org isn't responding on port 1194 (openvpn)
    when scanning the 1194 port
    And yes, I am able to eg. ssh into my router with the given dyndns host.
    Conclusion: I don't know how to open the 1194 port for the OpenVPN client to even start doing transactions. Please, help.

  7. #37
    Join Date
    Nov 2004
    Location
    Sweden
    Posts
    259
    Quote Originally Posted by sarlacc View Post
    How? This way?

    Code:
    iptables -t nat -I PREROUTING -i vlan1 -p udp --dport 1194 -j DNAT --to-destination 192.168.1.1:1194
    better -I or -A?

    (WL-500gP)
    "I" or "A"? It depends on the policy of the table. More on Google.

    How to route between tun0 and eth0? What about Googling for a bit only?

    http://ubuntuforums.org/showthread.php?t=607519

    Just in case the link above gets broken:

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t filter -A FORWARD -i tun0 -j ACCEPT
    iptables -t filter -A FORWARD -i eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -s 192.168.3.2 -j MASQUERADE
    I have not tried it my self so I can not confirm if it works. I guess 192.168.3.2 should be replaced by the tun0 IP address.

  8. #38
    Join Date
    Nov 2004
    Location
    Sweden
    Posts
    259
    Quote Originally Posted by Kosmotaur View Post
    Hi,

    Tried to follow the tutorial exactly, didn't work. Then I tried to tweak the post-firewall rules, yet no matter what I'm doing, I keep getting:
    Code:
    xxx.dyndns.org isn't responding on port 1194 (openvpn)
    when scanning the 1194 port
    And yes, I am able to eg. ssh into my router with the given dyndns host.
    Conclusion: I don't know how to open the 1194 port for the OpenVPN client to even start doing transactions. Please, help.
    If firewall rules and the notes given and the end of the rules do not help to open the port, you should take a look at the policy you have on the INPUT and PREROUTING tables to see if it is "I" (insert) or "A" (append) the parameter to use on the rules.

    On the other hand "isn't responding on port 1194" does not imply the port is not open. It implies there is no service responding to the request on port 1194; reasons can be multiple, e.g. no service behind the port, closed port, etc.

  9. #39

    PLEASE HELP!!!

    Adding --float to client.ovpn solved the problem.


    I'm trying to connect to OpenVPN for days now and i keep getting this error
    Code:
    TCP/UDP: Incoming packet rejected from 192.168.18.254:1194[2], expected peer address: 79.112.107.146:1194 (allow this incoming source address/port by removing --remote or adding --float)
    .
    I would really appreciate if someone could help me out.

    post-firewall looks like this
    Code:
    #!/bin/sh
    # this opens the ssh port to internet! Be sure to have strong passwords!
    iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p udp --sport 1194 --dport 1194 -j ACCEPT
    iptables -A OUTPUT -p udp --sport 1194 --dport 1194 -j ACCEPT
    
    #OpenVPN access from WAN
    iptables -D INPUT -j DROP
    iptables -A INPUT -p udp --dport 1194 -j ACCEPT
    iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT
    --to-destination 192.168.18.254:1194
    iptables -A INPUT -j DROP
    
    iptables -I INPUT -i tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -j ACCEPT
    iptables -I FORWARD -o tun0 -j ACCEPT
    iptables -I OUTPUT -o tun0 -j ACCEPT
    ifconfig
    Code:
    ifconfig
    br0       Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
              inet addr:192.168.18.254  Bcast:192.168.18.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2431 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1883 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:582528 (568.8 KiB)  TX bytes:826719 (807.3 KiB)
    
    eth0      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1112 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:306676 (299.4 KiB)
              Interrupt:4 Base address:0x1000
    
    eth1      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1824 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1263 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:680250 (664.3 KiB)  TX bytes:368687 (360.0 KiB)
              Interrupt:5 Base address:0x2000
    
    eth2      Link encap:Ethernet  HWaddr 00:1D:60:9F:1D:3C
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2424 errors:0 dropped:0 overruns:0 frame:112907
              TX packets:2577 errors:31 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:615892 (601.4 KiB)  TX bytes:1004952 (981.3 KiB)
              Interrupt:12 Base address:0x4000
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    ppp0      Link encap:Point-to-Point Protocol
              inet addr:xxx.xxx.107.146  P-t-P:10.0.0.1  Mask:255.255.255.255
              UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
              RX packets:1529 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3
              RX bytes:600547 (586.4 KiB)  TX bytes:340013 (332.0 KiB)
    
    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    server.conf
    Code:
    dev tun
    proto udp
    ifconfig 10.8.0.1 10.8.0.2
    secret /opt/etc/openvpn/static.key
    push "redirect-gateway def1"
    push "dhcp-option DNS 10.8.0.1"
    comp-lzo
    keepalive 10 60
    daemon
    client.ovpn
    Code:
    remote xxx.xxx.xxx.xxx ;server IP address
    dev tun
    ifconfig 10.8.0.2 10.8.0.1
    secret static.key
    comp-lzo
    keepalive 10 60
    redirect-gateway def1
    route-method exe
    route-delay 2
    dhcp-option DNS 10.8.0.1
    Works great connecting from LAN , but i can't connect from WAN.
    Last edited by dreamer69; 23-05-2010 at 14:17. Reason: SOLVED

  10. #40

    Wink

    Quote Originally Posted by Csali View Post
    Hi,

    I read the tutorial and installed OpenVpn via ipkg on my wl500gpv2.

    My problem is that I cannot start openvpn:

    [user@WL500gpv2 sbin]$ /opt/sbin/openvpn
    -sh: /opt/sbin/openvpn: not found
    [user@WL500gpv2 sbin]$ ls -l /opt/sbin/openvpn
    -rwxr-xr-x 1 user root 769724 Feb 22 05:12 /opt/sbin/openvpn

    What could be the problem???
    Hi Csali, I had the same problem and could find reason for long time. By I found the solution. The problem is in uClib library, which is to be installed explicitly with IPKG http://wl500g.info/showthread.php?t=8205.

    Petr

  11. #41

    openvpn mktun gives segmentation fault

    I did ipkg update+upgrade and now openvpn is just messed up. openvpn mkturn gives a segmentation fault error.

    I looked around on the web and found that the problem lies with an update to openssl and it is suggested to go back to an earlier version. I have no idea how to do this. Can someone help?

    Thanks.

  12. #42
    Well, I fixed the problem by removing both packages and re-installing it. Detailed steps follow:

    1) ipkg remove openvpn
    2) ipkg remove lynx (I had to do this as lynx requires openssl)
    3) ipkg remove openssl
    4) reboot router (I believe this step is very important as openssl would not install till I rebooted the router)
    5) ipkg upgrade
    6) ipkg update
    7) ipkg openssl
    8) ipkg openssl-dev
    9) ipkg openvpn

Page 3 of 3 FirstFirst 123

Similar Threads

  1. HOWTO install debian on 128 mb usb stick
    By iiivx in forum WL-500gP Tutorials
    Replies: 49
    Last Post: 11-09-2010, 07:26
  2. Howto openvpn
    By diablo in forum German Discussion - Deutsch (DE)
    Replies: 9
    Last Post: 14-02-2008, 13:47
  3. lighttp and php tutorial
    By theboy50 in forum WL-500g/WL-500gx Tutorials
    Replies: 29
    Last Post: 30-01-2008, 19:03
  4. FTP server op wl500g-dlx niet bereikbaar vanaf internet
    By Sawilla in forum Dutch Discussion - Nederlands
    Replies: 16
    Last Post: 19-12-2005, 10:37

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •