1 or 2?
you mean 0 = off and 1 = on?
According to lly, the proper way to turn it off is by doing:
0 should turn it off though;)Code:nvram unset misc_fastnat_x
No, I mean:
for activating of fastnat without url filter (fastest mode)Code:nvram set misc_fastnat_x=1
nvram commit
for activating of fastnat including url filter (slower, but still active).Code:nvram set misc_fastnat_x=2
nvram commit
By using
fastnat is completely dectivated.Code:nvram unset misc_fastnat_x
nvram commit
hmm... didn't know about the url-filterless option.
Anyway, with fastnat enabled openvpn shouldn't even work. At least, it doesn't for me.
Are you using TAP instead of TUN?
not true nowadays, I've fixed fastnat & urlfiler coexistance to have almost no perfomance penalty and no control from userspace (values 1 or 2 or etc), it works automagically.
forget it about urlfilter since r5013,
fastnat control can be done via /proc/sys/net/netfilter/nf_conntrack_fastnat, 0 disabled, 1 enabled
fastnat state can be viewed via /proc/sys/net/netfilter/nf_conntrack_fastnat_http, 0 normal, 1 urlfiler-compatible mode
also, you can exclude any connection from being fastnated by iptables "-j MARK --set-mark" or "-j CONNMARK --set/and/or/xor-(x)mark"
issue you've faced with is new due recent tun driver kernel chages, and we need some time to handle it.
You're right, since r5099 I can't handle some connections on routers connected through openvpn. It seems that tun interface is somehow broken.
I've got the same problem.
Tried replacing the line suggested in the post above - didn't help.
Anyone knows what is causing this and how to fix it?Code:install.sh
Package openssl (0.9.7m-6) installed in /opt/ is up to date.
Package lzo (2.03-1) installed in /opt/ is up to date.
Package net-tools (1.60-6) installed in /opt/ is up to date.
Package easy-rsa (2.0rc1SAN-3) installed in /opt/ is up to date.
Package psmisc (22.13-1) installed in /opt/ is up to date.
Package openvpn (2.2.0-1) installed in /opt/ is up to date.
Nothing to be done
Successfully terminated.
Several questions will be asked that will be reflected in the keys
for private use your answer does not matter.
Save previously generated keys from /opt/share/easy-rsa/keys (if any).
Type the number of clients you need keys for and press Enter to continue.
Guess your number of clients well as it takes time both to generate and generate keys again.
3
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
NOTE: If you run ./clean-all, I will be doing a rm -rf on /opt/share/easy-rsa/keys
Generating CA key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating Diffie-Hellman parameters
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
Generating Server key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 1
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 2
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 3
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
cannot stat `./keys/server*': No such file or directory
cannot stat `./keys/ca*': No such file or directory
cannot stat `./keys/dh1024.pem': No such file or directory
cannot stat `./keys/client*': No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/ca.crt: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.crt: No such file or directory
tar: /opt/etc/openvpn/easy-rsa/keys/client0?.key: No such file or directory
tar: error exit delayed from previous errors
Starting: openvpn
Can you please help me. I am trying to install OpenVPN server but I am getting this error. I have already replaced string "source ${RSAVAR}" with ". ${RSAVAR} ". but still that error.
I am having Oleg 1.9.2.7-10.
Matej
Code:[admin@WL-0018F33B6971 /tmp]$ ./install.sh
Package openssl (0.9.7m-6) installed in /opt/ is up to date.
Package lzo (2.03-1) installed in /opt/ is up to date.
Package net-tools (1.60-6) installed in /opt/ is up to date.
Package easy-rsa (2.0rc1SAN-3) installed in /opt/ is up to date.
Package psmisc (22.13-1) installed in /opt/ is up to date.
Package openvpn (2.2.0-1) installed in /opt/ is up to date.
Nothing to be done
Successfully terminated.
Several questions will be asked that will be reflected in the keys
for private use your answer does not matter.
Save previously generated keys from /opt/share/easy-rsa/keys (if any).
Type the number of clients you need keys for and press Enter to continue.
Guess your number of clients well as it takes time both to generate and generate keys again.
1
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
NOTE: If you run ./clean-all, I will be doing a rm -rf on /opt/share/easy-rsa/keys
Generating CA key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating Diffie-Hellman parameters
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
Generating Server key
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Generating keys for client 1
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
mv: unable to rename `./keys/server*': No such file or directory
mv: unable to rename `./keys/ca*': No such file or directory
mv: unable to rename `./keys/dh1024.pem': No such file or directory
mv: unable to rename `./keys/client*': No such file or directory
tar: /mnt/protected/vpnkeys.tar.gz: No such file or directory
Starting: openvpn
Hi Matej,
this is going to fix it:
1)
Yes, replace source ${RSAVAR}" with ". ${RSAVAR} in the script. This is because 'source' is not recognized by /bin/sh shell (it is in BASH).
and move the sourcing command one line above before cleaning:
change these two lines:
./clean-all
. ${RSAVAR}
to:
. ${RSAVAR}
./clean-all
2)
Do not execute cp /opt/share/easy-rsa/* /opt/etc/openvpn/easy-rsa
if you have already done so, then remove it
rm -r /opt/etc/openvpn/easy-rsa
3)
run the script agaion
Now it will work.
J.
I followed the HowTo, and I created the connection between my router and pc
but I can't ping 10.8.0.2 from my router.
Can someone give me a hint. Where did I do it wrong?