Registered User
Hello,
Till yesterday my 500gp was running perfectly. Then I upgraded via ipkg and now openvpn seems to be weird.
My setup:
500gp, 1.9.2.7-7g
openvpn 2.0.9-1 (2.0.7 before)
client: Tunnelblick 3.0rc (Leopard)
If i connect from a client, everything works fine, the connection gets established. But somehow I can't connect to my fileserver via smb anymore. Ping gives me a "no buffer space available". The route gets pushed through (according to netstat).
Any ideas? I tried the new and old .conf files already. Tried to load in server and in xinetd mode, no changes.
Is there a way to downgrade to 2.0.7? Where can I find the old .ipk?
Thanks
Franz
Update: Played around with the box again, now it's working! Don't know whyMaybe Re-installing the package solved the issue?
Last edited by stingstong; 06-02-2008 at 17:26.
Senior Member
Tip:
Download any packages you have currently installed on a PC's harddisk. You never know if a new package will behave as it used to.
'ipkg list_installed' shows what you currently have.
download them from here:
http://ipkg.nslu2-linux.org/feeds/op.../cross/stable/
Senior Member
My openvpn is running and I am trying to make VOIP phone calles over it from the client PC.
When I try to ping my voip gateway (from the client PC) before making a phone call the ping is around 40 ms. When I do a VOIP phone call the sound quality is really poor and ping is around 3000 ms!!!!
I did put a hi priority to openvpn port in QoS settings and the internet seems to be very fast over VOIP and Samba folder browsing as well, but it looks like when I run VOIP over it QoS does not keep it in high prioriry anymore or may be this is another issue????
I even disabled comp-lzo, but it did not help...
In general it was tested here,
http://openvpn.net/archive/openvpn-u.../msg00389.html
and here
http://www.networkworld.com/reviews/...voip-test.html
but again it is not working in my case for some stupid reason....
and here is the VOIP test results (http://myspeed.visualware.com/voip/) from openvpn client side-
Any idea how to improve it?
Last edited by sonice; 08-02-2008 at 19:16.
Registered User
Hello everybody
First I'd like to thanks Oleg and his crew for his work !
My question is quite simple (I'm a newbie). I'd like to install OpenVPN on my router (WL-500gp) after installing the last Oleg firmware but is it possible to do such a thing without any hard drive or usb key connected to the routeur ?
Does the router have enough internal memory for OpenVPN ?
Thanks a lot
Student Computer Engineer
well.......... it would be possible if you would have enough onboard flash space... but I think that is not the case
also vpn is quite havy so you need more ram, to get more ram you just use swap space, for wich you need a harddrive.
You can get a verry cheap usb drive with a few gig for a few euro's, they are really cheap these days
Junior Member
I've been running OpenVPN on a WL500gx (32 MB RAM) for some years from a USB stick, and on a WL500g (16 MB RAM) before that. On the WL500 gx i'm not using any swap memory when openvpn is running, though I'm not running Samba, FTP-server or NFS server. So there should be enough memory to run Openvpn.
As for running it from flashfs without a USB-stick it may be possible, the openvpn binary file is 760 kB and the configuration files are 10-15 kB, but this depends on how much you are allowed to store in flashfs. I prefer to use the USB-stick to make it easier to allocate static IP-addresses to clients.
As for performance, i got between 1 and 1,5 Mb/s throughput with compression disabled, if you enable compression the throughput is lower due to the slow CPU. Today openvpn the WL500gx is just runnning as a backup VPN-server while my primary server is a virtual machine running on a server to have more throughput. The openvpn on router is only used as a backup when the primary server is down for maintenance.
Administrator
in short, yes this is possible without using a usb stick
the WL500gP has enough flashfs space to achieve this
currently I am testing two sets of this, and it runs for about 2 months now
I have to note, that everything else is turned off (samba etc..)
My little Asus Collection: Too much to fit inhere, my 2 babies:WL500w 1.9.2.7-10(OLEG) VX2SE Yellow Lamborghini notebook
WL500g Forum Asus Files OpenDir
Asusforum.NL -- Asusforum.DE -- Asusforum.RU -- Asusforum.PL -- Asusforum.NET -- Asusforum.EU -- Asusforum.BE -- Asusforum.ES -- Asusforum.INFO
Registered User
Thx a lot guys you are very helpfull I ll try this ASAP I woul have fix my new issue lol thx
Junior Member
I'm having problems to connect to my openvpn server from WAN side.
When I make the connection through a ssh tunnel(to test the vpn itself) the vpn comes up like it has to do, but when i change the remote option to my wan ip address I can't get a connection.
I tried both tcp and udp, but both protocols fail.
I searched through the archives and googled a lot, but every time i get errors which I can't explain according to all the examples and tutorials.
client version OpenVPN 2.1_rc9 (tried also the 2.09 stable version)
server version: 2.1_rc7-2
this is running on a asus wl500gP router with oleg firmware in 'home gateway' mode
wan interface is vlan1 with br0 as internal lan and tun0 as vpn tunnel
my server config file:
I added the following rules to iptables:Code:port 1194 proto tcp dev tun ca /opt/etc/easy-rsa/keys/ca.crt cert /opt/etc/easy-rsa/keys/server.crt dh /opt/etc/easy-rsa/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "route 10.0.0.0 255.255.255.0" keepalive 10 120 comp-lzo persist-key persist-tun status /opt/var/log/openvpn-status.log log-append /opt/var/log/openvpn.log verb 9 management localhost 7505
I get this error in the client:Code:iptables -I INPUT -p tcp --dport 1194 -j ACCEPT iptables -t nat -I PREROUTING -i $1 -p tcp --dport 1194 -j DNAT --to-destination $4:1194 iptables -I INPUT -i tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -I FORWARD -o tun+ -j ACCEPT
Thanks in advanceCode:Mon Aug 18 17:40:05 2008 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008 Mon Aug 18 17:40:05 2008 LZO compression initialized Mon Aug 18 17:40:05 2008 Attempting to establish TCP connection with MY_IP:1194 Mon Aug 18 17:40:05 2008 TCP connection established with MY_IP:1194 Mon Aug 18 17:40:05 2008 TCPv4_CLIENT link local: [undef] Mon Aug 18 17:40:05 2008 TCPv4_CLIENT link remote: MY_IP:1194 Mon Aug 18 17:40:05 2008 Connection reset, restarting [0] Mon Aug 18 17:40:05 2008 SIGUSR1[soft,connection-reset] received, process restarting
Junior Member
Hi!
Can someone provide a tutorial/walkthrough on how to install and setup OpenVPN on the Asus WL-500gP router?
Basically there should be a client installed and setup to connect to a certain server so one can connect using the VPN or disconnect and use one's own connection.
Are there any guides for this? Or could someone explain how to configure it all?
Senior Member
Why don't you try?
http://www.wl500g.info/showthread.php?t=5312
I did not have any problem on my 500gP.
Member
Tamadite's how-to worked like charm... I became happy user. Thanks
Junior Member
Hey Guys,
I have a wrinkle. I have OpenVPN installed and working just fine. Installation was made according to forum's tutorials. However, the way it works now is that openvpn starts via rc.unslung which basically means that it happens AFTER all drives have been mounted (I have an usb 160GB drive - swap partition, opt partition and normal partition there). And the problem is that if due to some reasons the drive will not mount OpenVPN will not start and I cannot even connect to see what's wrong. I haven't figured this out yet but sometimes my drive will not mount properly (ext3 partition used as a shared drive) due to errors. I have ef2sck scheduled to run after a certain number of mounts has been reached. It starts when the routes is rebooted,however, automatic check sometimes fails and I have to runn e2fsck manually, which is easy from lan side, but impossible from wan side (if the drive is not mounted, OpenVPN is not running so no connection to the router at all). From what I know, opt partition works just fine - no errors there.
As I'm now away from home for another two months and cannot do everything from the lan side, my question is if it is possible to set OpenVPN to start before partitions are mounted? This way even if they are not, I can access the router via telnet and see what is wrong (e.g. run e2fsck). I'm not an expert in linux. I think it should be possible, but any advice on how to do it is appreciated.
Another thing is the ability to access router from wan (not through vpn). I set this option in router's GUI, set port to 1024, but I cannot connect when i put my IP address:1024 in my browser. Probably it is a firewall issue This would be another way around my problem. Maybe somebody could write how to make this work, instead of diddling with OpenVPN.
Honestly, when it comes to iptables etc I'm not an expert at all. This is my post-firewall (acces from wan in Oleg's GUI is set to active, port set to 1024):
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j
DNAT
--to-destination $4:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
P.S. FTP works fine from outside.
Student Computer Engineer
I have it a bit different...#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
you see that you have a so called chain there
usually you put the opening of ports between the 2 lines
"iptables -D INPUT -j DROP"
and
"iptables -A INPUT -j DROP"
but for openvpn you need to place the rules outside these 2 lines
example:
maybe you want to try a different port as well (lets say 1234 for this oneiptables -D INPUT -j DROP
#your usual opened ports and rules...
iptables -A INPUT -j DROP
#OpenVPN settings
iptables -I INPUT -p tcp --dport 1234 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 1234 -j DNAT --to-destination ${`nvram get lan_ipaddr`}:1234
#allow tun
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT)
since sometimes openvpn is listed in /etc/services
this might mess with your active openvpn installation
you can check it:
cat /etc/services | grep 1194
about the harddrives... do you use fstab to mount?
sometimes it's required you make the folder before you mount anything...
this goes wrong usually during mounting with fstab or another(bad) way.
so in the pre-mount you can say to create a directory before the mounting script begins:
any better?mkdir -p /somewhere/to/mount
Junior Member
Thank you for advice. Maybe I complicated it too much, but my actual problem is not that OpenVPN does not work. It does pretty well. I can connect to my router from outside. The real problem is that OpenVPN starts after all drives have been mounted. If for some reason they are not mounted it will not start - and that is my concern. My question is therefore if it is possible to make OpenVPN start BEFORE drives are mounted?
The other way around I see is to make the router GUI and telnet accessible from WAN. I checked options in web-GUI but to no avail - I cannot connect to router from WAN, it does not respond. If I could, then even without OpenVPN working, I could see what is going on.
I posted post-firewall because I believe it is the culprit of not being able to connect to router from outside (not through OpenVPN). Once vpn connection is established it works perfectly fine, but for this all drives have to be mounted. If they are not there is no way I can connect to the router.
I hope this will clarify my problem
Posting Permissions
Reply With Quote
