OpenVPN on Asus WL-500gP

[wpte]

My question is therefore if it is possible to make OpenVPN start BEFORE drives are mounted?

Well with some work maybe
If you are using the firmware from googlecode it would be the easiest since you'd have a proper crosscompiler with the right uclibc.

you see, the firmware and optware both use a different version of uclibc. SO if you would use the optware version of openvpn there might be compatibility issues when there is no optware uclibc library...

So pretty much you need to compile openvpn yourself, place it somewhere in flash and start it. It seems to be small enough

I don't know if you ever compiled something?
if you have linux (something like ubuntu) you can follow this how-to:
http://code.google.com/p/wl500g/wiki...CustomFirmware
just install the crosscompiler:

mkdir -p /opt/brcm
tar -C /opt/brcm -jxvf hndtools-mipsel-uclibc-4.2.4.tar.bz2
ln -sf /opt/brcm/hndtools-mipsel-uclibc-4.2.4 /opt/brcm/hndtools-mipsel-uclibc
export PATH=$PATH:/opt/brcm/hndtools-mipsel-uclibc/bin

after that you can configure the sources by:

./configure --prefix=/somewhere/to/save --host=mipsel-linux

[Tamadite]

To get access to router's GUI from WAN try:

Code:

iptables -I INPUT -p tcp --dport 1024 -j ACCEPT

If it does not work, execute

Code:

iptables -L INPUT -n -v

and paste the result here.

Regarding the dependencies you are having with OpenVPN and the mounting of drives, it sounds to me OpenVPN is configured to run something on one of the drives to mount, e.g. OpenVPN log. Try to configure OpenVPN so it is not depending on any drive to mount.

[totom17]

Hello,
I try to set up openvpn (tap mode) on a asus wl500gPv2.
The implementation of the server does not pose problem.
But on the clients (4) when I run openvpn, the connection fall. No ping, and no SSH ...
I tried with creating tap in manual and automatic, classical
openvpn - mktun - dev tap0
bridge addif br-lan tap0
ifconfig tap0 0.0.0.0 promisc up
This procedure works but when I run openvpn, nothing?? the network is down.

NB: there is a problem of time but I installed ntpdate and I will update the time regularly.

System: Backfire OpenWrt 10.03
Thank a lot.

News :
it works
but I have to start openvpn without using the init script provided and by running openvpn - config myconf
And only on clients? if someone know why

[wpte]

I've openvpn running, and I'm not sure what you're saying
btw, for dd-wrt it would be probably better to post in their forums, since we don't have many dd-wrt experts here.

I still give it a shot tho

I have additional firewall rules in oleg to make things work:

#allow tun
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT

makes sure you can ping and everything

and... openvpn clients should be tested outside your router, not in the LAN, otherwise it usually doesn't work because it messes with the routing

for clients config (windows vista and above) you need 2 extra lines of config btw.. don't have them here atm

[AlexSantos]

At my office I have a server running OpenVPN. At home I have a WL500gP with Open VPN as a client. I can connect to my office server and ping the network.
At home I want to use the WL500 as a router to my office's network but the traffic isn't going there... I inserted 2 rules on the firewall to allow forwarding of the traffic from and to tun0.
My question is: do I need masquerading? I just want a plain router...

247 166K ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0

[Tamadite]

You have to use "route", not "iptables"

[AlexSantos]

This is my route table:

Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
192.168.3.13 * 255.255.255.255 UH 0 0 0 tun0
192.168.3.0 192.168.3.13 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0

My WL500 pings 192.168.3.0 network but the clients that connect to WL500 through the br0 interface can't. I think that the problem is that tun0 is a WAN interface so it's blocked. How can I change this to a LAN interface?

[Tamadite]

This is my route table:

Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
192.168.3.13 * 255.255.255.255 UH 0 0 0 tun0
192.168.3.0 192.168.3.13 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0

My WL500 pings 192.168.3.0 network but the clients that connect to WL500 through the br0 interface can't. I think that the problem is that tun0 is a WAN interface so it's blocked. How can I change this to a LAN interface?

Can you ping 192.168.3.13?

[AlexSantos]

No.
From my Ubuntu PC at home I can ping 192.168.3.14 (which is the IP of the WL500) but I cannot ping 192.168.3.13 (which is the IP of the OpenVPN ppp server)

[Tamadite]

No.
From my Ubuntu PC at home I can ping 192.168.3.14 (which is the IP of the WL500) but I cannot ping 192.168.3.13 (which is the IP of the OpenVPN ppp server)

Can you paste here your ifconfig of your WL500?

[AlexSantos]

br0 Link encap:Ethernet HWaddr 00:18:F3:982:06
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8554 errors:0 dropped:0 overruns:0 frame:0
TX packets:8358 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:744153 (726.7 KiB) TX bytes:4008980 (3.8 MiB)

eth0 Link encap:Ethernet HWaddr 00:18:F3:982:06
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8553 errors:0 dropped:0 overruns:0 frame:0
TX packets:11901 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:932261 (910.4 KiB) TX bytes:4269164 (4.0 MiB)
Interrupt:4 Base address:0x1000

eth1 Link encap:Ethernet HWaddr 00:18:F3:982:06
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:29681
TX packets:0 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:12 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:8548 errors:0 dropped:0 overruns:0 frame:0
TX packets:8548 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:734772 (717.5 KiB) TX bytes:734772 (717.5 KiB)

ppp0 Link encap:Point-Point Protocol
inet addr:93.102.43.55 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3612 errors:0 dropped:0 overruns:0 frame:0
TX packets:3260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2456236 (2.3 MiB) TX bytes:439117 (428.8 KiB)

tun0 Link encap:Point-Point Protocol
inet addr:192.168.3.14 P-t-P:192.168.3.13 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vlan0 Link encap:Ethernet HWaddr 00:18:F3:982:06
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8553 errors:0 dropped:0 overruns:0 frame:0
TX packets:11901 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:778307 (760.0 KiB) TX bytes:4269164 (4.0 MiB)



Routing Table

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.3.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.3.0 192.168.3.13 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 192.168.3.13 255.255.255.0 UG 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0

[Tamadite]

Have you checked? http://wl500g.info/showthread.php?t=5312

pay special attention to the firewall rules.

[AlexSantos]

Despite being just a static router I missed a NAT rule in iptables.

Chain POSTROUTING (policy ACCEPT 15603 packets, 1038K bytes)
pkts bytes target prot opt in out source destination
8 672 MASQUERADE all -- * tun0 192.168.2.0/24 192.168.3.0/24

[AlexSantos]

My OpenVPN server (192.168.3.1) sees all machines behind my WL500 as 192.168.3.14 because of the NAT rule, which isn't what I intended to do the first place.
How can I make WL500 just route the traffic without masquerading?

Despite being just a static router I missed a NAT rule in iptables.

Chain POSTROUTING (policy ACCEPT 15603 packets, 1038K bytes)
pkts bytes target prot opt in out source destination
8 672 MASQUERADE all -- * tun0 192.168.2.0/24 192.168.3.0/24

[fukushimaku]

Hello,

before I submit any configurations etc, I would like to know from anyone's
previous experience why an OpenVPN client (router) freezes suddenly after
1st ping replayed, at 3 seconds of running ? It's non-responsive (request
timed outs, cannot access it through ssh, gui etc), so I have to re-plug the
power cord.

I just saw in GUI how the Router's CPU is loaded, then freezes.
The certificates are ok, the configurations looks fine; The Router#1 (server)
accept and serves very well the others OpenVPN PC clients from WAN
(internet/intermediary upstream lan).

Thank you


I can provide both logs (client & server) with 3(default) and 9 verbose levels.
Both routers has 2.1.4-2 OpenVPN packages installed.

The scheme is like:

...........................Router#3's lan[10.10.10.0/24](cisco)
.........................../.................................................\
[Router#1-OpenVPN-Server]>[tunnel 10.8.0.0]<[Router#2-OpenVPN-Client]
(wl-500gp v1)............................................(wl-500gp v2)
......(both LAN: 192.168.0.0/24, both WAN: 10.10.10.0/24)