Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: [Howto] Install and configure basic OpenVPN server for Oleg firmware

  1. #16
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    Quote Originally Posted by oldgringo View Post
    But up to version r5097 openvpn works also with fastnat set (no matter of value 1 or 2).
    1 or 2?
    you mean 0 = off and 1 = on?

    According to lly, the proper way to turn it off is by doing:
    Code:
    nvram unset misc_fastnat_x
    0 should turn it off though

  2. #17
    No, I mean:
    Code:
    nvram set misc_fastnat_x=1
    nvram commit
    for activating of fastnat without url filter (fastest mode)
    Code:
    nvram set misc_fastnat_x=2
    nvram commit
    for activating of fastnat including url filter (slower, but still active).

    By using
    Code:
    nvram unset misc_fastnat_x
    nvram commit
    fastnat is completely dectivated.

  3. #18
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    hmm... didn't know about the url-filterless option.
    Anyway, with fastnat enabled openvpn shouldn't even work. At least, it doesn't for me.
    Are you using TAP instead of TUN?

  4. #19
    Quote Originally Posted by oldgringo View Post
    Code:
    nvram set misc_fastnat_x=2
    nvram commit
    for activating of fastnat including url filter (slower, but still active).
    not true nowadays, I've fixed fastnat & urlfiler coexistance to have almost no perfomance penalty and no control from userspace (values 1 or 2 or etc), it works automagically.

    Quote Originally Posted by wpte View Post
    hmm... didn't know about the url-filterless option.
    Anyway, with fastnat enabled openvpn shouldn't even work. At least, it doesn't for me.
    Are you using TAP instead of TUN?
    forget it about urlfilter since r5013,
    fastnat control can be done via /proc/sys/net/netfilter/nf_conntrack_fastnat, 0 disabled, 1 enabled
    fastnat state can be viewed via /proc/sys/net/netfilter/nf_conntrack_fastnat_http, 0 normal, 1 urlfiler-compatible mode
    also, you can exclude any connection from being fastnated by iptables "-j MARK --set-mark" or "-j CONNMARK --set/and/or/xor-(x)mark"
    issue you've faced with is new due recent tun driver kernel chages, and we need some time to handle it.

  5. #20
    You're right, since r5099 I can't handle some connections on routers connected through openvpn. It seems that tun interface is somehow broken.

  6. #21
    I've got the same problem.
    Tried replacing the line suggested in the post above - didn't help.

    Code:
    install.sh
    Package openssl (0.9.7m-6) installed in /opt/ is up to date.
    Package lzo (2.03-1) installed in /opt/ is up to date.
    Package net-tools (1.60-6) installed in /opt/ is up to date.
    Package easy-rsa (2.0rc1SAN-3) installed in /opt/ is up to date.
    Package psmisc (22.13-1) installed in /opt/ is up to date.
    Package openvpn (2.2.0-1) installed in /opt/ is up to date.
    Nothing to be done
    Successfully terminated.
    Several questions will be asked that will be reflected in the keys
    for private use your answer does not matter.
    Save previously generated keys from /opt/share/easy-rsa/keys (if any).
    Type the number of clients you need keys for and press Enter to continue.
    Guess your number of clients well as it takes time both to generate and generate keys again.
    3
    Please source the vars script first (i.e. "source ./vars")
    Make sure you have edited it to reflect your configuration.
    NOTE: If you run ./clean-all, I will be doing a rm -rf on /opt/share/easy-rsa/keys
    Generating CA key
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating Diffie-Hellman parameters
    Please source the vars script first (i.e. "source ./vars")
    Make sure you have edited it to reflect your configuration.
    Generating Server key
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating keys for client 1
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating keys for client 2
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating keys for client 3
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    cannot stat `./keys/server*': No such file or directory
    cannot stat `./keys/ca*': No such file or directory
    cannot stat `./keys/dh1024.pem': No such file or directory
    cannot stat `./keys/client*': No such file or directory
    tar: /opt/etc/openvpn/easy-rsa/keys/ca.crt: No such file or directory
    tar: /opt/etc/openvpn/easy-rsa/keys/client0?.crt: No such file or directory
    tar: /opt/etc/openvpn/easy-rsa/keys/client0?.key: No such file or directory
    tar: error exit delayed from previous errors
    Starting: openvpn
    Anyone knows what is causing this and how to fix it?

  7. #22
    Quote Originally Posted by ekze View Post
    I've got the same problem.
    Tried replacing the line suggested in the post above - didn't help.
    Anyone knows what is causing this and how to fix it?
    Try
    Code:
    cp /opt/share/easy-rsa/* /opt/etc/openvpn/easy-rsa

  8. #23
    Can you please help me. I am trying to install OpenVPN server but I am getting this error. I have already replaced string "source ${RSAVAR}" with ". ${RSAVAR} ". but still that error.

    I am having Oleg 1.9.2.7-10.

    Matej


    Code:
    [admin@WL-0018F33B6971 /tmp]$ ./install.sh
    Package openssl (0.9.7m-6) installed in /opt/ is up to date.
    Package lzo (2.03-1) installed in /opt/ is up to date.
    Package net-tools (1.60-6) installed in /opt/ is up to date.
    Package easy-rsa (2.0rc1SAN-3) installed in /opt/ is up to date.
    Package psmisc (22.13-1) installed in /opt/ is up to date.
    Package openvpn (2.2.0-1) installed in /opt/ is up to date.
    Nothing to be done
    Successfully terminated.
    Several questions will be asked that will be reflected in the keys
    for private use your answer does not matter.
    Save previously generated keys from /opt/share/easy-rsa/keys (if any).
    Type the number of clients you need keys for and press Enter to continue.
    Guess your number of clients well as it takes time both to generate and generate keys again.
    1
    Please source the vars script first (i.e. "source ./vars")
    Make sure you have edited it to reflect your configuration.
    NOTE: If you run ./clean-all, I will be doing a rm -rf on /opt/share/easy-rsa/keys
    Generating CA key
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating Diffie-Hellman parameters
    Please source the vars script first (i.e. "source ./vars")
    Make sure you have edited it to reflect your configuration.
    Generating Server key
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    Generating keys for client 1
      Please edit the vars script to reflect your configuration,
      then source it with "source ./vars".
      Next, to start with a fresh PKI configuration and to delete any
      previous certificates and keys, run "./clean-all".
      Finally, you can run this tool (pkitool) to build certificates/keys.
    mv: unable to rename `./keys/server*': No such file or directory
    mv: unable to rename `./keys/ca*': No such file or directory
    mv: unable to rename `./keys/dh1024.pem': No such file or directory
    mv: unable to rename `./keys/client*': No such file or directory
    tar: /mnt/protected/vpnkeys.tar.gz: No such file or directory
    Starting: openvpn

  9. #24
    Quote Originally Posted by seb101 View Post
    Hey
    Im trying to install OpenVPN on my asus wl-500gp (v1) with attached usb-hdd but im stuck on generating keys from easy-rsa.
    It's running Oleg 1.9.2.7-10

    easy-rsa vars : /opt/share/easy-rsa

    any idea what is wrong with my config ?
    Hi Matej,
    this is going to fix it:

    1)
    Yes, replace source ${RSAVAR}" with ". ${RSAVAR} in the script. This is because 'source' is not recognized by /bin/sh shell (it is in BASH).
    and move the sourcing command one line above before cleaning:

    change these two lines:
    ./clean-all
    . ${RSAVAR}

    to:
    . ${RSAVAR}
    ./clean-all

    2)
    Do not execute cp /opt/share/easy-rsa/* /opt/etc/openvpn/easy-rsa
    if you have already done so, then remove it
    rm -r /opt/etc/openvpn/easy-rsa

    3)
    run the script agaion

    Now it will work.
    J.

  10. #25
    I followed the HowTo, and I created the connection between my router and pc
    but I can't ping 10.8.0.2 from my router.
    Can someone give me a hint. Where did I do it wrong?

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •