For easier reading i am breaking down my post to: a) what i want to achieve and; b) what i've tried already
Background:
I have a D-Link router running latest Openwrt, sitting behind another router that provides the WAN. I've already setup DDNS successfully - it's up and running on d-link.
A) Goal
Create my own OpenVPN server sitting on the D-Link router using the ddns hostname i've already configured so i can access my local WAN IP throughout my devices when i am traveling abroad.
So i want to create client openvpn configuration files, which i will import to the app and connect to the router when abroad.
B) Attempts
I know a lot of you will tell me to go through CLI (i tried this guide, but failed miserably as i cannot even import the profile on openvpn on MacBook - getting a weird error "option_error: option 'pardtx560tx1120tx1680tx...' is too long").
So i tried through the GUI version (luci) - i configured the parameters such as server (xxx.ddns.net 255.255.255.0) etc.; however, no matter how i configure the wizard, the server never starts on the router.
Would really appreciate it if someone can guide me step by step.
Yes, tons of.. i think it's not configured correctly. and i start noticing that luci is no better than CLI in terms of compexity
yes, i am forwarding the 1194 port (TCP/UDP) from WAN to D-link
i am still trying to understand the steps required based on the guides i've found; it's very confusing. i don't mind trying CLI again, but need to understand what to watch out based on the scenario i described above.
No because it seems something did not get configured properly. based on the guide i followed, i think the DDNS was not configured properly on openvpn. the instructions are not very clear on how to this.
no i mean in the OpenVPN server configuration. The DDNS resolves fine, took me a while to set it up correctly. the openvpn guides give instructions only on how to set up the server on the main router; not on a router sitting behind the WAN.
i will try again with this guide. any idea how do i configure the server to listen to the ddns ip?
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
OVPN_SERV="${NET_ADDR}" // ***i guess i need to put ddns server here?***
# Fetch FQDN from DDNS client ***//what about this parameter?***
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
if [ -n "${NET_FQDN}" ]
then OVPN_SERV="${NET_FQDN}"
fi
I had an OpenVPN server running on my OpenWRT WR842N a time ago and I could connect to it with IOS OpenVPN and with an DIR-505 with OpenWRT and OpenVPN client configured. I remember that I had a lot of trouble, but finally it worked fine.
But this year I lost my WR842N, and had no time to configura an DIR-860 I'm using now.
What I can say, is that the /var/log/openvpn.log helped me a lot.
ok, managed to run the server with these settings:
user nobody
group nogroup
dev tun
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
how do i "link" the 192.168.8.0 server to the ddns hostname?
That's not how it works. DDNS is separate from OpenVPN. DDNS is a way for the client(s) to find your house by name instead of by IP number, which may get changed by the ISP (thus the dynamic part).
The IP that is registered with DDNS must be the same as the WAN IP of your main router. Then that router is configured to forward port 1194 UDP from its WAN to your OpenVPN server on the LAN.
The 192.168.8.0 network is the tunnel network of user's packets that are decrypted. It exists only at the tunnel endpoints. It doesn't have anything to do with transport of encrypted packets through the Internet.
on the WAN router, i am forwarding 1194 TCP/UDP to the OpenWrt router IP (192.168.70.12). Do i need to forward it to the 192.168.8.0 network? If so, how do i do that?
thank you bill all your help and for providing the guide and confirming on your end as well. i managed to make it work by using your guide.
regarding not being able to import the profile to openvpn connect, i was copying the config file directly from CLI instead of downloading it.. seems this was the issue.
thank you everyone else in the thread for your support and guidance