Hi , I've followed the VPN Client setup guides using a .conf file to keep my setup basic. I've setup the interface and firewall settings too. The OpenVPN tab shows my config as connected but all my devices then connected to the router cant load web pages. Is there something i am missing or not doing correctly?
System log shows the connections as Active
Yes. Three things need to be configured correctly for traffic to flow through a VPN:
- The VPN - what traffic is encrypted (or not);
- The firewall - what traffic is permitted/denied;
- The routing table - where the traffic goes to and from.
If any one of those is wrong, the VPN won't work as expected... or at all.
Please post the contents of:
/etc/config/network
/etc/config/firewall
/etc/config/openvpn (or your router's OpenVPN configuration file if it is not /etc/config/openvpn)
Your client's configuration file.
Remove (or disguise) any private keys which might be exposed in the configuration file(s).
Thanks for the quick response, here is the info required
Network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd58:9ef3:adc9::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option xfer_mode 'ptm'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.1'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '44:e9:dd:fe:a5:a4'
config interface 'wan'
option _orig_ifname 'ptm0'
option _orig_bridge 'false'
option proto 'dhcp'
option clientid 'xxxxxxxxxxxxxxxxxxx'
option vendorid '6.14.1aN_UNI|PCBAFAST2504Nv1.0'
option ifname 'ptm0.101'
config device 'wan_dev'
option name 'ptm0'
option macaddr 'xxxxxxxxx'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix '56'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config none 'proto'
config tun0 'ifname'
config interface 'slick'
option proto 'none'
option ifname 'tun0'
Firewall
config zone
option name 'vpn'
option output 'ACCEPT'
option network 'nl_vpn'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
option mtu_fix '1'
config forwarding
option dest 'vpn'
option src 'lan'
VPN Conf
config openvpn 'slick_client'
option enabled '1'
option config '/etc/openvpn/SlickVPN.conf'
option client '1'
option auth_user_pass '/etc/openvpn/userpass.txt'
conf file
# host/port of vpn server
remote gw1.lhr1.slickvpn.com 8888
# file containing username and password
#auth-user-pass openvpn.userpass
# ... or prompt for authentication
auth-user-pass login.conf
# equivalent to pull, tls-client
client
# redirect all outgoing traffic to the vpn gateway
redirect-gateway
# verify the server certificate for authenticity
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
#keepalive 10 120
nobind
#persist-key
#persist-tun
# ssl certificate / key used for tls
#ca certs/ca.crt
#cert certs/client1.crt
#key certs/client1.key
<ca>
-----BEGIN CERTIFICATE-----
MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x
DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq
hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK
EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x
EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6
zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv
vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV
HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn
u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM
MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE
AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p
- SlickVPN.conf 1/56 1%
fwiw, at first glance, is this a HomeHub 5A on Sky broadband?
If it is a HH5A, it should be using Annex B, not A, and did you study this openvpn setup for the HH5A?
https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
Also you can't get more than 9-10mbps openvpn speeds through the HH5A
Hi, im using Sky Fibre yes, im getting 65mbps not 9mbps.. the issue is when using the VPN client not the general connectivity.
You indeed can get 65mbps from Sky fibre to the LAN ports, but you will find if you do get openvpn working, you won't get more than 9mbps through the vpn connection !
If you still have problems, can I suggest you backup the current configuration,
Reset the hub.
Reinstate your sky hub,
Then follow the instructions exactly as described in the PDF guide to set up an openvpn connection with a free provider mentioned in the PDF, with HH5A wired to the Sky hub.
When you get that working, modify it for your chosen VPN provider to confirm it works too.
If you still wish to use the HH5A as your main router, then change the WAN config back to DSL to connect to Sky.
Ahhh ok thanks for the advice, i misunderstood the first message. I've lost enough hours this weekend trying to get it running so i think i'll leave it until tomorrow
Can you split that mass of text into individually formatted sections? It'll make it easier to read and troubleshoot.
For example:
/etc/config/network
...stuff...
/etc/config/firewall
...more stuff...
/etc/config/openvpn
...openpn configuration...
Etc.
If you use monospaced formatting such as the code boxes I've used, it'll greatly help with trying to work out what's not working properly and why.
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd58:9ef3:adc9::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option xfer_mode 'ptm'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.1'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '44:e9:dd:fe:a5:a4'
config interface 'wan'
option _orig_ifname 'ptm0'
option _orig_bridge 'false'
option proto 'dhcp'
option clientid 'xxxxxxxxxxxxxxxxxxx'
option vendorid '6.14.1aN_UNI|PCBAFAST2504Nv1.0'
option ifname 'ptm0.101'
config device 'wan_dev'
option name 'ptm0'
option macaddr 'xxxxxxxxx'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix '56'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config none 'proto'
config tun0 'ifname'
config interface 'slick'
option proto 'none'
option ifname 'tun0'
Firewall
config zone
option name 'vpn'
option output 'ACCEPT'
option network 'nl_vpn'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
option mtu_fix '1'
config forwarding
option dest 'vpn'
option src 'lan'
OpenVPN Conf
config openvpn 'slick_client'
option enabled '1'
option config '/etc/openvpn/SlickVPN.conf'
option client '1'
option auth_user_pass '/etc/openvpn/userpass.txt'
SlickVPN.conf
# host/port of vpn server
remote [gw1.lhr1.slickvpn.com](http://gw1.lhr1.slickvpn.com/) 8888
# file containing username and password
#auth-user-pass openvpn.userpass
# ... or prompt for authentication
auth-user-pass login.conf
# equivalent to pull, tls-client
client
# redirect all outgoing traffic to the vpn gateway
redirect-gateway
# verify the server certificate for authenticity
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
#keepalive 10 120
nobind
#persist-key
#persist-tun
# ssl certificate / key used for tls
#ca certs/ca.crt
#cert certs/client1.crt
#key certs/client1.key
-----BEGIN CERTIFICATE----- MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6 zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p - SlickVPN.conf 1/56 1%
Fix inline-notation syntax:
https://community.openvpn.net/openvpn/wiki/IOSinline
Run the commands:
sed -r -i 's%^(remote) .* ([0-9]+)%\1 gw1.lhr1.slickvpn.com \2%' /etc/openvpn/SlickVPN.conf
sed -r -i 's%^(auth-user-pass) .*%\1 /etc/openvpn/userpass.txt%' /etc/openvpn/SlickVPN.conf
echo 'verb 5' >> /etc/openvpn/SlickVPN.conf
uci delete openvpn.slick_client.auth_user_pass
uci delete openvpn.slick_client.client
uci commit openvpn
service log restart
service openvpn restart slick_client
sleep 5
logread -e openvpn.slick_client
Show last command output.