OpenVPN Issues


#1

Hey Guys -

I recently installed LEDE r6781-2c192b6916 on my Linksys WRT1900ACS - going from the OEM firmware. Having used OpenWRT and other similar firmwares before, I quickly got everything set up the way I wanted, but am having issues getting OpenVPN working.

I started following the OpenVPN (Server Setup) guide which configures it all from SSH and was able to generate certs then executed the string to start the OpenVPN server, but executing "ps | grep "[o]penvpn(vpnserver)"" does not echo anything.

So, I thought I'd set up within LUCI using this guide. Under OpenVPN in LUCI, I see three sample setups (custom_config, sample_server, & sample_client) but if I select "Simple client configuration for a routed point-to-point VPN" profile then click "Add", the page seems to refresh and "Invalid" appears below the section where I selected the profile. I seemingly get the same results no matter what I choose.

I uninstalled all openvpn-related packages via SSH, renamed related leftover files within config or folders in etc, then reinstalled and tried again but got the same results for both methods.

I've found a few other guides, but many of them involve manually adding firewall rules which I don't mind doing, but haven't had to do in past builds. Others seem to be outdated.

Can someone please tell me how to get around either of the above and/or provide a link to steps I should use for a basic setup? All I'm wanting to do is be able to connect to my home network from a remote location and have the client be virtually on the home network's LAN.

Thanks!

UPDATE

I finally got it working somewhat. I thought the script to set configs was executed in the same string which created the certs so after doing them manually, I was able to start the OpenVPN server and create an ovpn client file. I can successfully connect now, but still having an issue.

I uploaded the file to my phone, disabled WiFi (so it would go over WAN), imported the ovpn using the OpenVPN app, then successfully connected. I know I'm connected as the app says so and the VPN icon appeared in the status bar of my phone. However, when I try to browse to a locally hosted website using local IP or RDP to a system using it's IP, it fails. Internet doesn't work either. So I'm connected, but not really.

What could be the issue? Below are the excerpts that I added to my configs.

**Updated contents of /etc/config/network**
config interface 'vpnserver'
    option  ifname      'ovpns0'
    option  proto       'none'
    option  auto        1

**Updated contents of /etc/config/firewall**
config rule
    option  name        'Allow-OpenVPN-Inbound'
    option  target      'ACCEPT'
    option  src         *
    option  proto       'tcpudp'
    option  dest_port   1194
 config zone
    option  name        'vpnserver'
    option  network     'vpnserver'
    option  input       'ACCEPT'
    option  forward     'REJECT'
    option  output      'ACCEPT'
    option  masq        1
 config forwarding
    option  src         'vpnserver'
    option  dest        'wan'
config forwarding
    option  src         'vpnserver'
    option  dest        'lan'

**Updated contents of /etc/config/openvpn**
config openvpn 'vpnserver'
    option  enabled             1
    option  dev_type            'tun'
    option  dev                 'ovpns0'
    option  port                1194
    option  proto               'udp'
    option  comp_lzo            'yes'
    option  keepalive           '10 120'
    option  persist_key         1
    option  persist_tun         1
    option  ca                  '/etc/openvpn/ca.crt'
    option  cert                '/etc/openvpn/my-server.crt'
    option  key                 '/etc/openvpn/my-server.key'
    option  dh                  '/etc/openvpn/dh2048.pem'
    option  tls_auth            '/etc/openvpn/tls-auth.key 0'
     option  mode                'server'
    option  tls_server          '1'
    option  server              '192.168.200.0 255.255.255.0'
    option  topology            'subnet'
    option  route_gateway       'dhcp'
     option  client_to_client    '1'
     list    push                'comp-lzo yes'
    list    push                'persist-key'
    list    push                'persist-tun'
    list    push                'topology subnet'
    list    push                'route-gateway dhcp'
    list    push                'redirect-gateway def1'
    list    push                'route 192.168.200.0 255.255.255.0'
    list    push                'dhcp-option DNS 192.168.1.1'

I looked all over for an openvpn log file as it wasn't in /tmp as documentation said it would be. Unfortunately, I couldn't find one on the router.

I simply want a connected client to have full LAN access as if it were on the local WiFi. Thanks!


OpenVPN wiki article: server push config
#2

Try changing this to the following (assuming your LAN is 192.168.1.0/24):
list push ‘route 192.168.1.0 255.255.255.0’