if the tunnel isn't up, you will likely get this error. Try enabling OpenVPN... hopefully once the tunnel is up and running, you'll find that tun0 as a device does indeed exist, and then you can adjust the firewall. You may be able to fix the firewall issue even with the tunnel down and the error.
Thanks. I'll figure it out some year. Laughs.
Do you know what I mean about the openvpn gui software I've mentioned?
On Windows? No. OpenWrt's OpenVPN interface, yes.
I see. Openvpn software is available on Linux too. Yeah, it can load any .ovpn file, as long as the config in the file is correct of course, and it magically connects to the vpn.
Yup. I know. And I have used OpenVPN and Wireguard on linux and Mac (just not windows).
But, importantly, most PCs (Windows, Linux, Mac, also mobile devices) don't act as routers, so the mechanism for the way that the host's traffic is tunneled is slightly different.
I see. Once upon a time, years ago. I connected to my vpn, without problems or further configurations, on dd-wrt. I copied and pasted all the required info from the config file into the fields in ddwrt. I would get "Connected: SUCCESS"
For some unknown reason, that stopped happening. It either says nothing at all in the status. Or it just hangs in the "AUTH" forever, never connecting. Mind boggling to say the least.
I tried getting help at the ddwrt forums and arrived at, they had no idea why it wasn't working for me. They were able to connect to my vpn with my config.
On DD-WRT? I haven't used DD-WRT in ages.
But OpenWrt w/ OpenVPN should work well as long as you follow the guide properly.
I don't think openwrt existed yet when I started using ddwrt.
On another note. Do you know why not all of the lights on the router function with kong builds?
In general:
If that info doesn't help with the build you are using, best to ask Kong (in a new thread).
When you say "Try enabling OpenVPN". What do you mean? Pretty sure it is enabled already. I don't know where the enable/disable switch for openvpn is.
if your tunnel is not up, you need to start it.
Finally got it working. Thanks for the help.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Actually thought it was solved. But I was wrong. Vpn connected, but no internet. Can't seem to find a solution. Tried almost everything. Still searching.
Latest configuration files and logs would help, if you want us to look at it
1 Like
Thanks. Here they are.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd4:80c5:2c9a::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config device
option name 'eth0.1'
option macaddr 'a0:63:91:e3:d4:94'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'A0:63:91:E3:D4:95'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 5t'
config interface 'Vpn0'
option proto 'none'
option device 'tun0'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'Vpn0'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone
option name 'Vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'Vpn0'
root@OpenWrt:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh2048.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option verb '3'
config openvpn 'Boleh'
option config '/etc/openvpn/Boleh.ovpn'
option enabled '1'
I don't see any DNS entries.
If you discover DNS is not working, use LuCI and navigate to Network → Interfaces → WAN, disable peer DNS and specify your preferred DNS servers in the Use Custom DNS field, e.g. 8.8.8.8 and 8.8.4.4 for Google DNS.
1 Like
Thanks OldNavyGuy. I guess I've been staring at my computer too long. Swore it said LAN instead of WAN. I've gone cross-eyed. That did it. Vpn's connected and I have internet. Thanks again for your help.