Hello,
Happy New Year !!!
I would like help from the community to finally succeed in setting up my OpenVPN tunnel. I've been trying hard for 24 hours and I can't understand what is stuck or missing in my configuration.
Network architecture:
LAN A -> OpenWRT (OpenVPN Client) -> Internet -> NAS Synology (VPN Server App / OpenVPN Server) -> LAN B
OpenWRT:
LAN: 192.168.1.253/24 (LAN A)
WAN: DHCP (GW 192.168.1.1/24 (yep same subnet as LAN)
Synology NAS:
LAN: 192.168.10.200/24 (LAN B)
What I want to do:
I want the machines on LAN A to be able to reach the machines on LAN B through the OpenVPN tunnel.
The OpenWRT router being in client mode for OpenVPN
Synology NAS being in server mode for OpenVPN
My configuration:
This configuration is currently implemented in several peripherals (smartphone, pc, laptop) and is perfectly functional except of course on OpenWRT
dev tun
tls-client
remote mysubdomain.mydomain.com 1194
dhcp-option DNS 192.168.10.254
dhcp-option DOMAIN home.lan
pull
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass /etc/openvpn/Credentials.auth
client-cert-not-required
<ca>
-----BEGIN CERTIFICATE-----
<my-certificate>
-----END CERTIFICATE-----
</ca>
The logs:
Sat Jan 1 11:05:35 2022 daemon.warn openvpn(MyOpenVPN)[2828]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Sat Jan 1 11:05:35 2022 daemon.err openvpn(MyOpenVPN)[2828]: REMOVED OPTION: --client-cert-not-required, use '--verify-client-cert none' instead
Sat Jan 1 11:05:35 2022 daemon.notice openvpn(MyOpenVPN)[2828]: Exiting due to fatal error
Sat Jan 1 11:05:40 2022 daemon.warn openvpn(MyOpenVPN)[2848]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Sat Jan 1 11:05:40 2022 daemon.err openvpn(MyOpenVPN)[2848]: REMOVED OPTION: --client-cert-not-required, use '--verify-client-cert none' instead