Hi all,
I am trying to get it set up my router so that I can remotely connect to my hosts inside of my home network from my laptop when I am out and about.
I created the following files from my laptop using instructions from the openvpn guide and copied the server.conf file to the router.
Here is my /etc/config/openwrt file (this is more for reference as it is not used in my manual testing below):
openvpn 'myServer'
option enabled '1'
option config '/etc/openvpn/server.conf'
Here is my /etc/openvpn/server.conf file:
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 10.13.1.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
duplicate-cn
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
bunch of spagheti
-----END DH PARAMETERS-----
</dh>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
bunch of spagheti
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
bunch of spagheti
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
bunch of spagheti
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
bunch of spagheti
-----END PRIVATE KEY-----
</key>
On the laptop side, I have the following in my client.ovpn file:
verb 3
dev tun
nobind
client
remote 72.239.159.85 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
bunch of spagheti
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
bunch of spagheti
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
bunch of spagheti
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
bunch of spagheti
-----END PRIVATE KEY-----
</key>
Here is the output from running openvpn server manually:
/etc/config# openvpn /etc/openvpn/server.conf
Wed Mar 11 18:25:10 2020 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Mar 11 18:25:10 2020 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.10
Wed Mar 11 18:25:10 2020 Diffie-Hellman initialized with 2048 bit key
Wed Mar 11 18:25:10 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 11 18:25:10 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 11 18:25:10 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 11 18:25:10 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 11 18:25:10 2020 TUN/TAP device tun0 opened
Wed Mar 11 18:25:10 2020 TUN/TAP TX queue length set to 100
Wed Mar 11 18:25:10 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Mar 11 18:25:10 2020 /sbin/ifconfig tun0 10.13.1.1 netmask 255.255.255.0 mtu 1500 broadcast 10.13.1.255
Wed Mar 11 18:25:10 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Mar 11 18:25:10 2020 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Mar 11 18:25:10 2020 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Mar 11 18:25:10 2020 UDPv4 link remote: [AF_UNSPEC]
Wed Mar 11 18:25:10 2020 GID set to nogroup
Wed Mar 11 18:25:10 2020 UID set to nobody
Wed Mar 11 18:25:10 2020 MULTI: multi_init called, r=256 v=256
Wed Mar 11 18:25:10 2020 IFCONFIG POOL: base=10.13.1.2 size=252, ipv6=0
Wed Mar 11 18:25:10 2020 Initialization Sequence Completed
Wed Mar 11 18:25:16 2020 tls-crypt unwrap error: packet too short
Wed Mar 11 18:25:16 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]10.13.0.43:57553
Wed Mar 11 18:25:17 2020 tls-crypt unwrap error: packet too short
Wed Mar 11 18:25:17 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]10.13.0.43:57553
Wed Mar 11 18:25:18 2020 tls-crypt unwrap error: packet too short
Wed Mar 11 18:25:18 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]10.13.0.43:57553
Finally found the logs on the client side:
2020-03-12 08:58:16-0400 [HTTPChannel,4266,] Profile approve: profile u'my_host' signed_by=None was previously seen, approval=True
2020-03-12 08:58:16-0400 [HTTPChannel,4266,] OpenVPN my_host_p4530 instantiated
2020-03-12 08:58:16-0400 [HTTPChannel,4266,] pyovpn.client.vpncli.MyOMIServer starting on "u'/Library/Application Support/OpenVPN/sock/ovpn-U2xPchfn6y5Y.sock'"
2020-03-12 08:58:16-0400 [-] (Port None Closed)
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u">INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info"
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'>HOLD:Waiting for hold release'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['state on']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time state notification set to ON'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['echo on']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time echo notification set to ON'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['bytecount 1']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: bytecount interval changed'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['hold off']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold flag set to OFF'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['hold release']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold release succeeded'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] OpenVPN start: name='my_host_p4530' sev='info' msg='process started successfully'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_5ETRL8o2tmvgmD9X_5', 10] kw={} ret=[{'type': 'PROFILE', 'state': 'connect', 'profile_id': 'my_host_p4530', 'cookie': 'TRAY_CLIENT_anJ0_OV88unPL', 'timestamp': 1584017896}]
2020-03-12 08:58:16-0400 [MyOMIClient,0,] *** API CALL f=xmlrpc_Connect args=[{'new_only': True, 'cookie': 'TRAY_CLIENT_anJ0_OV88unPL', 'profile_id': 'my_host_p4530', 'type': 'static', 'non_interactive': False}, ['STATE', 'PASSWORD', 'ACTIVE', 'CERT_APPROVAL', 'INFO', 'CONNECTED_USER', 'FATAL', 'SCRIPT', 'CHALLENGE', 'DELETE_PENDING', 'NOTIFY', 'RSA_SIGN', 'CONNECT_TIMEOUT', 'BYTECOUNT'], {}] kw={} ret='sess_my_host_85_p4530_02SXW1WFzcmZXdZU_1'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'>REMOTE:my_host,1194,udp'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] TO OMI: ['remote ACCEPT']
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'SUCCESS: remote command succeeded'
2020-03-12 08:58:16-0400 [HTTPChannel,4267,] *** API CALL f=xmlrpc_Poll args=['sess_my_host_p4530_02SXW1WFzcmZXdZU_1', 10] kw={} ret=[{'active': True, 'timestamp': 1584017896, 'type': 'ACTIVE', 'last': None}]
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'>STATE:1584017896,RESOLVE,,,'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] *** STATE 1584017896,RESOLVE,,,
2020-03-12 08:58:16-0400 [MyOMIClient,0,] FROM OMI: u'>STATE:1584017896,WAIT,,,'
2020-03-12 08:58:16-0400 [MyOMIClient,0,] *** STATE 1584017896,WAIT,,,
2020-03-12 08:58:16-0400 [HTTPChannel,4269,] *** API CALL f=xmlrpc_Poll args=['sess_my_host_p4530_02SXW1WFzcmZXdZU_1', 10] kw={} ret=[{'timestamp': 1584017896, 'state': u'RESOLVE', 'type': 'STATE'}, {'timestamp': 1584017896, 'state': u'WAIT', 'type': 'STATE'}]
2020-03-12 08:58:22-0400 [HTTPChannel,4276,] TO OMI: ['exit']
2020-03-12 08:58:22-0400 [MyOMIClient,0,] OMI Cancel pending deferred ['exit']
2020-03-12 08:58:22-0400 [-] *** API CALL f=xmlrpc_Poll args=['sess_my_host_p4530_02SXW1WFzcmZXdZU_1', 10] kw={} ret=[{'active': False, 'timestamp': 1584017902, 'type': 'ACTIVE', 'last': True}]
2020-03-12 08:58:22-0400 [-] OpenVPN my_host_p4530 stop: process stopped with exit code 0
2020-03-12 08:58:22-0400 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_5ETRL8o2tmvgmD9X_5', 10] kw={} ret=[{'timestamp': 1584017902, 'state': 'disconnect', 'profile_id': 'my_host_p4530', 'type': 'PROFILE'}]
2020-03-12 08:58:22-0400 [-] *** API CALL f=xmlrpc_DisconnectAll args=[] kw={} ret=[(True, ('my_host_p4530', 0))]
2020-03-12 08:58:22-0400 [HTTPChannel,4277,] *** API CALL f=xmlrpc_EnumProfiles args=[] kw={} ret=[{'hash': '55a0f7e4168741b258f3f052021d39747cba3bf28a25f36b9b73ae3f1faf9428', 'name': u'my_host', 'global': False, 'host': umy_host', 'snapshot': {'active': {'active': False, 'timestamp': 1584017902, 'type': 'ACTIVE', 'last': True}, 'state': {'timestamp': 1584017896, 'state': 'DISCONNECTED', 'type': 'STATE'}, 'delete_pending': True, 'cookie': 'TRAY_CLIENT_anJ0_OV88unPL', 'bytecount': {'timestamp': 1584017901, 'out': u'70', 'type': 'BYTECOUNT', 'in': u'0'}}, 'owner': u'jrt', 'remote_hosts': [u'my_host'], 'type': ['static'], 'id': u'my_host_p4530', 'access_allowed': True}]
2020-03-12 08:58:22-0400 [HTTPChannel,4278,] *** API CALL f=xmlrpc_Poll args=['sess_my_host_p4530_02SXW1WFzcmZXdZU_1', 10] kw={} ret=[{'timestamp': 1584017902, 'type': 'DELETE_PENDING'}]
Thanks in advance, I would really appreciate any help you could give me!