On the openWRT server (version 22.03.5) openVPN and tcpdump are installed. When requests come to the openVPN server via WAN, they are displayed by tcpdump. tcpdump, however, does not show that the openVPN server is responding. (The vpn client does not get an answer either.) I followed these instructions: https://blog.doenselmann.com/openvpn-server-auf-openwrt-router-betreiben/
I created the certificates with letsencrypt. Is it normal that the openVPN server does not respond if the certificates are wrong? Do I have to configure anything else in openWRT to direct the requests to the openVPN server? How do I have to proceed?
Many thanks for your help!
Many greetings
There's a tested and working how-to:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#automated
Thank you. This works.
Now I wanted to create more clients and assign them their own IP addresses later. Unfortunately, a new client does not get contact with the server. The following has been changed:
# Generate client keys and certificate
easyrsa build-client-full client123 nopass
openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \
--genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client123.pem
Is there anything else to consider in another place?
Greetings
Do you have an example of a working .ovpn client file, and a non-working .ovpn client file?
You indicated that something had changed, but it's always possible that something else should have changed but didn't.
Sorry, it was a different problem. The router had received a new IP address at the same time as the changes and was no longer accessible.
Now I have set up two clients. They get different IP addresses, which were once set by the server. I have now added the line client-config-dir ccd to server.conf and created the directory /etc/openvpn/ccd. There are two files with the two names of the clients with the content: ifconfig-push 12.34.0.111 255.255.255.0. I restarted the server. The clients establish a connection and get the same addresses as before. Unfortunately, the assignment of the IP address is ignored. Can you give me a hint on this?
Regards
Are you using AT&T's network? Has 12.34.0.111 been allocated to you for your use?
It'd help if you could post your server and client .ovpn files here. Redact passwords, keys and certificates. Leave everything else intact.
I use a other address for internal use and changed it for this post. It has noting to do with other external adresses of other users.
A word of advice: when asking for help, if you disguise the information you're providing it makes it that much harder for other people to help you. It is possible to use bogus details in requests for help, but only if you're 100% positive that the problem you're experiencing would also occur with the bogus details.
As for what works, here is an example of a working OpenVPN UDP server/client configuration. I know it works, because it's my configuration and I use it regularly:
Feel free to use those files as inspiration/reference when checking your own.
Be aware that some directives are Linux-specific, and some are Windows-specific.
The filename in the CCD needs to match the CN in the client certificate.
If the issue persists, check the server side log after connecting the client.
The one with the log was good. That's where I found it:
Could not access file '/etc/openvpn/ccd/client': Permission denied (errno=13)
After the correction it works now. Thanks a lot
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.