I have a home router with openVPN on it. I can connect through the android openVPN app. However, using the MT300am it refuses to complete a connection with the below messages (stops here and just waits forever):
/usr/sbin/ip route add 0.0.0.0/1 via 10.8.35.9
/usr/sbin/ip route add 128.0.0.0/1 via 10.8.35.9
/usr/sbin/ip route add 192.168.42.0/24 via 10.8.35.9
/usr/sbin/ip route add 10.8.35.1/32 via 10.8.35.9
Initialization Sequence Complete
I can connect to a commercial server, so what is going on?
Not entirely sure what you are trying to do, since details are flaky…but you only need one instance of the VPN running - either on the device (eg. PC, phone) or on the router, not both.
I’m trying to set it up so the router will handle the VPN for any device connecting, and not require every device to have the software installed. My home router has Tomato installed, with OpenVPN running as a server. I’m using the MT300A as a travel router, and want to connect through it to my home network to access resources on the home network. The phone install was just to confirm I had the settings correct. I’m using a TLS 1024 bit key to connect, so I can have multiple devices in theory. Most of the time it’ll only be one at a time.
So the setup I want is:
MT300A (VPN Client) –> Hotel Wifi ==> Tomato Router (VPN Server) –> Home Network
^
|- Tablet and other devices
To be clear, what I’m mostly looking for is debug advice. If someone knows why it connects then stops at “Initialization sequence complete” that would be great. If not, where should I be looking for more information about what is going wrong?
Tried to simplify, changed over to the TUN just to see if it would help. Can’t switch to UDP, it doesn’t seem to reach my server.
server config: # Automatically generated configuration
daemon
server 10.8.76.0 255.255.255.0
proto tcp-server
port 1194
dev tun21
cipher AES-128-CBC
comp-lzo yes
keepalive 15 60
verb 3
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
Custom Configuration
tcp-nodelay
Client config: client
dev tun
;dev tap
proto tcp
remote XXXX.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
;mute-replay-warnings
ca “/etc/openvpn/cert/201707235040-ca.crt”
cert “/etc/openvpn/cert/201707235040-MobileRouter.crt”
key “/etc/openvpn/cert/201707235040-MobileRouter.key”
ns-cert-type server
;cipher AES-256-CBC
cipher AES-128-CBC
comp-lzo
verb 4
;mute 20
daemon
auth-nocache
The tun from ifconfig: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.76.6 P-t-P:10.8.76.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
And finally, the routes that don’t seem to complete:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.42.1 0.0.0.0 UG 20 0 0 wlan-sta
10.8.76.1 10.8.76.5 255.255.255.255 UGH 0 0 0 tun0
10.8.76.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.8.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.42.0 * 255.255.255.0 U 20 0 0 wlan-sta
192.168.42.1 * 255.255.255.255 UH 20 0 0 wlan-sta
(The 192.168.42.1 is the router I am on.)
Actually, got it working. Sorry, I’m traveling and got it working only two days ago while actually on the road.
The trick seems to be with capitalizing things. I changed everything to lower case and it started working. I suspect it just needed to be the key, crt, etc. and the ovpn file was okay. But I’m still traveling and now depending on the router and don’t want to mess things up. The same for the firmware update – I’m a bit scared to change it when my internet depends on the system working.
Thank you for your advice! I appreciate you looking at things.