Hello, I am trying to connect this device to an OpenVPN Server instance running on my ddwrt router. I have an .ovpn file that works perfectly in this setup for a windows client. The client connects and then gets the IP address from remote server.
I have taken the same exact file and imported it into the 1300 via the admin panel. It appears to connected but I can no longer get to anything in the browser other than the admin panel. I notice that the IP of the phone then becomes 192.168.8.x - is that the issue? Should I instead be getting an IP from the server and also the dns? The 1300 is currently in “router” mode and it is accessing the local network via wifi.
I am also seeing this in the router’s log:
20211005 10:00:07 N 192.168.1.118:36259 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20211005 10:00:07 N 192.168.1.118:36259 TLS Error: TLS handshake failed
20211005 10:00:07 192.168.1.118:36259 SIGUSR1[soft tls-error] received client-instance restarting
20211005 10:00:12 192.168.1.118:50401 TLS: Initial packet from [AF_INET]192.168.1.118:50401 sid=a8872d80 15f4f59a
20211005 10:00:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 10:00:29 D MANAGEMENT: CMD 'state'
20211005 10:00:29 MANAGEMENT: Client disconnected
20211005 10:00:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 10:00:29 D MANAGEMENT: CMD 'state'
20211005 10:00:29 MANAGEMENT: Client disconnected
20211005 10:00:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 10:00:29 D MANAGEMENT: CMD 'state'
20211005 10:00:29 MANAGEMENT: Client disconnected
20211005 10:00:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 10:00:29 MANAGEMENT: Client disconnected
20211005 10:00:29 NOTE: --mute triggered...
20211005 10:00:29 1 variation(s) on previous 3 message(s) suppressed by --mute
I’ll make a start, but there is a lot unclear in your message. You are referring to two routers, a windows box and a phone. I assume the log that you post is from the ddwrt router, not the mt1300 router. It would help if you would explain where the ddwrt router is and how it connects to the internet, where the MT1300 is and how it connects to the internet, where the windows box is and where the phone is. And then what IP addresses exist in all this.
If I follow, you have an MT1300 in one place. Devices that connect to its LAN via ethernet or wifi will pull an address in 192.168.8.xx range. On its WAN side it will get some address and all devices on the LAN will have access to the internet. Your ddwrt router is in a different place, and devices that connect to its LAN side will pull an address which must be in a different range, and it will have a WAN address that must be publicly routable (or has port forwarding in place). That WAN address must also be unique, so the WAN address of the MT1300 and the WAN address of the ddwrt can’t be the same. Addresses like 192.168.1.1 are often issues.
When a OpenVPN client running on the MT1300 connects to your OpenVPN server, the MT1300 will get another IP address along the lines of 10.0.8.xx and your OpenVPN server will (1) add a route from itself to that address or (2) change the default gateway of the MT1300 to the OpenVPN server itself. If it does (2), then your phone will connect to the MT1300, and its internet traffic will be routed over the tunnel to the ddwrt router, and it will then send it out to the internet. It sounds like your windows box is doing that–is it?
If the server doesn’t do (2), then the MT1300 will send internet traffic out over its original default gateway.
Now, in the log, it doesn’t look like a connection is being made, because the server is expecting a TLS key that it isn’t received. Is that key in the .ovpn file?
Thank you so much for the response! I really appreciate it.
I have one OpenVPN server instance running - that is the ddwrt router at my home.
I have created a .ovpn file for connecting to this router and tested via OpenVPN windows client. It is working.
I took that same config file and uploaded it to the 1300 - that’s where I am at now.
I suppose we should start with the error. On my server the “TLS Key” is blank. Also, I do not have one set in my config file (I do have other keys, certs, etc). None of the guides that I followed had me create one. Is there something in the 1300’s config that makes it look for this key? The windows client did not.
EDIT:
I saw what was causing the TLS error in my config and I have corrected it. This is now what I am seeing on my server when I connect. I can see the client has connected on my server but I still don’t have any internet access. Do I need to change the mode to something other than router?
20211005 12:41:29 192.168.1.118:43559 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
20211005 12:41:29 192.168.1.118:43559 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
20211005 12:41:29 192.168.1.118:43559 Local Options String (VER=V4): ‘V4 dev-type tun link-mtu 1521 tun-mtu 1500 proto UDPv4 auth [null-digest] keysize 128 key-method 2 tls-server’
20211005 12:41:29 192.168.1.118:43559 Expected Remote Options String (VER=V4): ‘V4 dev-type tun link-mtu 1521 tun-mtu 1500 proto UDPv4 auth [null-digest] keysize 128 key-method 2 tls-client’
20211005 12:41:29 192.168.1.118:43559 TLS: Initial packet from [AF_INET]192.168.1.118:43559 sid=d3e0f18d 8d5d8373
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 D MANAGEMENT: CMD ‘state’
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 D MANAGEMENT: CMD ‘state’
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 D MANAGEMENT: CMD ‘state’
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 NOTE: --mute triggered…
20211005 12:41:44 1 variation(s) on previous 3 message(s) suppressed by --mute
20211005 12:41:44 D MANAGEMENT: CMD ‘status 2’
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 D MANAGEMENT: CMD ‘status 2’
20211005 12:41:44 MANAGEMENT: Client disconnected
20211005 12:41:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20211005 12:41:44 D MANAGEMENT: CMD ‘log 500’
19691231 19:00:00
EDIT 2
One thing I did not notice before is that I can see the client in the server’s “VPN Server Stats” table but I do NOT see it in the “VPN Routing Table”. My windows client showed in both tables.
I haven’t used dd-wrt with openvpn, but I have used openvpn a lot with my GL-mt1300 connecting as a client to my Asus-Merlin routers running OpenVPN servers. So I’m trying to see what is different to my setup. My MT1300 is on the -oops firmware, and I’ve just imported an .ovpn config for my Asus router into the MT1300. It connects just fine.
I’m a little unclear on where the “Additional Configuration” is for you. Is this client or server side? The key is enabling pushing the redirect of the default gateway on the client side, which looks to be correct on your server configuration. That includes in the server config “push redirect-gateway def1”, so in your log you should see something that says “received control message:” with that among the list. If the additional configuration is on the client side, I don’t know what that means. I would delete all three of those lines if they are.
Second, your log at verb 4 or 5 should be a crapton longer. Among other things it should be adjusting the link mtu to something larger than 1521 for 1500 in the tunnel. There should be hints.
Sorry, the “Additional Configuration” is on the server side. This is where the guide tells me instruct the incoming sessions as to where the vpn gateway is. As for any other settings… I am a novice in this area (software developer during the day) so I am feeling my way through this.
