2
0
I have DD-WRT v24-sp2 (12/22/14) std on my TPLink 3600 and I have configured my OpenVPN server. When I try to connect to my LAN, it works, but it is invisible from the internet.
Certificates are not expired, timeserver is set, ddwrt and windows firewall are off.
Previously, this configuration has absolutely worked from internet and LAN on this version of ddwrt. I reset, then vpn is not working.
Server configuration:
Start Type: WAN Up Config as: Server Server mode: Router (TUN) Network: 10.20.30.0 Netmask: 255.255.255.0 Port: 443 Tunnel Protocol: tcp Encryption Cipher: aes-256-cbc Hash Algorithm: sha1 Advanced Options: Disable
Vpn server status:
Server: CONNECTED SUCCESS Local Address: 10.20.30.1 Remote Address:
Vpn client configuration file:
client remote-cert-tls server remote 443 dev tun2 proto tcp resolv-retry infinite nobind persist-key persist-tun float comp-lzo verb 3 ca ca.crt cert kliens.crt key kliens.key cipher AES-256-CBC
Firewall rules:
iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -I FORWARD 1 --source 10.20.30.0/24 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.20.30.0/24 -j MASQUERADE iptables -I INPUT 1 -i tun0 -p tcp --dport 80 -j ACCEPT
Vpn client while connecting from wan:
Mon Dec 14 01:36:04 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015 Mon Dec 14 01:36:04 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08 Mon Dec 14 01:36:04 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Mon Dec 14 01:36:04 2015 Need hold release from management interface, waiting... Mon Dec 14 01:36:04 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Mon Dec 14 01:36:04 2015 MANAGEMENT: CMD 'state on' Mon Dec 14 01:36:04 2015 MANAGEMENT: CMD 'log all on' Mon Dec 14 01:36:04 2015 MANAGEMENT: CMD 'hold off' Mon Dec 14 01:36:04 2015 MANAGEMENT: CMD 'hold release' Mon Dec 14 01:36:04 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Dec 14 01:36:04 2015 Attempting to establish TCP connection with [AF_INET]100.66.138.135:443 [nonblock] Mon Dec 14 01:36:04 2015 MANAGEMENT: >STATE:1450053364,TCP_CONNECT,,, Mon Dec 14 01:36:14 2015 TCP: connect to [AF_INET]100.66.138.135:443 failed, will try again in 5 seconds: A rendszer egy csatolt meghajtón lévõ könyvtárhoz próbált meg meghajtót csatolni. Mon Dec 14 01:36:19 2015 MANAGEMENT: >STATE:1450053379,TCP_CONNECT,,,
Server log:
Jan 1 01:03:06 DD-WRT syslog.info syslogd started: BusyBox v1.22.1 Jan 1 00:03:06 DD-WRT kern.info kernel: [ 7.830000] eth0: link up (1000Mbps/Full duplex) Jan 1 00:03:06 DD-WRT kern.notice kernel: [ 8.000000] SCSI subsystem initialized Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.080000] usb 1-1: new high-speed USB device number 2 using ar71xx-ehci Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.250000] usbcore: registered new interface driver usb-storage Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.300000] usb 1-1: New USB device found, idVendor=05e3, idProduct=0608 Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.300000] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.310000] usb 1-1: Product: USB2.0 Hub Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.350000] hub 1-1:1.0: USB hub found Jan 1 00:03:06 DD-WRT kern.info kernel: [ 8.360000] hub 1-1:1.0: 4 ports detected Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.240000] device br0 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.370000] device vlan1 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.370000] device eth0 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.380000] br0: port 1(vlan1) entered forwarding state Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.390000] br0: port 1(vlan1) entered forwarding state Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.390000] device br0 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.400000] device br0 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.450000] cfg80211: Calling CRDA to update world regulatory domain Jan 1 00:03:06 DD-WRT kern.err kernel: [ 10.480000] cfg80211: Invalid regulatory domain detected: Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.480000] cfg80211: Regulatory domain: 00 Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.480000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.490000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.500000] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.510000] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.520000] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.530000] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.540000] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.560000] cfg80211: Calling CRDA to update world regulatory domain Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.580000] cfg80211: World regulatory domain updated: Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.590000] cfg80211: DFS Master region: unset Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.590000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.600000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.610000] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.620000] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.630000] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.630000] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.640000] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.650000] cfg80211: Calling CRDA for country: DE Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.660000] cfg80211: Regulatory domain changed to country: DE Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.660000] cfg80211: DFS Master region: ETSI Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.670000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.680000] cfg80211: (2400000 KHz - 2483000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.680000] cfg80211: (5150000 KHz - 5350000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.690000] cfg80211: (5470000 KHz - 5725000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 10.700000] cfg80211: (57240000 KHz - 65880000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 11.070000] device br0 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 11.730000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 11.880000] device vlan2 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 11.920000] warning: `proftpd' uses 32-bit capabilities (legacy support in use) Jan 1 00:03:06 DD-WRT kern.info kernel: [ 22.170000] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Jan 1 00:03:06 DD-WRT kern.info kernel: [ 25.440000] br0: port 1(vlan1) entered forwarding state Jan 1 00:03:06 DD-WRT kern.info kernel: [ 43.290000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 43.320000] device vlan2 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 76.730000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 76.760000] device vlan2 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 110.180000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 110.210000] device vlan2 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 143.630000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 143.660000] device vlan2 left promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 177.080000] device vlan2 entered promiscuous mode Jan 1 00:03:06 DD-WRT kern.info kernel: [ 177.110000] device vlan2 left promiscuous mode Jan 1 00:03:07 DD-WRT user.info : dnsmasq : dnsmasq daemon successfully stopped Jan 1 00:03:07 DD-WRT user.info : telnetd : telnet daemon successfully stopped Jan 1 00:03:07 DD-WRT user.info : pptpd : pptp daemon successfully stoped Jan 1 00:03:07 DD-WRT user.info : pptpd : pptp daemon successfully stoped Jan 1 00:03:07 DD-WRT user.info : telnetd : telnet daemon successfully started Jan 1 00:03:07 DD-WRT user.info : dnsmasq : dnsmasq daemon successfully started Jan 1 00:03:08 DD-WRT user.info : klogd : kernel log daemon successfully stopped Jan 1 00:03:08 DD-WRT kern.notice kernel: klogd: exiting Jan 1 00:03:08 DD-WRT user.info : syslogd : syslog daemon successfully stopped Jan 1 01:03:08 DD-WRT syslog.info syslogd exiting Jan 1 01:03:08 DD-WRT syslog.info syslogd started: BusyBox v1.22.1 Jan 1 00:03:08 DD-WRT kern.notice kernel: klogd started: BusyBox v1.22.1 (2014-12-22 03:48:38 CET) Jan 1 00:03:08 DD-WRT daemon.notice openvpn[1881]: OpenVPN 2.3.6 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 22 2014 Jan 1 00:03:08 DD-WRT daemon.notice openvpn[1881]: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Jan 1 00:03:08 DD-WRT daemon.notice openvpn[1881]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14 Jan 1 00:03:08 DD-WRT daemon.warn openvpn[1881]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: Diffie-Hellman initialized with 1024 bit key Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: Socket Buffers: R=[87380->131072] S=[16384->131072] Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: TUN/TAP device tun0 opened Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: TUN/TAP TX queue length set to 100 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1881]: /sbin/ifconfig tun0 10.20.30.1 netmask 255.255.255.0 mtu 1500 broadcast 10.20.30.255 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: Listening for incoming TCP connection on [undef] Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: TCPv4_SERVER link local (bound): [undef] Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: TCPv4_SERVER link remote: [undef] Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: MULTI: multi_init called, r=256 v=256 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: IFCONFIG POOL: base=10.20.30.2 size=252, ipv6=0 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: IFCONFIG POOL LIST Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: MULTI: TCP INIT maxclients=1024 maxevents=1028 Jan 1 00:03:09 DD-WRT daemon.notice openvpn[1894]: Initialization Sequence Completed Jan 1 00:03:23 DD-WRT kern.info kernel: [ 210.530000] device vlan2 entered promiscuous mode Jan 1 00:03:23 DD-WRT kern.info kernel: [ 210.560000] device vlan2 left promiscuous mode Jan 1 00:03:23 DD-WRT user.info : pppd : PPP daemon successfully stopped Jan 1 00:03:25 DD-WRT user.info : pppd : PPP daemon hanging, send SIGKILL Jan 1 00:03:25 DD-WRT daemon.notice pppd[1944]: pppd 2.4.6 started by root, uid 0 Jan 1 00:03:56 DD-WRT kern.info kernel: [ 243.990000] device vlan2 entered promiscuous mode Jan 1 00:03:56 DD-WRT kern.info kernel: [ 244.020000] device vlan2 left promiscuous mode Jan 1 00:03:56 DD-WRT user.info : pppd : PPP daemon successfully stopped Jan 1 00:03:56 DD-WRT daemon.info pppd[1944]: Exit. Jan 1 00:03:56 DD-WRT daemon.notice pppd[1999]: pppd 2.4.6 started by root, uid 0 Jan 1 00:04:27 DD-WRT kern.info kernel: [ 275.240000] device vlan2 entered promiscuous mode Jan 1 00:04:28 DD-WRT kern.info kernel: [ 275.270000] device vlan2 left promiscuous mode Jan 1 00:04:28 DD-WRT user.info : pppd : PPP daemon successfully stopped Jan 1 00:04:28 DD-WRT daemon.info pppd[1999]: Exit. Jan 1 00:04:28 DD-WRT daemon.notice pppd[2075]: pppd 2.4.6 started by root, uid 0 Jan 1 00:04:59 DD-WRT kern.info kernel: [ 306.490000] device vlan2 entered promiscuous mode Jan 1 00:04:59 DD-WRT kern.info kernel: [ 306.520000] device vlan2 left promiscuous mode Jan 1 00:04:59 DD-WRT user.info : pppd : PPP daemon successfully stopped Jan 1 00:04:59 DD-WRT daemon.info pppd[2075]: Exit. Jan 1 00:04:59 DD-WRT daemon.notice pppd[2130]: pppd 2.4.6 started by root, uid 0 Jan 1 00:05:30 DD-WRT kern.info kernel: [ 337.740000] device vlan2 entered promiscuous mode Jan 1 00:05:30 DD-WRT kern.info kernel: [ 337.800000] device vlan2 left promiscuous mode Jan 1 00:05:30 DD-WRT user.info : pppd : PPP daemon successfully stopped Jan 1 00:05:30 DD-WRT daemon.info pppd[2130]: Exit. Jan 1 00:05:30 DD-WRT daemon.notice pppd[2253]: pppd 2.4.6 started by root, uid 0 Jan 1 00:05:34 DD-WRT kern.info kernel: [ 342.250000] xt_CT: No such helper "ddtb" Jan 1 00:05:35 DD-WRT kern.info kernel: [ 342.270000] xt_CT: No such helper "ddtb" Jan 1 00:05:35 DD-WRT user.info : vpn modules : vpn modules successfully unloaded Jan 1 00:05:35 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded Jan 1 00:05:35 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded Jan 1 00:05:35 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded Jan 1 00:05:35 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded Jan 1 00:05:35 DD-WRT user.info : process_monitor : Process Monitor successfully stopped Jan 1 00:05:35 DD-WRT user.info : process_monitor successfully started Jan 1 00:05:35 DD-WRT user.info : upnp : upnp daemon successfully stopped Jan 1 00:05:35 DD-WRT user.info : upnp : upnp daemon successfully started Jan 1 00:05:35 DD-WRT user.info : wland : WLAN daemon successfully stopped Jan 1 00:05:35 DD-WRT user.info : wland : WLAN daemon successfully started Jan 1 00:05:35 DD-WRT user.info : WAN is up. IP: 100.66.137.238 Jan 1 00:05:35 DD-WRT user.info : openvpnserver : OpenVPN daemon (Server) successfully stopped Jan 1 00:05:35 DD-WRT daemon.notice openvpn[1894]: Closing TUN/TAP interface Jan 1 00:05:35 DD-WRT daemon.notice openvpn[1894]: /sbin/ifconfig tun0 0.0.0.0 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[1894]: SIGTERM[hard,] received, process exiting Jan 1 00:05:35 DD-WRT user.info : openvpn : OpenVPN daemon (Server) starting/restarting... Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: OpenVPN 2.3.6 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 22 2014 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14 Jan 1 00:05:35 DD-WRT daemon.warn openvpn[2406]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: Diffie-Hellman initialized with 1024 bit key Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: Socket Buffers: R=[87380->131072] S=[16384->131072] Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: TUN/TAP device tun0 opened Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: TUN/TAP TX queue length set to 100 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2406]: /sbin/ifconfig tun0 10.20.30.1 netmask 255.255.255.0 mtu 1500 broadcast 10.20.30.255 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: Listening for incoming TCP connection on [undef] Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: TCPv4_SERVER link local (bound): [undef] Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: TCPv4_SERVER link remote: [undef] Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: MULTI: multi_init called, r=256 v=256 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: IFCONFIG POOL: base=10.20.30.2 size=252, ipv6=0 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: IFCONFIG POOL LIST Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: MULTI: TCP INIT maxclients=1024 maxevents=1028 Jan 1 00:05:35 DD-WRT daemon.notice openvpn[2416]: Initialization Sequence Completed Dec 14 13:57:15 DD-WRT user.info : cron : cron daemon successfully stopped Dec 14 13:57:16 DD-WRT daemon.debug process_monitor[2381]: Restarting cron (time sync change) Dec 14 13:57:16 DD-WRT daemon.debug process_monitor[2381]: We need to re-update after 3600 seconds Dec 14 13:57:16 DD-WRT daemon.info process_monitor[2381]: set timer: 3600 seconds, callback: ntp_main() Dec 14 13:57:16 DD-WRT user.info : cron : cron daemon successfully started Dec 14 13:57:16 DD-WRT cron.info cron[2424]: (CRON) STARTUP (fork ok) Dec 14 13:57:16 DD-WRT cron.info cron[2424]: (crontabs) ORPHAN (no passwd entry) Dec 14 13:57:28 DD-WRT user.debug : ttraff: data collection started Dec 14 13:57:41 DD-WRT daemon.notice openvpn[2416]: TCP connection established with [AF_INET]192.168.1.119:35725 Dec 14 13:57:42 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 TLS: Initial packet from [AF_INET]192.168.1.119:35725, sid=6f46ba88 329bc868 Dec 14 13:57:42 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain Dec 14 13:57:42 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 NOTE: --mute triggered... Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 5 variation(s) on previous 3 message(s) suppressed by --mute Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: 192.168.1.119:35725 [changeme] Peer Connection Initiated with [AF_INET]192.168.1.119:35725 Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 MULTI_sva: pool returned IPv4=10.20.30.2, IPv6=(Not enabled) Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_5fb53209d375ff68f805e64c26822d3b.tmp Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 MULTI: Learn: 10.20.30.2 -> changeme/192.168.1.119:35725 Dec 14 13:57:43 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 MULTI: primary virtual IP for changeme/192.168.1.119:35725: 10.20.30.2 Dec 14 13:57:45 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 PUSH: Received control message: 'PUSH_REQUEST' Dec 14 13:57:45 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 send_push_reply(): safe_cap=940 Dec 14 13:57:45 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 SENT CONTROL [changeme]: 'PUSH_REPLY,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route-gateway 10.20.30.1,topology subnet,ping 10,ping- Dec 14 13:58:03 DD-WRT daemon.err openvpn[2416]: changeme/192.168.1.119:35725 Connection reset, restarting [-1] Dec 14 13:58:03 DD-WRT daemon.notice openvpn[2416]: changeme/192.168.1.119:35725 SIGUSR1[soft,connection-reset] received, client-instance restarting
I tried both UDP and TCP, but nothing changed. Any help is appreciated, I am investigating more than a week, but I have no idea what is the problem.
Does your server log show a connection attempt ? Please add your VPN server log to your question. – dotvotdot – 2015-12-14T12:46:33.633
Server log attached. – roll – 2015-12-14T14:11:17.993
You can add a new command to your server config:
log /etc/openvpn/server.log
this will filter your server log to a separate file. You can also add:verb 4
to increase the details (temporarily) - FYI: your server log does not show a remote client connection only a connection from192.168.1.119
– dotvotdot – 2015-12-15T18:53:00.647I presume your
remote 443
line has aFQDN server-name
inserted as well ? (you not need to tell me what it is just that there is one) – dotvotdot – 2015-12-15T19:00:55.1171Yes, debuged. The problem is that my isp gave me a natted IP, I contacted it and asked a public ip. – roll – 2015-12-16T06:49:32.407