-
Now comes the fun....
-
Test the connection and get the DNS number you'll use in the next section.
- Disable and Stop any Current OpenVPN Process/Service
- /etc/init.d/openvpn stop
- /etc/init.d/openvpn disable
-
Type: openvpn –config vpn.<whateveryoucalledit>.ovpn
-
Watch the messages scroll up the screen. If all is successful, you'll see 'Initialization Sequence Completed' on the last line.
-
If successful, look at the lines until you see the line that reads DNS:
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.x.x.x,route 10.x.x.x,topology net30,ping 10,ping-restart 60,ifconfig 10.x.x.x 10.x.x.x'
-
Also watch for “RNETLINK answers: File exists.” This means the route-up file was successful.
-
-
-
Once you have the DNS address, we can modify the settings
-
Configure dnsmasq settings – edit file: /etc/dnsmasq.conf
# Add the highlighted lines to the file
-
# Change the following lines if you want dnsmasq to serve SRV
# records.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# Added for OpenVPN DNS
dhcp-option=<name of network interface>, 6, <IP Address from OpenVPN Connection>
# example: dhcp-option=slan,6,10.x.x.x
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
-
Create and name a startup file and place it in /etc/init.d/ so it can be enabled and disabled from OpenWrt GUI
Create file with favorite text editor (ex. vi /etc/init.d/openvpn-client)
-
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org
START=90
start()
{
logger -t "openvpn" "starting openvpn-client"
openvpn --daemon --config /root/vpn.<whateveryoucalledit>.ovpn
}
stop()
{
logger -t "openvpn" "stopping openvpn-client"
killall openvpn
sleep 3
}
Make it executable: chmod u=rwx /etc/init.d/openvpn-client
Exit the SSH Shell
7. From Web GUI, go to System -> Startup
The 'openvpn-client' and 'openvpn' show be shown in 'Initsscripts' as disabled
Enable openvpn and refresh to make sure it is running
If it stays in the Enabled state, finish the firewall settings:
|
Name |
Input |
Output |
Forward |
Masquerade & MSS clamping |
Covered Networks |
Allow Forward To |
Allow Forward From |
|
Lan |
Accept |
Accept |
Accept |
Both Blank |
Lan |
wan |
|
|
Wan |
Reject |
Accept |
Reject |
Check Masquerade MSS Blank |
Wan |
lan |
|
|
Slan |
Accept |
Accept |
Reject |
Both Blank |
Slan |
Ovpn 1 |
|
|
Ovpn 1 |
Accept |
Accept |
Reject |
Check Masquerade MSS Blank |
Ovpn 1 |
Slan |
restart the router
If everything works, when you connect to the secure wireless network, your ip address will be in the location of the vpn server.
8. Troubleshooting
If, after enabling the openvpn-client, it comes back disabled, there is something wrong in the configuration. The best way to debug or troubleshoot the connection is to SSH into the router and start the openvpn connection by typing:
/etc/init.d/openvpn-client restart
Watch toward the end to see if there are any errors in the route-up.sh script
Press 'Ctrl C' and watch what happens to the tunneldown.sh script
If you forgot to make the files executable, the connection will fail.
Ask a question in the Forum