Notices
Page 1 of 2 1 2
Reply
Thread Tools
gregc2009 is offline gregc2009
2009-12-21 , 19:17
Posts: 56 | Thanked: 7 times | Joined on Dec 2009 @ Spokane, WA
#1
I have OpenVPN installed and working on tomato flashed router using a static key and tap. I'm using a win xp laptop successfully with this setup.

I wanted to try and get the N900 to work with it as well. It installed OpenVPN and the applet fine. When I run the test, it all looks good. When I connect, it looks good too except the routing through the vpn doesn't work. I am not familiar enough with this stuff to understand why though.

Here is the config:
Code:
   remote MY.STATIC.SERVER.IP
   port 1194
   dev tap
   secret static.key
   proto udp
   comp-lzo
   route-gateway 192.168.0.100
   redirect-gateway
Here is the test output:

Code:
Mon Dec 21 11:09:52 2009 OpenVPN 2.1_rc20 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [MH] [PF_INET6] built on Nov 29 2009
Mon Dec 21 11:09:52 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 21 11:09:52 2009 /usr/sbin/openvpn-vulnkey -q static.key
Mon Dec 21 11:09:52 2009 ******* WARNING *******: 'static.key' cannot be verified as a non-vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Dec 21 11:09:52 2009 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 21 11:09:52 2009 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 21 11:09:52 2009 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 21 11:09:52 2009 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 21 11:09:52 2009 LZO compression initialized
Mon Dec 21 11:09:52 2009 ROUTE: default_gateway=UNDEF
Mon Dec 21 11:09:52 2009 TUN/TAP device tap0 opened
Mon Dec 21 11:09:52 2009 TUN/TAP TX queue length set to 100
Mon Dec 21 11:09:52 2009 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Mon Dec 21 11:09:52 2009 Data Channel MTU parms [ L:1577 D:1450 EF:45 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Dec 21 11:09:52 2009 Local Options hash (VER=V4): '83c3b015'
Mon Dec 21 11:09:52 2009 Expected Remote Options hash (VER=V4): '83c3b015'
Mon Dec 21 11:09:52 2009 Socket Buffers: R=[65536->131072] S=[16384->131072]
Mon Dec 21 11:09:52 2009 UDPv4 link local (bound): [undef]
Mon Dec 21 11:09:52 2009 UDPv4 link remote: [AF_INET]MY.STATIC.SERVER.IP
Any help is greatly appreciated.

- Greg
 
mikkov is offline mikkov
2009-12-21 , 19:25
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#2
>Mon Dec 21 11:09:52 2009 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

redirect-gateway doesn't work when cellular (3g/gprs) connection is used. Reason is stated in above error message
 
gregc2009 is offline gregc2009
2009-12-21 , 21:08
Posts: 56 | Thanked: 7 times | Joined on Dec 2009 @ Spokane, WA
#3
Is this a software limitation? Any way around it? I'm posting this on my computer that is using the N900 as a modem on GSM through a VPN to our work without any issues.
 
mikkov is offline mikkov
2009-12-21 , 21:20
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#4
It is because how network interfaces are setup on N900, so you could say it's a software limitation.

There may be workaround for it, see http://talk.maemo.org/showthread.php...hlight=openvpn (actually these threads should be merged)
 
alphazo is offline alphazo
2010-02-10 , 17:14
Posts: 12 | Thanked: 15 times | Joined on Jan 2010
#5
Workaround (script) found here works just fine:
https://bugs.maemo.org/show_bug.cgi?id=7596#c9

- Copied the script to /etc/openvpn
- Added
Code:
script-security 2
ipchange /etc/openvpn/add_default_route.sh
to my openvpn config file and all traffic was tunneled (tested with Wireshark). BTW, there is one last thing I had to do in order to get DNS resolution, I had to add
Code:
nameserver 192.168.0.254
Where 192.168.0.254 is the address of my router at home to either /var/run/resolv.conf.gprs or /var/run/resolv.conf.wlan0 depending of the connection.

To automate that process I simply added the following to the workaround script found up there:
Code:
if [ -f /var/run/resolv.conf.gprs ];
then
  echo "nameserver 192.168.0.254" >> /var/run/resolv.conf.gprs
fi
if [ -f /var/run/resolv.conf.wlan0 ];
then
  echo "nameserver 192.168.0.254" >> /var/run/resolv.conf.wlan0
fi
As a side note here are the special options I have enabled in my openvpn config:
Code:
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.0.254"

I now have OpenVPN working on both Wifi and Gprs with full internet traffic routed through the tunnel... cool!
 

The Following 4 Users Say Thank You to alphazo For This Useful Post:
lbt is offline lbt
2010-02-22 , 15:51
Posts: 119 | Thanked: 412 times | Joined on Aug 2008
#6
Just checking that you guys know what the "redirect-gateway" option does?

It replaces the default gateway on the client/device and makes *all* your network traffic from the client/device go via the (slow) VPN.

So if you are just using a VPN to allow access to machines on a private LAN then you probably don't want it.
 
alphazo is offline alphazo
2010-02-22 , 16:52
Posts: 12 | Thanked: 15 times | Joined on Jan 2010
#7
Yep.. that was the intended purpose especially when browsing the web from untrusted locations such as public WiFi hot spots.

As a side note, if you use password protected certificates you will have to add
Code:
askpass
to the OpenVPN config file in order to get prompted for your password by OpenVPN-gui applet (very convenient).

Alphazo
 
mr.zoom is offline mr.zoom
2010-05-07 , 12:17
Posts: 3 | Thanked: 6 times | Joined on Apr 2010 @ Switzerland (Zürich)
#8
I added to the openvpn client config file the following 3 lines:
script-security 2
up /etc/openvpn/maemo-update-resolvconf
down /etc/openvpn/maemo-update-resolvconf
The script maemo-update-resolvconf existed already.
This works for me very fine with wlan and gprs/umts.

Cheers

mr.zoom
 

The Following 3 Users Say Thank You to mr.zoom For This Useful Post:
Davey101's Avatar
Davey101 is offline Davey101
2010-05-18 , 11:53
Posts: 40 | Thanked: 14 times | Joined on Feb 2010 @ UK
#9
Originally Posted by mr.zoom View Post
I added to the openvpn client config file the following 3 lines:
script-security 2
up /etc/openvpn/maemo-update-resolvconf
down /etc/openvpn/maemo-update-resolvconf
The script maemo-update-resolvconf existed already.
This works for me very fine with wlan and gprs/umts.

Cheers

mr.zoom
What does this addition do?

Thanks
__________________
Dave
 
mr.zoom is offline mr.zoom
2010-05-27 , 14:14
Posts: 3 | Thanked: 6 times | Joined on Apr 2010 @ Switzerland (Zürich)
#10
Hi Dave
  • script-security 2 # sets the security settings that you can run external scripts
  • up /etc/openvpn/maemo-update-resolvconf # runs the script maemo-update-resolvconf if your vpn connection is up
  • down /etc/openvpn/maemo-update-resolvconf # runs the script maemo-update-resolvconf if your vpn connection is down

The maemo-update-resolvconf script existed on my phone already after the installation of openvpn on my phone. The script takes the dns settings from your openvpn environment and writes it in your /etc/resolv.conf if the connection is up. If you disconnect it wirtes the orginal settings to the /etc/resolv.conf.

Cheers

mr.zoom
 

The Following 2 Users Say Thank You to mr.zoom For This Useful Post:
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 09:07.

Contact Us - Home - Archive - Top