OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
I am using VPN client routing on my ER605. This works fine with L2TP clients (the router connectings are clients for L2TP). The tunnels being created fine and routing is working.
Recently I switched from L2TP to OpenVPN (since this router should support OpenVPN clients), but for some reason tunnels are not being created. It seemed like router just ignores requests to get to the target network, when VPN client connection is OpenVPN.
What am I missing?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @TamirK ,
TamirK wrote
I am using VPN client routing on my ER605. This works fine with L2TP clients (the router connectings are clients for L2TP). The tunnels being created fine and routing is working.
Recently I switched from L2TP to OpenVPN (since this router should support OpenVPN clients), but for some reason tunnels are not being created. It seemed like router just ignores requests to get to the target network, when VPN client connection is OpenVPN.
1. Does your OpenVPN Server require the Client to enter the account password?
2. If not, please provide a screenshot of your configuration file, it will help us to locate the issue.
3. Can you try using the OpenVPN GUI directly to see if it can connect successfully?
Best Regards!
- Copy Link
- Report Inappropriate Content
Hank21 wrote
1. Does your OpenVPN Server require the Client to enter the account password?
2. If not, please provide a screenshot of your configuration file, it will help us to locate the issue.
3. Can you try using the OpenVPN GUI directly to see if it can connect successfully?
Best Regards!
1. No, only client certificate. Username/password is not required
2.
3. The same configuration file works fine with OpenVPN client (from mobile and from desktop)
- Copy Link
- Report Inappropriate Content
I had the same problem with OpenVPN client on router, to make it work I had to install server with backward compatibility to old clients.
it was a separate choice when I installed the OpenVPN server.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
this is server config, as you can see I have disabled some things, I use push route on client config so I do not have to route all traffic in the OpenVPN tunnel
dev tun
proto udp
port 1195
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/OpenVPN_b2656eb2-75bb-4594-a0e4-e8ee88e3ddf5.crt
key /etc/openvpn/easy-rsa/pki/private/OpenVPN_b2656eb2-75bb-4594-a0e4-e8ee88e3ddf5.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.74.10.0 255.255.255.0
# Set your primary domain name server address for clients
##push "dhcp-option DNS 1.1.1.1"
##push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
##push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
##push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
- Copy Link
- Report Inappropriate Content
@Hank21 I am not sure about one particual setting in the configuration dialog, so I'd like to double confirm
"Local Network" for tunnels set to DHCP LAN range (192.168.0.0/15), since this is what appears in the documentation "Select the network on the local side of the VPN tunnel. The VPN policy will be only applied to the selected local network.". Assuming my local network is 192.168.0.0/15, I want all clients to be able to use this tunnel.
This is different from the similar setting in other VPN types, where there is "Remote Subnet" setting should be defined.
How client on LAN side (OpenVPN client for site-to-site config) knows how when route to the remote network via VPN?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Do you ask me? as I wrote earlier, there is not much you can do with the router configuration, I had to install OpenVPN server with compatibility to old clients.
I run OpenVPN on an Ubuntu box, now I can connect both ER7206 and ER605 without any problems to this server,
As with you, there was also nothing in the log that indicated any traffic before I did this
The router configuration is quite simple and impossible to make mistakes
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
do not remember the whole installation process, but I had to uninstall OpenVPN server and reinstall the whole server. there was a choice during installation that I could use old client mode, ver 2.2 as I remember.
You almost have to try by yourself, I had the same problem as you for a long time but it worked when I reinstalled the OpenVPN on server.
Ubuntu is quick to install so it's quick to set up a new device in LAB to test a bit with OpenVPN.
I do not have many more tips other than that you have to try a little LAB to make it work.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3475
Replies: 10
Voters 0
No one has voted for it yet.