It is currently 19.11.2017 14:02


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Tomato router SW Openvpn problem
PostPosted: 25.12.2014 20:39 
DES
DES

Joined: 07.12.2014 23:03
Posts: 3
Hallo!

Ich habe mir einen R7000 besorgt und diesem mit tomato sw geflasht, ich habe ADSL also habe ich über PPTP die Verbindung in das Internet aufgebaut.

Meine Ip 10.0.0.140
255 0 0 0
Gateway 10.0.0.138

Nun möchte ich mich über Openvpn verbinden, leider ohne Erfolg.
ERROR: Linux route add command failed: external program exited with error status: 1
Hier sind meine Einstellungen

Select client instance-> Client 1
-Start with WAN-> Yes
-Interface Type-> TUN
-Protocol-> UDP
-Server Address and Port-> Address:amsterdam.perfect-privacy.com Port:1149
-Firewall-> Automatic
-Authorization Mode-> TLS
-Username/Password Authentication-> Yes
(Type PP Username and Password)
-Username Auth. Only-> No
-Extra HMAC authorization-> "Outgoing"
-Create NAT on tunnel-> Yes
-Poll Interval-> 0
-Redirect Internet traffic-> Yes
-Accept DNS Configuration-> Strict
-Encryption cipher-> AES-256-CBC
-Compression-> Adaptive
-TLS Renegotiation Time-> -1
-Connection Retry-> -1
-Verify Server Certificate-> No
-Custom Configuration-> (see Code)

script-security 2
ns-cert-type server
tun-mtu 1500
fragment 1300
mssfix
float
reneg-sec 86400
resolv-retry 60
persist-key
persist-tun
persist-remote-ip
route-method exe
route-delay 2
hand-window 120
tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
auth SHA512
verb 4
inactive 604800
ping 5
ping-restart 120
replay-window 512 60
mute-replay-warnings

und hier das Log

25 16:36:31 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Dec 25 16:36:31 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 1 2014
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.06
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 25 16:36:32 unknown daemon.info pptp[981]: System time change detected.
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES256-GCM-SHA384', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES256-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES128-GCM-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-GCM-SHA256'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES128-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA256'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-CAMELLIA256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-CAMELLIA128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'CAMELLIA256-SHA', please use IANA name 'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'CAMELLIA128-SHA', please use IANA name 'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA'
Dec 25 16:36:32 unknown daemon.warn openvpn[1383]: Deprecated TLS cipher name 'AES128-SHA', please use IANA name 'TLS-RSA-WITH-AES-128-CBC-SHA'
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: LZO compression initialized
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Control Channel MTU parms [ L:1606 D:210 EF:110 EB:0 ET:0 EL:0 ]
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Socket Buffers: R=[120832->131072] S=[120832->131072]
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Data Channel MTU parms [ L:1606 D:1300 EF:106 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 25 16:36:32 unknown daemon.notice openvpn[1383]: Fragmentation MTU parms [ L:1606 D:1300 EF:105 EB:135 ET:1 EL:0 AF:3/1 ]
Dec 25 16:36:32 unknown daemon.notice openvpn[1389]: UDPv4 link local: [undef]
Dec 25 16:36:32 unknown daemon.notice openvpn[1389]: UDPv4 link remote: [AF_INET]5.79.71.195:1149
Dec 25 16:36:32 unknown daemon.notice openvpn[1389]: TLS: Initial packet from [AF_INET]5.79.71.195:1149, sid=3663a911 d70e4327
Dec 25 16:36:32 unknown daemon.warn openvpn[1389]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 25 16:36:32 unknown daemon.err apcupsd[853]: apcupsd FATAL ERROR in linux-usb.c at line 609 Cannot find UPS device -- For a link to detailed USB trouble shooting information, please see <http://www.apcupsd.com/support.html>.
Dec 25 16:36:32 unknown daemon.err apcupsd[853]: apcupsd error shutdown completed
Dec 25 16:36:33 unknown daemon.notice openvpn[1389]: VERIFY OK: depth=1, C=NZ, ST=Wellington, L=Johnsonville, O=perfect-privacy, CN=perfect-privacy, emailAddress=admin@perfect-privacy.com
Dec 25 16:36:33 unknown daemon.notice openvpn[1389]: VERIFY OK: nsCertType=SERVER
Dec 25 16:36:33 unknown daemon.notice openvpn[1389]: VERIFY OK: depth=0, C=NZ, ST=Wellington, O=perfect-privacy, CN=server, emailAddress=admin@perfect-privacy.com
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Dec 25 16:36:40 unknown daemon.notice openvpn[1389]: [server] Peer Connection Initiated with [AF_INET]5.79.71.195:1149
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 94.242.243.66,dhcp-option DNS 178.162.194.30,route-gateway 10.15.21.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.15.21.22 255.255.255.128'
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: OPTIONS IMPORT: route options modified
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: OPTIONS IMPORT: route-related options modified
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: TUN/TAP device tun11 opened
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: TUN/TAP TX queue length set to 100
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: /sbin//ifconfig tun11 10.15.21.22 netmask 255.255.255.128 mtu 1500 broadcast 10.15.21.127
Dec 25 16:36:42 unknown daemon.notice openvpn[1389]: updown.sh tun11 1500 1606 10.15.21.22 255.255.255.128 init
Dec 25 16:36:42 unknown daemon.info dnsmasq[1040]: exiting on receipt of SIGTERM
Dec 25 16:36:42 unknown user.debug preinit[1]: 182: pptp peerdns disabled
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: started, version 2.71 cachesize 1500
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: asynchronous logging enabled, queue limit is 5 messages
Dec 25 16:36:42 unknown daemon.info dnsmasq-dhcp[1428]: DHCP, IP range 192.168.1.10 -- 192.168.1.50, lease time 1d
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: reading /etc/resolv.dnsmasq
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: using nameserver 94.242.243.66#53
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: using nameserver 178.162.194.30#53
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: using nameserver 213.33.98.136#53
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: read /etc/hosts - 2 addresses
Dec 25 16:36:42 unknown daemon.info dnsmasq[1428]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Dec 25 16:36:42 unknown daemon.info dnsmasq-dhcp[1428]: read /etc/dnsmasq/dhcp/dhcp-hosts
Dec 25 16:36:44 unknown daemon.notice openvpn[1389]: /sbin//route add -net 5.79.71.195 netmask 255.255.255.255 gw 88.117.63.254
Dec 25 16:36:44 unknown daemon.warn openvpn[1389]: ERROR: Linux route add command failed: external program exited with error status: 1
Dec 25 16:36:44 unknown daemon.notice openvpn[1389]: /sbin//route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.15.21.1
Dec 25 16:36:44 unknown daemon.notice openvpn[1389]: /sbin//route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.15.21.1
Dec 25 16:36:44 unknown daemon.notice openvpn[1389]: Initialization Sequence Completed
Dec 25 16:36:57 unknown cron.err crond[1000]: time disparity of 23658695 minutes detected
Dec 25 16:37:26 unknown daemon.info dnsmasq-dhcp[1428]: DHCPREQUEST(br0) 192.168.1.46 48:5b:39:5d:1a:37
Dec 25 16:37:26 unknown daemon.info dnsmasq-dhcp[1428]: DHCPACK(br0) 192.168.1.46 48:5b:39:5d:1a:37 chris-PC
Dec 25 16:38:33 unknown daemon.info dnsmasq-dhcp[1428]: DHCPINFORM(br0) 192.168.1.46 48:5b:39:5d:1a:37
Dec 25 16:38:33 unknown daemon.info dnsmasq-dhcp[1428]: DHCPACK(br0) 192.168.1.46 48:5b:39:5d:1a:37 chris-PC
Dec 25 16:38:42 unknown daemon.notice openvpn[1389]: [server] Inactivity timeout (--ping-restart), restarting
Dec 25 16:38:42 unknown daemon.notice openvpn[1389]: TCP/UDP: Closing socket
Dec 25 16:38:42 unknown daemon.notice openvpn[1389]: SIGUSR1[soft,ping-restart] received, process restarting
Dec 25 16:38:42 unknown daemon.notice openvpn[1389]: Restart pause, 2 second(s)
Dec 25 16:38:44 unknown daemon.warn openvpn[1389]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: Re-using SSL/TLS context
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: LZO compression initialized
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: Control Channel MTU parms [ L:1606 D:210 EF:110 EB:0 ET:0 EL:0 ]
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: Socket Buffers: R=[120832->131072] S=[120832->131072]
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.79.71.195:1149
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: Data Channel MTU parms [ L:1606 D:1300 EF:106 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: Fragmentation MTU parms [ L:1606 D:1300 EF:105 EB:135 ET:1 EL:0 AF:3/1 ]
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: UDPv4 link local: [undef]
Dec 25 16:38:44 unknown daemon.notice openvpn[1389]: UDPv4 link remote: [AF_INET]5.79.71.195:1149
Dec 25 16:39:21 unknown daemon.err openvpn[1389]: event_wait : Interrupted system call (code=4)
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: OpenVPN STATISTICS
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: Updated,Thu Dec 25 16:39:21 2014
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: TUN/TAP read bytes,114830
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: TUN/TAP write bytes,0
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: TCP/UDP read bytes,0
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: TCP/UDP write bytes,430
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: Auth read bytes,0
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: pre-compress bytes,101655
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: post-compress bytes,102468
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: pre-decompress bytes,0
Dec 25 16:39:21 unknown daemon.notice openvpn[1389]: END
Dec 25 16:39:28 unknown daemon.err openvpn[1389]: event_wait : Interrupted system call (code=4)
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: TCP/UDP: Closing socket
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: /sbin//route del -net 5.79.71.195 netmask 255.255.255.255
Dec 25 16:39:28 unknown daemon.warn openvpn[1389]: ERROR: Linux route delete command failed: external program exited with error status: 1
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: /sbin//route del -net 0.0.0.0 netmask 128.0.0.0
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: /sbin//route del -net 128.0.0.0 netmask 128.0.0.0
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: Closing TUN/TAP interface
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: /sbin//ifconfig tun11 0.0.0.0
Dec 25 16:39:28 unknown daemon.notice openvpn[1389]: updown.sh tun11 1500 1606 10.15.21.22 255.255.255.128 init
Dec 25 16:39:34 unknown daemon.info dnsmasq[1428]: exiting on receipt of SIGTERM
Dec 25 16:39:34 unknown user.debug preinit[1]: 182: pptp peerdns disabled
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: started, version 2.71 cachesize 1500
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: asynchronous logging enabled, queue limit is 5 messages
Dec 25 16:39:34 unknown daemon.info dnsmasq-dhcp[2116]: DHCP, IP range 192.168.1.10 -- 192.168.1.50, lease time 1d
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: reading /etc/resolv.dnsmasq
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: using nameserver 195.3.96.67#53
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: using nameserver 213.33.98.136#53
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: read /etc/hosts - 2 addresses
Dec 25 16:39:34 unknown daemon.info dnsmasq[2116]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Dec 25 16:39:34 unknown daemon.info dnsmasq-dhcp[2116]: read /etc/dnsmasq/dhcp/dhcp-hosts


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Tomato router SW Openvpn problem
PostPosted: 26.12.2014 14:26 
AES 256 bit
AES 256 bit

Joined: 27.11.2012 18:37
Posts: 272
Hi,
Quote:
...ich habe ADSL also habe ich über PPTP die Verbindung in das Internet aufgebaut.

...Du meinst doch wohl pppoE und nicht pptp ?
Zum besseren Verständnis...
- wo läuft der OpenVPN-Server, wo der Client ?
- ...oder ein vom Provider angebotener Tunnel ?
-
Code:
Meine Ip 10.0.0.140
255 0 0 0
Gateway 10.0.0.138

..ist das die WAN-IP oder die Tunnel-IP ?
Gruß orcape


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Tomato router SW Openvpn problem
PostPosted: 26.12.2014 19:39 
DES
DES

Joined: 07.12.2014 23:03
Posts: 3
Hallo danke für deine Antwort

In Österreich wird, anders als in den meisten anderen europäischen Ländern, PPTP (Point-To-Point-Tunneling-Protocol, RFC 2637) als Protokoll für den Verbindungsaufbau verwendet.

Ip des Routers ist WAN 10.0.0.140 und die Netzmaske 255.0.0.0
10.0.0.138 ist die Verbindung zum Modem.

wo läuft der OpenVPN-Server, wo der Client ?
Im tomato router gibt es eine Einstellung mit OPenvpn client
CA CC Client key habe ich eingetragen welche ich vom provider bekommen habe.

Danke Chris


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Tomato router SW Openvpn problem
PostPosted: 27.12.2014 08:49 
AES 256 bit
AES 256 bit

Joined: 27.11.2012 18:37
Posts: 272
Hi chris2011,
danke für Deine klärende Antwort, konnte ja nicht riechen da Du am Attersee wohnst... :mrgreen:
Zum Thema, ich gehe mal von aus, das Du die vom Provider gelieferten Daten 1:1 übertragen hast und das laut Routing-Protokoll auch keine Tunnelverbindung zustande kommt.
Was mich stutzig macht, das in den Logs immer wieder das Wort Daemon auftaucht, obwohl Du doch diesen gar nicht nutzt, sondern den OpenVPN-Client.
Nun bin ich auch nicht der Profi, was Tomato angeht, habe bisher nur Tunnel mit pfSense und DD-WRT aufgebaut, da sind aber Daemon und Client definitiv klar getrennt und auch abschaltbar, so das in den Logs eigentlich nichts dergleichen auftauchen dürfte.
Gruß orcape


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: Bing [Bot] and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net