nycaleksey Posted August 8, 2015 Share Posted August 8, 2015 Hi, I just got a Lanturtle and first thing I wanted to do is to make it OpenVPN out to my homebase. I just copied my regular OpenVPN config that works on all other devices incuding IOS devices - but it doesn't work. When I start the module it confirms that OpenVPN is started and even gives out PIDs but then it shows it as "Stopped". The logs on my openvpn server show no connection attempts whatsoever. I cannot find the location of any OpenVPN logs or output on the LanTurtle, and trying run the /usr/sbin/openvpn binary results in empty output. My openvpn config file looks like this: client dev tun proto udp remote x.x.x.x xxx resolv-retry infinite nobind persist-key persist-tun cipher AES-128-CBC comp-lzo verb 3 <ca> -----BEGIN CERTIFICATE----- ca -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- cert -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- key -----END PRIVATE KEY----- </key> could someone help and point me out in the right direction - how do I see why exactly OpenVPN does not start? Thank you Link to comment Share on other sites More sharing options...
nycaleksey Posted August 8, 2015 Author Share Posted August 8, 2015 I have made some progress - everything works fine if I run openvpn manually: root@turtle:/tmp# /usr/sbin/openvpn --daemon --config /etc/openvpn/my-vpn.conf however, /etc/init.d/openvpn start" still does not start openvpn. I have looked through that script and it's quite complex - it tries building configs on the fly and does some other stuff. So, for now, I made a simple bandaid solution - in /etc/turtle/openvpn module definition I have replace start routine from "/etc/init.d/openvpn start" to "/usr/sbin/openvpn --daemon --config /etc/openvpn/my-vpn.conf " and the stop routine with "killall openvpn" This works for me - the LanTurtle autostarts OpenVPN when booting up and keeps the tunnel up. Hopefully this will be fixed in the firmware updates. Link to comment Share on other sites More sharing options...
nycaleksey Posted August 9, 2015 Author Share Posted August 9, 2015 I did some further digging, familiarized myself with OpenWRT for the first time, and I think I found a problem that prevents OpenVPN module from working - it does not enable openvpn.custom_config in UCI. So, after manually running uci set openvpn.custom_config.enabled=1 uci commit OpenVPN starts working just fine. This should be done as part of enabling the module by Module Manager, I think. Link to comment Share on other sites More sharing options...
raz0r Posted August 9, 2015 Share Posted August 9, 2015 Hey Can someone do a vid on this because im also stuck. Many thanks Raz0r Link to comment Share on other sites More sharing options...
ARDETROYA Posted August 9, 2015 Share Posted August 9, 2015 Hey great work... i´m learning a lot with this post... Sorry I can´t help with this but let me think laught... It would be helpfull to set a cron to run it form a script (where you can check if the service it´s started)?I´m not sure if i´m saying something very stupid but i´m just thinking laught.. Link to comment Share on other sites More sharing options...
FurtleMcGurtle Posted August 9, 2015 Share Posted August 9, 2015 I'm imagining (hoping!) some of these slightly broken things will be cleaned up shortly. In the meantime, I know we all appreciate the workarounds that have been posted - thanks all. Link to comment Share on other sites More sharing options...
Darren Kitchen Posted August 12, 2015 Share Posted August 12, 2015 Thanks nycaleksey. I noticed the custom_config.enabled issue at DEF CON. Just got back and getting my head screwed back on. Will push an updated openvpn module soon. Eventually we'll add the option to "check for updates" in modulemanager but for now we'll just advise removing and reinstalling the module. Next up for version 3 is forcing SSL and other checks to ensure module and firmware downloads aren't MITM'd. I too noticed the issue with /etc/init.d/openvpn start not working as it should. Odd. It works on my dev Turtle which has been tormented in every which way... Thanks all for the feedback! Link to comment Share on other sites More sharing options...
visualkev Posted August 16, 2015 Share Posted August 16, 2015 I also just got my lan turtle and found the openvpn module claiming to start in the turtle shell, but not actually running. Thanks to nycaleksey, those commands made it work via turtle shell. Link to comment Share on other sites More sharing options...
jxg975 Posted August 26, 2015 Share Posted August 26, 2015 Quick thing: Can anybody walkthrough the settings they have enabled on their OpenVPN access server? I have the "client gateway" box checked, and the correct subnet to route to, but the VPN still won't route to my internal network (when i'm external connected to the access server). Anybody have clear directions on what settings they have enabled on the access server? Link to comment Share on other sites More sharing options...
Darren Kitchen Posted August 27, 2015 Share Posted August 27, 2015 The only thing I forgot to do in this screenshot is check Allow Auto-Login on the turtle user. This setup allows user frog to see the turtle's 192.168.1.x network from his 10.73.31.x network. Link to comment Share on other sites More sharing options...
tazdevil Posted September 1, 2015 Share Posted September 1, 2015 has any progress been made? I see this post is not that old. I finally got time to play with my turtle today, and I updated the before anything, and also pulled down the openvpn from the module directories, so I am assuming it's currently. I can use the information in this post to get it going, but if I try from the turtle menu, it comes back as autostart enabled, it states it's started gives 3 PID's then comes back to the screen as stopped. Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 20, 2015 Share Posted September 20, 2015 has any progress been made? I see this post is not that old. I finally got time to play with my turtle today, and I updated the before anything, and also pulled down the openvpn from the module directories, so I am assuming it's currently. I can use the information in this post to get it going, but if I try from the turtle menu, it comes back as autostart enabled, it states it's started gives 3 PID's then comes back to the screen as stopped. The module was updated and works with firmware V2 Link to comment Share on other sites More sharing options...
mandrache Posted October 9, 2015 Share Posted October 9, 2015 hey folks, are there any specific config options i need to set in my turtle's vpn config to get the server to acknowledge and push the target route to other vpn connections? i followed darren's screenshot exactly as far as my server user permissions but my 'frog' connection doesnt see the 'turtle'-accessible network. from 'frog', once connected to the openvpn server, i am able to ssh into 'turtle', but the vpn gateway subnet i configured in user permissions (on which 'turtle' has as a lan connection to) is not reachable. if i look at my route table on 'frog' after i'm connected to the vpn, i do not see 'turtle's lan connection (the target network). so, from here what i did was go into the openvpn server 'advanced vpn' configuration and added the following command: push "route 192.168.1.0 255.255.255.0" i redeployed with the config changes and now, the route table in 'frog' has a route added to the target network, but i am still unable to directly access anything on the target network, so back to square one. any advice? thanks a lot Link to comment Share on other sites More sharing options...
yabasoya Posted October 10, 2015 Share Posted October 10, 2015 I am stuck exactly in the same spot. I have my lan turtle sitting behind a Linksys router. I am on a 10.x.x.x subnet, Openvpn server is on a 172.27.224.x subnet, and my lan turtle is on a 192.168.1.x subnet. Both my laptop and lan turtle have successful connections to the open vpn server. Tracing route to 192.168.1.1 over a maximum of 30 hops 1 25 ms * 21 ms 172.27.224.1 2 48 ms 43 ms 43 ms 172.27.224.8 3 172.27.224.8 reports: Destination protocol unreachable. Trace complete. 172.27.224.8 is my lan turtle, so it looks as if it knows to go to the lan turtle to find the 192.168.1.x subnet. It just isn't making that last step. If I SSH into the lan turtle, I can ping 192.168.1.1 successfully. Link to comment Share on other sites More sharing options...
yabasoya Posted October 20, 2015 Share Posted October 20, 2015 Still stuck.. I cant get past this. I found a couple of solutions online that say to reconfigure routes. I didn't want to start messing with that because I feel the turtle should phone home after being dropped and give me a vpn connection from whatever subnet it falls on. It must be something silly that I'm missing. Link to comment Share on other sites More sharing options...
barry99705 Posted October 20, 2015 Share Posted October 20, 2015 Just making sure, but you guys aren't trying to test this on the same network the vpn connects back to are you? If you are, it's probably not going to work. Link to comment Share on other sites More sharing options...
yabasoya Posted October 21, 2015 Share Posted October 21, 2015 My cable modem puts out 2 public ip addresses. Basically I have a switch and 2 routers along with a vps. Link to comment Share on other sites More sharing options...
barry99705 Posted October 21, 2015 Share Posted October 21, 2015 My cable modem puts out 2 public ip addresses. Basically I have a switch and 2 routers along with a vps. That should work. Most home routers won't do the hairpin for the vpn back to itself. Link to comment Share on other sites More sharing options...
yabasoya Posted October 24, 2015 Share Posted October 24, 2015 Can someone take a look at these routing tables to see if anything looks funny? 104.XXX.XXX.25 = CloudServer 192.168.222.2 = VPN address of LAN Turtle 192.168.222.3 = VPN address of my laptop 192.168.1.1 = Router that the Lan Turtle is connected to 172.27.208.1 = LAN address of OpenVPN Server CloudServer turtle@Cloud Server:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 104.XXX.XXX.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 104.XXX.XXX.0 * 255.255.192.0 U 0 0 0 eth0 172.27.208.0 * 255.255.255.128 U 0 0 0 as0t0 192.168.1.0 * 255.255.255.0 U 0 0 0 as0t0 192.168.222.2 * 255.255.255.255 UH 0 0 0 as0t0 turtle@ClodServer:~$ ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. From 192.168.222.2 icmp_seq=1 Destination Port Unreachable From 192.168.222.2 icmp_seq=2 Destination Port Unreachable LAN Turtle root@turtle:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.222.1 128.0.0.0 UG 0 0 0 tun0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 104.XXX.XXX.25 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1 128.0.0.0 192.168.222.1 128.0.0.0 UG 0 0 0 tun0 172.16.84.0 * 255.255.255.0 U 0 0 0 br-lan 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.222.0 * 255.255.255.0 U 0 0 0 tun0 root@turtle:~# ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: seq=0 ttl=64 time=1.562 ms 64 bytes from 192.168.1.1: seq=1 ttl=64 time=0.623 ms My Laptop IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.10.50.1 10.10.50.102 20 0.0.0.0 128.0.0.0 192.168.222.1 192.168.222.3 20 10.10.50.0 255.255.255.0 On-link 10.10.50.102 276 10.10.50.102 255.255.255.255 On-link 10.10.50.102 276 10.10.50.255 255.255.255.255 On-link 10.10.50.102 276 104.XXX.XXX.25 255.255.255.255 10.10.50.1 10.10.50.102 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 192.168.222.1 192.168.222.3 20 192.168.222.0 255.255.255.0 On-link 192.168.222.3 276 192.168.222.3 255.255.255.255 On-link 192.168.222.3 276 192.168.222.255 255.255.255.255 On-link 192.168.222.3 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.222.3 276 224.0.0.0 240.0.0.0 On-link 10.10.50.102 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.222.3 276 255.255.255.255 255.255.255.255 On-link 10.10.50.102 276 Traceroute from my laptop to turtle LAN Tracing route to 192.168.1.1 over a maximum of 30 hops 1 22 ms * 23 ms 172.27.208.1 2 43 ms 45 ms 46 ms 192.168.222.2 3 192.168.222.2 reports: Destination protocol unreachable. Trace complete. Link to comment Share on other sites More sharing options...
Vertices Posted January 8, 2016 Share Posted January 8, 2016 Hi folks, I can see this post might be stale by now, but it seems the right place to ask this. I've got a tame friend who agreed to plant my turtle on his own LAN. I set it up for autossh, and that worked right out of the box. I want to try to poke around on his network from *my* network, and so followed Darren's video instructions (and this post) for configuring an OpenVPN server. It all seems fine, but I don't get the route to the remote LAN pushed to my client. The turtle's VPN user is set up as to gateway the remote LAN - as shown above, but for 192.168.90.0/24 - and if I connect my end to the VPN, I can ping the turtle's VPN IP address directly, and even ssh to it directly from either Windows or Linux, but I cannot ping the remote LAN from my home network.As I understand it, the gateway setting on the OpenVPN server should push a gateway route to me, and should manage the traffic between the VPN clients to that remote net. I'm sure there's an important point I've misunderstood, so any help much appreciated Link to comment Share on other sites More sharing options...
yabasoya Posted January 19, 2016 Share Posted January 19, 2016 You're not the only one. In fact, I cant find anyone that has gotten this to work. I keep checking back here weekly in hopes that someone made a breakthrough. Link to comment Share on other sites More sharing options...
jermzz Posted January 24, 2016 Share Posted January 24, 2016 Mine works perfectly. I did at first have the same problem where the VPN tunnel was active but I could not ping the gateway. I had to manually edit the firewall rules on the turtle as described at the end of the video. Have you done that? After fixing the firewall, it works perfectly. I like this much better than having just an ssh to the turtle, as it puts my whole kali laptop on the network instead of just being limited to the turtle's functionality. Link to comment Share on other sites More sharing options...
yabasoya Posted February 13, 2016 Share Posted February 13, 2016 Thanks for the heads up.. I'll need to check into this again. Link to comment Share on other sites More sharing options...
raz0r Posted February 20, 2016 Share Posted February 20, 2016 Hi There Got Openvpn up and running and i can ping all on my network but got a quick question how do i enable the internet any idears ? Many thanks Link to comment Share on other sites More sharing options...
raz0r Posted February 21, 2016 Share Posted February 21, 2016 For anyone who needs internet access whilst using Openvpn just make sure you change the DNS settings ;) http://tinypic.com/r/oazp8l/9 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.