DD-WRT as VPN client

kenyloveg · Feb 6, 2010

Hi, fellows
I'm trying to setup a site to site connection between DD-WRT (client) and Tomato VPN MOD (server).
Here is my current settings

1. Tomato 1.25vpn3.4
Interface Type:TUN
Protocol: UDP
Port: 45646
Firewall: Automatic
Authorization Mode: TLS
Extra HMAC authorization (tls-auth): Bi-directional
VPN subnet/netmask:10.0.0.0/255.255.0.0
Push LAN to clients: checked
Direct clients to redirect Internet traffic: Unchecked
Respond to DNS: Checked
Advertise DNS to clients: Checked
Encryption cipher: BF-CBC
Compression: Adaptive
TLS Renegotiation Time: -1
Manage Client-Specific Options: Checked
Allow Client<->Client: Checked
Keys tab: all filled with these settings, I can connect from a laptop without any problems, internet traffice does not go to VPN server.
Code:
/etc/openvpn/server1/config.ovpn
# Automatically generated configuration
daemon
server 10.0.0.0 255.255.0.0
proto udp
port 45646
dev tun21
cipher BF-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.10.0 255.255.255.0"
client-config-dir ccd
client-to-client
push "dhcp-option DOMAIN zgqc.3322.org"
push "dhcp-option WINS 192.168.10.254"
push "dhcp-option DNS 192.168.10.1"
tls-auth static.key
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration
2. DD-WRT v24-sp2 (01/16/10) std (SVN revision 13637)

Server IP/Name: tomatovpn.server
Port: 45646
TUN MTU Setting: 1500
TUN MTU Extra: 32
TCP MSS: 1450
Use LZO Compression: Enabled
Tunnel Protocol: UDP
Tunnel Device: TUN
nsCertType: Unchcked
CA Cert, Public Client Cert, Private Client Key all filled
Code:
/tmp/openvpncl/openvpn.conf
client
dev tun
proto udp
remote zgqc.3322.org 45646
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo
Well, the error message on server side is
Code:
Feb  5 20:18:35 8230 daemon.err openvpn[92]: TLS Error: cannot locate HMAC in incoming packet from ddwrtvpn.client:32768
Looks like I'm missing "tls-auth static.key" in DD-WRT site......

How to add this to the configuration file and survive a reboot?

SgtPepperKSU · Feb 6, 2010

kenyloveg said: ↑
Hi, fellows
I'm trying to setup a site to site connection between DD-WRT (client) and Tomato VPN MOD (server).
Here is my current settings

1. Tomato 1.25vpn3.4
Interface Type:TUN
Protocol: UDP
Port: 45646
Firewall: Automatic
Authorization Mode: TLS
Extra HMAC authorization (tls-auth): Bi-directional
VPN subnet/netmask:10.0.0.0/255.255.0.0
Push LAN to clients: checked
Direct clients to redirect Internet traffic: Unchecked
Respond to DNS: Checked
Advertise DNS to clients: Checked
Encryption cipher: BF-CBC
Compression: Adaptive
TLS Renegotiation Time: -1
Manage Client-Specific Options: Checked
Allow Client<->Client: Checked
Keys tab: all filled with these settings, I can connect from a laptop without any problems, internet traffice does not go to VPN server.
Code:
/etc/openvpn/server1/config.ovpn
# Automatically generated configuration
daemon
server 10.0.0.0 255.255.0.0
proto udp
port 45646
dev tun21
cipher BF-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.10.0 255.255.255.0"
client-config-dir ccd
client-to-client
push "dhcp-option DOMAIN zgqc.3322.org"
push "dhcp-option WINS 192.168.10.254"
push "dhcp-option DNS 192.168.10.1"
tls-auth static.key
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration
2. DD-WRT v24-sp2 (01/16/10) std (SVN revision 13637)

Server IP/Name: tomatovpn.server
Port: 45646
TUN MTU Setting: 1500
TUN MTU Extra: 32
TCP MSS: 1450
Use LZO Compression: Enabled
Tunnel Protocol: UDP
Tunnel Device: TUN
nsCertType: Unchcked
CA Cert, Public Client Cert, Private Client Key all filled
Code:
/tmp/openvpncl/openvpn.conf
client
dev tun
proto udp
remote zgqc.3322.org 45646
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo
Well, the error message on server side is
Code:
Feb  5 20:18:35 8230 daemon.err openvpn[92]: TLS Error: cannot locate HMAC in incoming packet from ddwrtvpn.client:32768
Looks like I'm missing "tls-auth static.key" in DD-WRT site......

How to add this to the configuration file and survive a reboot?
I've never used DD-WRT (this question may be better placed in a DD-WRT forum), but I think the DD-WRT wiki covers how to generate custom openvpn configurations. You can create the static.key file in the same manner.

However, unless you specifically want it, you might just disable "Extra HMAC authorization (tls-auth)" on the server (and the laptop) and be done with it.

Log in or Sign up

DD-WRT as VPN client

kenyloveg Serious Server

SgtPepperKSU Network Guru

Share This Page