----- Original Message ----- From: "Jan Just Keijser" <[email protected]> To: "Josu Lazkano" <[email protected]>; "Gert Doering" <[email protected]> Cc: <[email protected]> Sent: Monday, May 18, 2015 1:15 PM Subject: Re: [Openvpn-users] connect 2 networks with OpenWRT
> Hi, > > On 17/05/15 20:58, Josu Lazkano wrote: >> Hello, >> >> I try to configure with static key: >> >> openvpn --genkey --secret static.key >> >> I will change it later to better security (TLS). >> >> I create VPN interface with tun0 device in both routers, in the server >> side I put this configuration: >> >> # cat /etc/config/openvpn >> >> config openvpn 'myvpn' >> option enabled '1' >> option dev 'tun' >> option port '1194' >> option proto 'udp' >> option log '/tmp/openvpn.log' >> option verb '3' >> option secret '/etc/openvpn/static.key' >> >> I start it and the log file looks correct: >> >> Sun May 17 20:24:24 2015 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL >> (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 6 2015 >> Sun May 17 20:24:24 2015 library versions: OpenSSL 1.0.2a 19 Mar 2015, >> LZO 2.08 >> Sun May 17 20:24:24 2015 Static Encrypt: Cipher 'BF-CBC' initialized >> with 128 bit key >> Sun May 17 20:24:24 2015 Static Encrypt: Using 160 bit message hash >> 'SHA1' for HMAC authentication >> Sun May 17 20:24:24 2015 Static Decrypt: Cipher 'BF-CBC' initialized >> with 128 bit key >> Sun May 17 20:24:24 2015 Static Decrypt: Using 160 bit message hash >> 'SHA1' for HMAC authentication >> Sun May 17 20:24:24 2015 Socket Buffers: R=[163840->131072] >> S=[163840->131072] >> Sun May 17 20:24:24 2015 TUN/TAP device tun0 opened >> Sun May 17 20:24:24 2015 TUN/TAP TX queue length set to 100 >> Sun May 17 20:24:24 2015 UDPv4 link local (bound): [undef] >> Sun May 17 20:24:24 2015 UDPv4 link remote: [undef] >> >> I configure the client side this way: >> >> # cat /etc/config/openvpn >> config openvpn 'myvpn' >> option enabled '1' >> option dev 'tun' >> option proto 'udp' >> option log '/tmp/openvpn.log' >> option verb '3' >> option client '1' >> option secret '/etc/openvpn/static.key' >> option remote 'MYHOST 1194' >> >> But nothing happens, in the server logs nothing appears and in the >> client log file is this: >> >> # cat /tmp/openvpn.log >> Options error: specify only one of --tls-server, --tls-client, >> or --secret >> Use --help for more information. >> You MUST remove the "client" option as client enables TLS mode which this config does not support. > start out with openvpn in command line mode, i.e. on one side run > openvpn --config 10.200.0.1 10.200.0.2 --secret secret.key > and on the other side > openvpn --config 10.200.0.2 10.200.0.1 --secret secret.key --remote > <remote-IP> > That should be: openvpn --dev tun --ifconfig 10.200.0.1 10.200.0.2 --secret secret.key openvpn --dev tun --ifconfig 10.200.0.2 10.200.0.1 --secret secret.key --remote 'remote-ip' See https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
