D-Link Forums

D-Link VPN Router => DSR-250N => Topic started by: vkfk on September 10, 2013, 06:41:07 PM

Title: OpenVPN: No access to VPN network with the latest firmware
Post by: vkfk on September 10, 2013, 06:41:07 PM: Hi!

I've upgraded to the latest official firmware 1.08b39 and configured everything again manually.
I'm using OpenVPN on the router in server mode AND with exactly the same auth.files and configuration on both server and client side.

Connection is going fine, no errors in the log, but:
- I cannot either access or ping the VPN machines from my network any longer. I do can ping them from the router itself though.

My local machine is win7-32.
My local AND the remote network is 10.10.10.0\24 with the firewall/gateway 10.10.10.100
The VPN network is 10.10.90.0\24, with 10.10.90.6 assigned for my TAP device and 10.10.90.5 as the VPN gateway.

Here's the OpenVPN client config-file:
Code: [Select]
client dev tun proto udp remote xxx.com 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert client.crt key client.key #openvpn 2.0 ns-cert-type server tls-auth tls.key 1 cipher AES-256-CBC verb 3 #push "route 10.10.90.1 255.255.255.0"
As I said before, it all worked just a few days, with the old (b73) firmware.
The last entrance (push route) has just been added as suggested elsewhere, but with no success.

Here's the route print:
Code: [Select]
Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.10.10.100 10.10.10.13 10 10.10.10.0 255.255.255.0 On-link 10.10.10.13 266 10.10.10.13 255.255.255.255 On-link 10.10.10.13 266 10.10.10.255 255.255.255.255 On-link 10.10.10.13 266 10.10.90.0 255.255.255.0 10.10.90.5 10.10.90.6 30 10.10.90.4 255.255.255.252 On-link 10.10.90.6 286 10.10.90.6 255.255.255.255 On-link 10.10.90.6 286 10.10.90.7 255.255.255.255 On-link 10.10.90.6 286
Here's the openVPN log just in case:
Code: [Select]
Wed Sep 11 03:21:44 2013 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013 Enter Management Password: Wed Sep 11 03:21:44 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341 Wed Sep 11 03:21:44 2013 Need hold release from management interface, waiting... Wed Sep 11 03:21:45 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341 Wed Sep 11 03:21:45 2013 MANAGEMENT: CMD 'state on' Wed Sep 11 03:21:45 2013 MANAGEMENT: CMD 'log all on' Wed Sep 11 03:21:45 2013 MANAGEMENT: CMD 'hold off' Wed Sep 11 03:21:45 2013 MANAGEMENT: CMD 'hold release' Wed Sep 11 03:21:45 2013 Control Channel Authentication: using 'tls.key' as a OpenVPN static key file Wed Sep 11 03:21:45 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Sep 11 03:21:45 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Sep 11 03:21:45 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Sep 11 03:21:45 2013 MANAGEMENT: >STATE:1378862505,RESOLVE,,, Wed Sep 11 03:21:45 2013 UDPv4 link local: [undef] Wed Sep 11 03:21:45 2013 UDPv4 link remote: [AF_INET]xxxxxxxx:1194 Wed Sep 11 03:21:45 2013 MANAGEMENT: >STATE:1378862505,WAIT,,, Wed Sep 11 03:21:45 2013 MANAGEMENT: >STATE:1378862505,AUTH,,, Wed Sep 11 03:21:45 2013 TLS: Initial packet from [AF_INET]xxxxxx:1194, sid=2dfb818c 608e6ba9 Wed Sep 11 03:21:46 2013 VERIFY OK: depth=1, C=xx, ST=xx, L=xxx, O=OpenVPN, OU=xx, CN=xxxCA, name=xx-key, emailAddress=xxx Wed Sep 11 03:21:46 2013 VERIFY OK: nsCertType=SERVER Wed Sep 11 03:21:46 2013 VERIFY OK: depth=0, C=xx, ST=xxx, L=xxx, O=OpenVPN, OU=xx, CN=server, name=xxx-key, emailAddress=xxx Wed Sep 11 03:21:46 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Sep 11 03:21:46 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Sep 11 03:21:46 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Sep 11 03:21:46 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Sep 11 03:21:46 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Sep 11 03:21:46 2013 [server] Peer Connection Initiated with [AF_INET]xxxx:1194 Wed Sep 11 03:21:47 2013 MANAGEMENT: >STATE:1378862507,GET_CONFIG,,, Wed Sep 11 03:21:48 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Sep 11 03:21:48 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.10.90.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.90.6 10.10.90.5' Wed Sep 11 03:21:48 2013 OPTIONS IMPORT: timers and/or timeouts modified Wed Sep 11 03:21:48 2013 OPTIONS IMPORT: --ifconfig/up options modified Wed Sep 11 03:21:48 2013 OPTIONS IMPORT: route options modified Wed Sep 11 03:21:48 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Sep 11 03:21:48 2013 MANAGEMENT: >STATE:1378862508,ASSIGN_IP,,10.10.90.6, Wed Sep 11 03:21:48 2013 open_tun, tt->ipv6=0 Wed Sep 11 03:21:48 2013 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{81FFA300-425A-465C-B1BE-E3E970BCC6BB}.tap Wed Sep 11 03:21:48 2013 TAP-Windows Driver Version 9.9 Wed Sep 11 03:21:48 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.90.6/255.255.255.252 on interface {81FFA300-425A-465C-B1BE-E3E970BCC6BB} [DHCP-serv: 10.10.90.5, lease-time: 31536000] Wed Sep 11 03:21:48 2013 Successful ARP Flush on interface [31] {81FFA300-425A-465C-B1BE-E3E970BCC6BB} Wed Sep 11 03:21:53 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Wed Sep 11 03:21:53 2013 MANAGEMENT: >STATE:1378862513,ADD_ROUTES,,, Wed Sep 11 03:21:53 2013 C:\Windows\system32\route.exe ADD 10.10.90.0 MASK 255.255.255.0 10.10.90.5 Wed Sep 11 03:21:53 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Wed Sep 11 03:21:53 2013 Route addition via IPAPI succeeded [adaptive] Wed Sep 11 03:21:53 2013 Initialization Sequence Completed Wed Sep 11 03:21:53 2013 MANAGEMENT: >STATE:1378862513,CONNECTED,SUCCESS,10.10.90.6,xxxxxx
Ideas ?
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: FurryNutz on September 11, 2013, 08:06:34 AM: Was this working before you updated or is this the first time setting up VPN?
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: vkfk on September 12, 2013, 05:26:36 AM: OpenVPN was working before
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: FurryNutz on September 12, 2013, 06:51:49 AM: You might want to go back to the last known working version.
What was the reason to upgrade?
What region are you located?
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: vkfk on September 19, 2013, 05:29:01 AM: The reason for upgrade was described in this thread, which was impudently hijacked by another:
http://forums.dlink.com/index.php?topic=53963.0 (http://forums.dlink.com/index.php?topic=53963.0)

Region: Europe
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: FurryNutz on September 19, 2013, 07:06:05 AM: His problem was resolved with firmware 1.05b73 and not v1.08.

I recommend that you phone contact your regional D-Link support office and inquired about Open DNS.

Let us know if you find out anything.
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: vkfk on September 19, 2013, 01:50:46 PM: What exactly has OpenDNS to do with my OpenVPN and what should I inquire regional D-Link support about ?

My problem with Wi-Fi in previous firmware versions (prior b92) was never resolved. I now upgraded to v.1.08 and got myself into another trouble: OpenVPN.
Title: Re: OpenVPN: No access to VPN network with the latest firmware
Post by: FurryNutz on September 19, 2013, 01:54:29 PM: You need to phone contact them as they will be able to help you resolve this. I believe your issues are beyond forum help and needs to be reviewed at the support level. I recommend asking for level 2 or higher support.

Let us know how it goes.