Difference between revisions of "OpenVPN on CentOS VS DD-WRT or OpenWRT"
| Line 1: | Line 1: | ||
Environment(s): CentOS 7 and DD-WRT (late 2019 version on a Buffalo Tech WZR-600DHP Router) with OpenVPN version 2.4.7 on ALL devices. | Environment(s): CentOS 7 and DD-WRT (late 2019 version on a Buffalo Tech WZR-600DHP Router) with OpenVPN version 2.4.7 on ALL devices. | ||
=== The Problem === | ===The Problem=== | ||
Well, there were multiple issues, but for the sake of focus let's deal with the routing issue. | Well, there were multiple issues, but for the sake of focus let's deal with the routing issue. | ||
=== Notes and the Solution === | ===Notes and the Solution=== | ||
There are several websites that give examples for the ifconfig-push command in a "CCD" configuration file for clients that are similar to this: ifconfig-push WhatEverIPAddress1 WhatEverIPAddress2, example: ifconfig-push 192.168.100.11 192.168.100.1. This is not correct. The documentation notes: ifconfig-push WhatEverIPAddress "Subnet Mask of target subnet on server". A correct example: ifconfig-push 192.168.100.11 255.255.255.0. | There are several websites that give examples for the ifconfig-push command in a "CCD" configuration file for clients that are similar to this: ifconfig-push WhatEverIPAddress1 WhatEverIPAddress2, example: ifconfig-push 192.168.100.11 192.168.100.1. This is not correct. The documentation notes: ifconfig-push WhatEverIPAddress "Subnet Mask of target subnet on server". A correct example: ifconfig-push 192.168.100.11 255.255.255.0. | ||
| Line 11: | Line 11: | ||
The "client" command cannot be used in a "CCD" configuration file | The "client" command cannot be used in a "CCD" configuration file | ||
Several websites make comments about various ways to have a client automatically reconnect with a server. Most of it is crap. Tested this and it works (on server): keepalive 5 15 | Several websites make comments about various ways to have a client automatically reconnect with a server. Most of it is crap. Tested this and it works (on server): keepalive 5 15 AND ping-restart 5 The former command is sent as part of the client configuration and means ping server every 5 seconds and if you don't receive a reply for 15 seconds, then reconnect. Works great in conjunction with the ping-restart command as the keepalive command only seems to work for one repetition and the ping-restart command has it retry the keepalive command. | ||
Latest revision as of 13:12, 5 January 2020
Environment(s): CentOS 7 and DD-WRT (late 2019 version on a Buffalo Tech WZR-600DHP Router) with OpenVPN version 2.4.7 on ALL devices.
The Problem
Well, there were multiple issues, but for the sake of focus let's deal with the routing issue.
Notes and the Solution
There are several websites that give examples for the ifconfig-push command in a "CCD" configuration file for clients that are similar to this: ifconfig-push WhatEverIPAddress1 WhatEverIPAddress2, example: ifconfig-push 192.168.100.11 192.168.100.1. This is not correct. The documentation notes: ifconfig-push WhatEverIPAddress "Subnet Mask of target subnet on server". A correct example: ifconfig-push 192.168.100.11 255.255.255.0.
One difference between the CentOS implementation / compilation and DD-WRT or OpenWRT is that a CentOS OpenVPN server defaults to a "subnet" type for the "topology" command. DD-WRT and OpenWRT default to "Point to Point". This can cause routing issues
The "client" command cannot be used in a "CCD" configuration file
Several websites make comments about various ways to have a client automatically reconnect with a server. Most of it is crap. Tested this and it works (on server): keepalive 5 15 AND ping-restart 5 The former command is sent as part of the client configuration and means ping server every 5 seconds and if you don't receive a reply for 15 seconds, then reconnect. Works great in conjunction with the ping-restart command as the keepalive command only seems to work for one repetition and the ping-restart command has it retry the keepalive command.