Is OpenVPN right for this?

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Is OpenVPN right for this?

Post by ispyisail »

have a look at this section

Image

IanBlakeley
Posts: 32
Joined: Mon Nov 27, 2017 6:10 am
Location: Penang, Malaysia
Contact:

Re: Is OpenVPN right for this?

Post by IanBlakeley »

tiptongrange wrote:So I guess I have to disable a web server port, but not sure where to find this. What would I need to do, and will disabling this still allow me to log in through a web browser to configure the router?
Image

System - Router Access change the HTTPS port used by the router to something other than 443

tiptongrange
Posts: 10
Joined: Mon Aug 31, 2015 6:19 pm

Re: Is OpenVPN right for this?

Post by tiptongrange »

So far I'm having only partial success. I've installed Gargoyle on a Netgear WNDR4300 router, setup OpenVPN server, and setup a client using Tunnelblick on a Mac. I can connect to the server but can't reach the internet. I can ping the gateway and other devices on the local network, but can't ping anything outside the gateway.

I also get several warning messages in the Tunnelblick log file which are listed below. I'm using mostly the default configuration from Gargoyle. Any advice on how I can reach the internet and how to address the warnings below?

Thanks,


WARNING - Tunnelblick could not fetch IP address information before the connection to openvpn-credentials-gregmbp was made.

WARNING - After connecting to openvpn-credentials-gregmbp, the Internet does not appear to be reachable.
This may mean that your VPN is not configured correctly.

WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6

WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC)

WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC)

WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Is OpenVPN right for this?

Post by ispyisail »

screen shots of your openVPN sever when connected

tiptongrange
Posts: 10
Joined: Mon Aug 31, 2015 6:19 pm

Re: Is OpenVPN right for this?

Post by tiptongrange »

I tried to post them but got an error that they were too large. What size files does this site accept?

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Is OpenVPN right for this?

Post by ispyisail »

remote host

imgur

paste the link

Code: Select all

[img]https://i.imgur.com/DhDUgkO.png[/img]

Image

tiptongrange
Posts: 10
Joined: Mon Aug 31, 2015 6:19 pm

Re: Is OpenVPN right for this?

Post by tiptongrange »

Here are the screen shots. Let me know if you need more info.

Image

Image

Image

Image

tiptongrange
Posts: 10
Joined: Mon Aug 31, 2015 6:19 pm

Re: Is OpenVPN right for this?

Post by tiptongrange »

I don't think those images came through. Here they are again.

Image

Image

Image

Image

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Is OpenVPN right for this?

Post by ispyisail »

disable bridge repeater. use AP (just for a test)

change "re-use credentials" swap around (just for a test)

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Is OpenVPN right for this?

Post by Lantis »

If you get it up and running. Move away from blowfish too.
All of the warnings you encountered are fixed in the latest versions. But they aren’t likely causing your issues here (maybe)

The only thing that may be causing you an issue is “vpn_gateway” which some clients need (mostly iPhones and androids).
After a bit of googling that may be the issue. Worth reading this thread viewtopic.php?t=3806
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply