DSM-G600, DNS-3xx and NSA-220 Hack Forum

jdvb · 2011-10-20 11:37:19

Hello,

I got OpenVPN working perfectly on my local network, though can't do anything remote.
All I can do remote is connect, can't ping or do anything else.

Can anyone help me solve this?

client config:

Code:

client
dev tun
proto udp
remote someip 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo

server config:

Code:

port 1194
proto udp
dev tun

ca /ffp/etc/openvpn/keys/ca.crt
cert /ffp/etc/openvpn/keys/server.crt
key /ffp/etc/openvpn/keys/server.key  # This file should be kept secret
dh /ffp/etc/openvpn/keys/dh1024.pem
# openvpn server will be on 10.8.0.1
server 172.16.0.0 255.255.255.0

push "route-gateway 172.16.0.1"
route 172.16.0.0 255.255.255.0 10.9.0.1 gw

ifconfig-pool-persist ipp.txt
status openvpn-status.log

keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
ping-timer-rem
verb 3

root@CH3SNAS:/route -n

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
172.16.0.0      10.9.0.1        255.255.255.0   UG    0      0        0 egiga0
10.9.0.0        0.0.0.0         255.255.255.0   U     0      0        0 egiga0
224.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 egiga0
0.0.0.0         10.9.0.1        0.0.0.0         UG    0      0        0 egiga0

ifconfig

Code:

egiga0    Link encap:Ethernet  HWaddr 00:80:5A:54:E4:52
          inet addr:10.9.0.3  Bcast:10.255.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:6004  Metric:1
          RX packets:720497 errors:0 dropped:0 overruns:0 frame:0
          TX packets:550039 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:512
          RX bytes:60525265 (57.7 MiB)  TX bytes:744791791 (710.2 MiB)
          Interrupt:21

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15736 (15.3 KiB)  TX bytes:15736 (15.3 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.16.0.1  P-t-P:172.16.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:60 (60.0 B)  TX bytes:0 (0.0 B)

remote subnet 192.168.2.0

update:
Pinging does work straight after logging in, though stops functioning after like 5 seconds after login.

update2:
I don't have a clue what I did, though now I can connect.
I just wonder how I can use:

redirec-gateway
dhcp-option DNS 10.8.0.1
from the client configfile.

Or differently, from location 1 I want to only access shares etc. while on my mobile phone (android, still need to root it) I want to redirect all trafic over the vpn.
My laptop may also redirect all trafic over the vpn.

Last edited by jdvb (2011-10-20 15:50:37)

jdvb · 2011-10-20 16:04:50

and then I am back to openVPN stopping to function a few seconds after loging in.
I think windows firewall is causing troubles

edit:
When I spam reconnect, untill the pinging lasts longer then my connection remains for some time, though I can't really trust it much.
How can I make my connection more reliable?

The windows firewall.log shows this:

Code:

2011-10-20 15:55:11 DROP UDP 192.168.2.190 239.255.255.250 2250 1900 250 - - - - - - - RECEIVE
2011-10-20 15:55:11 DROP UDP 192.168.2.190 239.255.255.250 2250 1900 315 - - - - - - - RECEIVE
2011-10-20 15:55:11 DROP UDP 192.168.2.190 239.255.255.250 2250 1900 263 - - - - - - - RECEIVE
2011-10-20 15:55:11 DROP UDP 192.168.2.190 239.255.255.250 2250 1900 315 - - - - - - - RECEIVE
2011-10-20 15:55:11 DROP UDP 192.168.2.190 239.255.255.250 2250 1900 305 - - - - - - - RECEIVE
2011-10-20 15:55:32 DROP UDP 192.168.2.192 224.0.1.22 427 427 57 - - - - - - - RECEIVE
2011-10-20 15:55:33 DROP UDP 192.168.2.1 192.168.2.255 520 520 112 - - - - - - - RECEIVE
2011-10-20 15:56:04 DROP UDP 192.168.2.1 192.168.2.255 520 520 112 - - - - - - - RECEIVE
2011-10-20 15:56:09 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 515 - - - - - - - RECEIVE
2011-10-20 15:56:10 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 463 - - - - - - - RECEIVE
2011-10-20 15:56:11 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 527 - - - - - - - RECEIVE
2011-10-20 15:56:11 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 543 - - - - - - - RECEIVE
2011-10-20 15:56:11 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 472 - - - - - - - RECEIVE
2011-10-20 15:56:11 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 529 - - - - - - - RECEIVE
2011-10-20 15:56:12 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 515 - - - - - - - RECEIVE
2011-10-20 15:56:13 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 463 - - - - - - - RECEIVE
2011-10-20 15:56:14 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 527 - - - - - - - RECEIVE
2011-10-20 15:56:14 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 543 - - - - - - - RECEIVE
2011-10-20 15:56:14 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 472 - - - - - - - RECEIVE
2011-10-20 15:56:14 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 529 - - - - - - - RECEIVE
2011-10-20 15:56:15 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 515 - - - - - - - RECEIVE
2011-10-20 15:56:16 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 463 - - - - - - - RECEIVE
2011-10-20 15:56:17 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 527 - - - - - - - RECEIVE
2011-10-20 15:56:17 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 543 - - - - - - - RECEIVE
2011-10-20 15:56:17 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 472 - - - - - - - RECEIVE
2011-10-20 15:56:17 DROP UDP 192.168.2.194 239.255.255.250 1900 1900 529 - - - - - - - RECEIVE
2011-10-20 15:56:34 DROP ICMP 192.168.2.201 84.245.31.174 - - 176 - - - - 3 3 - SEND
2011-10-20 15:56:36 DROP UDP 192.168.2.1 192.168.2.255 520 520 112 - - - - - - - RECEIVE
2011-10-20 15:56:38 DROP UDP 172.16.1.6 255.255.255.255 68 67 331 - - - - - - - RECEIVE
2011-10-20 15:56:38 DROP 2 0.0.0.0 224.0.0.22 - - 48 - - - - - - - SEND
2011-10-20 15:56:39 DROP ICMP 172.16.1.1 172.16.1.6 - - 84 - - - - 8 0 - FORWARD
2011-10-20 15:56:39 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2011-10-20 15:56:39 DROP UDP 0.0.0.0 255.255.255.255 68 67 343 - - - - - - - RECEIVE
2011-10-20 15:56:40 DROP ICMP 172.16.1.6 172.16.1.1 - - 84 - - - - 0 0 - SEND
2011-10-20 15:56:41 DROP ICMP 172.16.1.6 172.16.1.1 - - 84 - - - - 0 0 - SEND
2011-10-20 15:56:50 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:50 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:58 DROP 2 0.0.0.0 224.0.0.22 - - 48 - - - - - - - SEND
2011-10-20 15:56:50 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:50 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:52 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:52 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:56:53 DROP 2 0.0.0.0 224.0.0.22 - - 48 - - - - - - - SEND
2011-10-20 15:56:54 DROP ICMP 172.16.1.1 172.16.1.6 - - 84 - - - - 8 0 - FORWARD
2011-10-20 15:56:55 DROP ICMP 172.16.1.1 172.16.1.6 - - 84 - - - - 8 0 - FORWARD
2011-10-20 15:56:58 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2011-10-20 15:56:58 DROP UDP 0.0.0.0 255.255.255.255 68 67 343 - - - - - - - RECEIVE
2011-10-20 15:56:58 DROP ICMP 172.16.1.6 172.16.1.1 - - 84 - - - - 0 0 - SEND
2011-10-20 15:56:59 DROP ICMP 172.16.1.6 172.16.1.1 - - 84 - - - - 0 0 - SEND
2011-10-20 15:57:00 DROP ICMP 172.16.1.6 172.16.1.1 - - 84 - - - - 0 0 - SEND
2011-10-20 15:57:09 DROP UDP 192.168.2.1 192.168.2.255 520 520 112 - - - - - - - RECEIVE
2011-10-20 15:57:12 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:57:12 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:57:12 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:57:12 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:57:14 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE
2011-10-20 15:57:14 DROP UDP 172.16.1.6 255.255.255.255 68 67 576 - - - - - - - RECEIVE

Things seam to last while I continue to ping from both server to client and from client to server.
If I only ping from one to another then things stop after several seconds.

How long things last when I start the connection up like that I will find out.

Last edited by jdvb (2011-10-20 17:36:20)

Electrocut · 2011-10-20 22:20:27

jdvb wrote:

server config:

Code:

...
push "route-gateway 172.16.0.1"
route 172.16.0.0 255.255.255.0 10.9.0.1 gw
...

I think there is a mistake here.
172.16.0.0 255.255.255.0 is YOUR VPN network, and your server (172.16.0.1) is already part of it. So I don't think you need to add any route to 172.16.0.0

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
172.16.0.0      10.9.0.1        255.255.255.0   UG    0      0        0 egiga0

You see ? You have 2 different gateways for the same network destination. I think that's why your network behavior is ... unpredictable :p

jdvb · 2011-10-21 10:02:23

I have removed all push/route commands from my server config,
my route is now:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.16.1.0 172.16.1.2 255.255.255.0 UG 0 0 0 tun0
10.9.0.0 0.0.0.0 255.255.255.0 U 0 0 0 egiga0
224.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 egiga0
0.0.0.0 10.9.0.1 0.0.0.0 UG 0 0 0 egiga0

My connection is still unreliable, how can I make it work on setting the service to start automatically and keep it going?
It is actually not about pinging it seams, rather by pure luck. Sometimes it stays up, while other times it just stops.

Last edited by jdvb (2011-10-21 10:06:24)

GiannisAth · 2012-04-30 21:57:14

Hi,

I have installed Fan_Plug 0.7 oabi on DNS-323
I am trying to install the openvpn_2_1_2.tgz package but the following message is shown

Skipping openvpn_2_1_2-DNS323.tgz: Invalid package filename

There is any other packet appropriate for 0.7 version?

Thanks

Electrocut · 2012-05-01 19:01:37

Try to rename openvpn_2_1_2-DNS323.tgz to openvpn-2.1.2-oarm-1.tgz

Since Funplug 0.7, packages must be named "NAME-VERSION-VARIANT-REVISION", cf. fonz's post about that.

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#26 2011-10-20 11:37:19

Re: [REL] OpenVPN for fonz fun_plug 0.5

Code:

Code:

Code:

Code:

#27 2011-10-20 16:04:50

Re: [REL] OpenVPN for fonz fun_plug 0.5

Code:

#28 2011-10-20 22:20:27

Re: [REL] OpenVPN for fonz fun_plug 0.5

jdvb wrote:

Code:

Code:

#29 2011-10-21 10:02:23

Re: [REL] OpenVPN for fonz fun_plug 0.5

#30 2012-04-30 21:57:14

Re: [REL] OpenVPN for fonz fun_plug 0.5

#31 2012-05-01 19:01:37

Re: [REL] OpenVPN for fonz fun_plug 0.5

Board footer