Anleitung: OpenVPN auf einem Router mit OpenWRT

Matt

New Member
Das könnte die Lösung sein.Danke! Hätte da noch 2 Fragen.

Müsste ich, um verschiendene VPN Verbindung einzurichten die OpenVPN Config entsprechend anpassen?
Würde es sich bemerkbar machen, wenn man statt der Google DNS Server (8.8.8.8) die Cloudflare DNS Server nimmt? (1.1.1.1)
Habe gelesen, dass die schneller sein sollen.
 

Gerd

Active Member
Müsste ich, um verschiendene VPN Verbindung einzurichten die OpenVPN Config entsprechend anpassen?

Bei einer Servergruppe reicht es aus die IP zu ändern. Bei einem Server von einem anderen Land, müsste man auch die Zertifikate ändern.

Würde es sich bemerkbar machen, wenn man statt der Google DNS Server (8.8.8.8) die Cloudflare DNS Server nimmt? (1.1.1.1)
Habe gelesen, dass die schneller sein sollen.

Dazu kann ich nichts sagen. Müsste man testen.

Edit:
Um verschiedene VPN Verbindungen gleichzeitig zu nutzen, brauchst du Policy Based Routing Package. Dann ist auch in jeder Config „dev tun1“ usw. mit fortlaufender Nummer notwendig.
 
Last edited:

Matt

New Member
Okay verstehe. Ich habe es bislang nur normal mit OpenVPN probiert.

Jetzt habe ich es testweise über StealthVPN (Stunnel) versucht um evtl. bessere Übertragungen zu erreichen. Hier gibt er mir diesen Log

[EDIT] Hat sich erledigt. Ein Fehler hat sich in den Zugangsdaten eingeschlichen.


Code:
Tue Nov 10 20:00:49 2020 us=275238 OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Nov 10 20:00:49 2020 us=275518 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Tue Nov 10 20:00:49 2020 us=276958 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 10 20:00:49 2020 us=300416 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Nov 10 20:00:49 2020 us=300976 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Nov 10 20:00:49 2020 us=301436 LZO compression initializing
Tue Nov 10 20:00:49 2020 us=302776 Control Channel MTU parms [ L:1624 D:1138 EF:112 EB:0 ET:0 EL:3 ]
Tue Nov 10 20:00:49 2020 us=317335 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Nov 10 20:00:49 2020 us=318135 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 10 20:00:49 2020 us=318535 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 10 20:00:49 2020 us=319055 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:00:49 2020 us=319535 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 10 20:00:49 2020 us=319995 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10000 [nonblock]
Tue Nov 10 20:00:49 2020 us=320815 TCP: connect to [AF_INET]127.0.0.1:10000 failed: Connection refused
Tue Nov 10 20:00:49 2020 us=321734 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Nov 10 20:00:49 2020 us=322234 Restart pause, 5 second(s)
Tue Nov 10 20:00:54 2020 us=322773 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 10 20:00:54 2020 us=323292 Re-using SSL/TLS context
Tue Nov 10 20:00:54 2020 us=323712 LZO compression initializing
Tue Nov 10 20:00:54 2020 us=324812 Control Channel MTU parms [ L:1624 D:1138 EF:112 EB:0 ET:0 EL:3 ]
Tue Nov 10 20:00:54 2020 us=325352 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:00:54 2020 us=325852 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Nov 10 20:00:54 2020 us=326572 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 10 20:00:54 2020 us=326972 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 10 20:00:54 2020 us=327432 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:00:54 2020 us=327912 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 10 20:00:54 2020 us=328372 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10000 [nonblock]
Tue Nov 10 20:00:55 2020 us=329176 TCP: connect to [AF_INET]127.0.0.1:10000 failed: Connection refused
Tue Nov 10 20:00:55 2020 us=330096 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Nov 10 20:00:55 2020 us=330596 Restart pause, 5 second(s)
Tue Nov 10 20:01:00 2020 us=331100 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 10 20:01:00 2020 us=331520 Re-using SSL/TLS context
Tue Nov 10 20:01:00 2020 us=331940 LZO compression initializing
Tue Nov 10 20:01:00 2020 us=333120 Control Channel MTU parms [ L:1624 D:1138 EF:112 EB:0 ET:0 EL:3 ]
Tue Nov 10 20:01:00 2020 us=333680 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:00 2020 us=334160 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Nov 10 20:01:00 2020 us=334920 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 10 20:01:00 2020 us=335340 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 10 20:01:00 2020 us=335800 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:00 2020 us=336280 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 10 20:01:00 2020 us=336720 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10000 [nonblock]
Tue Nov 10 20:01:00 2020 us=337560 TCP: connect to [AF_INET]127.0.0.1:10000 failed: Connection refused
Tue Nov 10 20:01:00 2020 us=338460 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Nov 10 20:01:00 2020 us=338960 Restart pause, 5 second(s)
Tue Nov 10 20:01:05 2020 us=339468 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 10 20:01:05 2020 us=339908 Re-using SSL/TLS context
Tue Nov 10 20:01:05 2020 us=340308 LZO compression initializing
Tue Nov 10 20:01:05 2020 us=341428 Control Channel MTU parms [ L:1624 D:1138 EF:112 EB:0 ET:0 EL:3 ]
Tue Nov 10 20:01:05 2020 us=341968 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:05 2020 us=342468 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Nov 10 20:01:05 2020 us=343268 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 10 20:01:05 2020 us=343688 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 10 20:01:05 2020 us=344148 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:05 2020 us=344628 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 10 20:01:05 2020 us=345068 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10000 [nonblock]
Tue Nov 10 20:01:05 2020 us=345908 TCP: connect to [AF_INET]127.0.0.1:10000 failed: Connection refused
Tue Nov 10 20:01:05 2020 us=346828 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Nov 10 20:01:05 2020 us=347308 Restart pause, 5 second(s)
Tue Nov 10 20:01:10 2020 us=347801 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 10 20:01:10 2020 us=348241 Re-using SSL/TLS context
Tue Nov 10 20:01:10 2020 us=348641 LZO compression initializing
Tue Nov 10 20:01:10 2020 us=349761 Control Channel MTU parms [ L:1624 D:1138 EF:112 EB:0 ET:0 EL:3 ]
Tue Nov 10 20:01:10 2020 us=350301 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:10 2020 us=350780 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Tue Nov 10 20:01:10 2020 us=351500 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Tue Nov 10 20:01:10 2020 us=351920 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Tue Nov 10 20:01:10 2020 us=352380 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:10000
Tue Nov 10 20:01:10 2020 us=352860 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 10 20:01:10 2020 us=353380 Attempting to establish TCP connection with [AF_INET]127.0.0.1:10000 [nonblock]
Tue Nov 10 20:01:10 2020 us=354220 TCP: connect to [AF_INET]127.0.0.1:10000 failed: Connection refused
Tue Nov 10 20:01:10 2020 us=355180 SIGUSR1[connection failed(soft),init_instance] received, process restarting
 
Last edited:

Gerd

Active Member
StealthVPN Konfiguration auf OpenWRT ist etwas trickreich. Wenn man weiß worauf man achten muss, dann klappt auch die Konfiguration. Ich weiß jetzt nicht wieso bei dir die Verbindung nicht klappt.

Die StealthVPN OpenWRT Anleitungen sind nicht ganz aktuell, aber PP hat bereits neuere Versionen vorliegen. Bis dahin musst du dich gedulden, falls sich mit der neueren Konfiguration was geändert hat.
 
Top