Il 22/08/2012 16:23, Matthijs Kooijman ha scritto:
Hi Carlo,
sorry if I'm posting my problem here but the official support forums
seems to be dead...
This is exactly the place for questions like these!
Ok, good!
I installed openvpn client from "snapshots2" repo available at
http://downloads.openwrt.org/kamikaze/8.09.2/rb532/packages/
The client is working very well ;-) but I've a problem launching it at startup.
Did you know the Fonera comes shipped with the openvpn binaries as well?
I was thinking it was only for openvpn server... my mistake.
In the 2.3.6.1 version you're using, these might be a bit outdated and
the supporting scripts might not all be present, but I think this
openvpn binary should be capable of running as a client as well. You
might want to upgrade to the 2.3.7.0 beta3 release to get a newer
version, though.
I will upgrade to 2.3.7 when it will be in a stable version ;-)
I created the file "/etc/init.d/ovpnstart" as following:
And the I ran the command:
--------------------------------------------------------------------------
root@Fonera:~# /etc/init.d/ovpnstart enable
--------------------------------------------------------------------------
Ok, that should be the right approach.
--------------------------------------------------------------------------
#!/bin/sh /etc/rc.common
START=98
start() {
# start VPN
touch /tmp/vpn-start-1
/usr/sbin/openvpn --daemon --log /tmp/openvpn-log --config
/etc/openvpn/myvpn.ovpn
# set forwarding rules
touch /tmp/vpn-start-2
/usr/sbin/iptables -A forwarding_rule -o tun0 -j ACCEPT
/usr/sbin/iptables -A forwarding_rule -i tun0 -j ACCEPT
/usr/sbin/iptables -t nat -A postrouting_rule -o tun0 -j MASQUERADE
touch /tmp/vpn-start-3
}
boot() {
touch /tmp/vpn-boot-1
start
touch /tmp/vpn-boot-2
If I run the command by hand, in the shell, the VPN starts correctly.
With "the command" you mean /etc/init.d/ovpnstart (or the rc.d version)?
Or the openvpn command directly?
I mean the command
--------------------------------------------------------------------------
root@Fonera:~# /etc/init.d/ovpnstart start
--------------------------------------------------------------------------
If I reboot the Fonera I can't see the VPN running, but I can see the
"debug" files created from the script (see the "touch" command in the
script).
Are the iptables rules created? I suspect they are, which would mean
everything from your init script works except for the openvpn daemon
itself.
Correct ;-)
/usr/sbin/openvpn --daemon --log /tmp/openvpn-log --config
/etc/openvpn/myvpn.ovpn
Perhaps you could add " 2>&1 > /tmp/openvpn-debug" at the end of this
command? This should redirect stderr to stdout and stdout to a file. If
openvpn spews any errors before opening up its log file, you should see
them.
I see nothing in the /tmp/openvpn-debub file, because I've already
redirected output in the /tmp/openvpn-log file. And however no error.
But this was a good hint because I saw that the log were truncated... the
VPN connection started and then, in the negotiation phase, ended without
terminate the full process.
I just added two "forced delay" in the script and now the VPN starts at
boot. OK, I know this isn't' a "clean way" to solve the problem, but for
now is enough.
--------------------------------------------------------------------------
[...]
sleep 15
# start VPN
/usr/sbin/openvpn --daemon --config /etc/openvpn/myvpn.ovpn
sleep 15
[...]
--------------------------------------------------------------------------
I will wait the stable new firmware (BTW: when?) to apply a clean solution
(as Jon "The Nice Guy" Spriggs suggested in the previous e-mail).
Thanks again for your support,
Carlo
_______________________________________________
Development mailing list
[email protected]
http://fonosfera.org/mailman/listinfo/development
