I had all of this working as I wanted, till the other day, where I decided to install an mSATA disk in the device.
After installing the mSATA, and making the needed changes to the /etc/config/wireless file, I had my system back online - or so I thought.
It turns out my OpenVPN isn’t accessible from my iPhone any more. Whenever I attempt to connect, I now get connection timeouts. Other VPN connections from the iPhone works as they should.
Thanks @iddqd, this was exactly what I did (and attempted to write above).
The mystery remains, though - why did it suddenly change to not start on boot?
After setting up OpenVPN, I did reboot least 15 times, and each time the VPN setup remained working.
The only difference I can think of this time, is that I powered down the device completely to install the mSATA.
So perhaps we have some settings that somehow survives a reboot?
I didnt configure dnsmasq at all (and still, my .lan works). I tried the dig on my LAN subnet IP (which actually doesnt works as pushed DNS via OpenVPN), and from omnia I have different result (it doesnt point me to any other IP):
Well, it kind of works for me, but only for couple of seconds (about 15). I used installation trough Foris. I extracted certs and keys from downloaded configuration file and created VPN configuration manually trough GUI in Ubuntu. Then, I was able to connect and ping my NAS at 192.168.0.147. But after few seconds it stopped working. I disconnected from VPN and connect again. It started working but after another couple of seconds it failed again. I have no idea why is this happening.
Lokální síť mám 192.168.0.0/24 a při generování configurace VPN jsem nastavil 192.168.1.0/24. To je předpokládám správně, když se mi to alespoň na chvíli připojí.
That’s indeed weird and it should not happen. Is there something useful in the logs?
Anyways, if you want to make it bulletproof you could write a small script to check if OVPN is running and if necessary to start it.
Device Turris Omnia - RTROM01
Turris OS version 3.6.1
Kernel version 4.4.51-627f0117679bc72ef5e58881035f567a-3
After failing to generate CA: I uninstalled openvpn through updater, removed files from /etc/ssl/ca/openvpn/, rebooted turris, reinstalled openvpn, selected “Generate CA” and can get no further. The openvpn page in foris shows the certs generating then returns to “Currently there is no OpenVPN certificate authority(CA).”
/etc/ssl/ca/openvpn/ shows 15 files with time stamp after reboot:
-rw-r–r-- 1 root root 6704 Mar 27 05:30 01.crt
-rw-r–r-- 1 root root 1582 Mar 27 05:30 01.csr
-r-------- 1 root root 3276 Mar 27 05:30 01.key
-rw-r–r-- 1 root root 6704 Mar 27 05:30 01.pem
-rw-r–r-- 1 root root 893 Mar 27 05:30 ca.crl
-rw-r–r-- 1 root root 1862 Mar 27 05:29 ca.crt
-r-------- 1 root root 3272 Mar 27 05:29 ca.key
-rw-r–r-- 1 root root 3 Mar 27 05:30 crlnumber
-rw-r–r-- 1 root root 3 Mar 27 05:29 crlnumber.old
-rw-r–r-- 1 root root 39 Mar 27 05:30 index.txt
-rw-r–r-- 1 root root 20 Mar 27 05:30 index.txt.attr
-rw-r–r-- 1 root root 0 Mar 27 05:29 index.txt.old
-rw-r–r-- 1 root root 17 Mar 27 05:29 notes.txt
-rw-r–r-- 1 root root 3 Mar 27 05:30 serial
-rw-r–r-- 1 root root 3 Mar 27 05:29 serial.old
Why is openvpn page indicating no OpenVPN certificate authority?
I ran your script approximately 2 hours after your message here on the forum. Thank you very much for the help. The router has been perfect so far so thanks to the team, too.
Hi,
I like the feature to issue certificates and configuration files for clients. And the ability to revoke them.
I created the configuration in Foris, modified in Luci.
Everything is working like I need.
If I go to Foris, the configuration files are hidden, I need to reapply the VPN to issue a new certificate.
That reset the Luci OpenVPN setting.
Is there a work around?
Which script can I run to crate .conf files and revoke access?
I added some routes.
I don’t think it is Luci problem now.
Everytime I access Foris it prompt me ot apply the changes, even if they are already there and it is running fine.
I noticed that after each power outage I have to “Apply configuration” for OpenVPN in Foris before OpenVPN starts to work again. Is this expected? I hoped that once enabled and configured, it will automatically start even after router reboot. I never tried to set up OpenVPN manually on turris and I only used the Foris interface for OpenVPN configuration, so I don’t expect anything to be messed up in my OpenVPN configuration.
Did anyone else have the same problem? If not I guess I will have to report an issue.
I had to re-apply.
I noticed that I had duplicate firewall entries for the VPN.
When I checked them in Luci and click save, they will be ok, but Doris VPN would need to reapplied.
A reboot may validate the firewall rules and remove the wrong one.
Hi, I noticed higher battery drain on Android client with default Turris VPN configuration. It is OpenVPN feature. The fix is easy - change “keepalive 10 120” to “keepalive 1800 3600” in you /etc/config/openvpn
Is it possible to make this change in default OpenVPN Turris generator?