Non functional OpenVPN

Software SW help
1

I am not able to utilize OpenVPN as it is in reforris. I have successfully gone through migration from TOS 3 to TOS 5 months and months ago. However, when I came back. The interfaces did not make sense and it all did not work. Is there any way to get it back to default?
Can someone share his own configuration in luci so that I can try to recreate it?

Current state is really bad. Due to migration it did not got recreated correctly and now I cant use it at all. It is critical priority for me and it is getting urgent in couple of days.

I would really appreciate any help with this

Thank you

2

Can you elaborate more on it? Screenhots, error messages etc…

3

Server or Client?

I know it’s an OT suggestion, but you should consider moving to Wireguard. It’s way faster, and much less hassle than OpenVPN.

4

allt he OpenVPN config is in folder /etc/config in file openvpn

As reforris create somehow old configuration directives I played with it a little bit and this is my /etc/config/openvpn that you can basically use if you are on Omnia.
The difference is in lzo compression and encryption AES-256-GCM. Not sure if you have dhparam in same folder, you can adjust with folder where you have it stored and you may also have more keys 01.key 02.key etc generated that also copy from original config

config openvpn ‘server_turris’
option dev ‘tun_turris’
option ca ‘/etc/ssl/ca/openvpn/ca.crt’
option crl_verify ‘/etc/ssl/ca/openvpn/ca.crl’
option cert ‘/etc/ssl/ca/openvpn/01.crt’
option key ‘/etc/ssl/ca/openvpn/01.key’
option server ‘192.168.240.0 255.255.255.0’
option ifconfig_pool_persist ‘/tmp/ipp.txt’
option duplicate_cn ‘0’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
option mute ‘20’
option topology ‘subnet’
option dh ‘/etc/ssl/ca/openvpn/dhparam.pem’
option comp_lzo ‘yes’
option enabled ‘1’
option port ‘1494’
option proto ‘udp’
option allow-compression ‘yes’
option cipher ‘AES-256-GCM’
option data-ciphers ‘AES-256-GCM:AES-128-GCM’
option data-cipher-fallback ‘AES-256-GCM’
list push ‘route 192.168.8.0 255.255.255.0’
list push ‘redirect-gateway def1’
list push ‘dhcp-option DNS 192.168.240.1’

in the client config you have to add those directives to the end

comp-lzo
cipher AES-256-GCM

I have to also note that there is also config in /etc/config/network

config interface ‘vpn_turris’
option enabled ‘1’
option device ‘tun_turris’
option proto ‘none’
option auto ‘1’

and also in /etc/config/firewall where you config the port to listen OpenVPN on, those are also set by reforris and can be kept as it is

config zone 'turris_vpn_client'
option name 'tr_vpn_cl'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'

config forwarding ‘turris_vpn_client_forward’
option src ‘lan’
option dest ‘tr_vpn_cl’

config zone ‘vpn_turris’
option enabled ‘1’
option name ‘vpn_turris’
option input ‘ACCEPT’
option forward ‘REJECT’
option output ‘ACCEPT’
option masq ‘1’
list network ‘vpn_turris’

config rule ‘vpn_turris_rule’
option name ‘vpn_turris_rule’
option target ‘ACCEPT’
option proto ‘udp’
option src ‘wan’
option dest_port ‘1494’

config forwarding ‘vpn_turris_forward_lan_in’
option enabled ‘1’
option src ‘vpn_turris’
option dest ‘lan’

config forwarding ‘vpn_turris_forward_lan_out’
option enabled ‘1’
option src ‘lan’
option dest ‘vpn_turris’

config forwarding ‘vpn_turris_forward_wan_out’
option enabled ‘1’
option src ‘vpn_turris’
option dest ‘wan’

5

It is server. I will reply in this topic tomorrow as I am working in different networks than home one.