openVPN from TO towards other router

DIKKEHENK · February 28, 2019, 12:18pm

Is there is simple way to have the TO make a openvpn connection to another router? I had this option in my old Draytek, but cannot find it in the TO, or am i missing something?

best, Dikke

peci1 · March 1, 2019, 3:16am

opkg update
opkg install luci-app-openvpn

?

mattventura · March 1, 2019, 4:35pm

If you just need a VPN connection between the two routers, then you would just install OpenVPN son both. Configure one as a server and the other as a client.

If you want them to actually route each others’ LAN subnets over the VPN, there’s some additional configuration to be done.

DIKKEHENK · March 1, 2019, 7:20pm

I have openvpn running, and it works fine if i connect from phone or tablet. But i want a site to site with openvpn. But i miss the option to connect from the TO to another router?

peci1 · March 4, 2019, 12:57am

After installing luci-app-openvpn, you have a new menu in Luci/Services where you can configure the client connection.

DIKKEHENK · March 4, 2019, 10:16am

Ok, found these options, thanks! But bit of a nOOb here… what is the client template, ‘‘client conf for a ethernet bridge vpn’’ ? and then just load the OVPN cfg, save and start?

peci1 · March 5, 2019, 12:22am

Give it a try, just use the ovpn file.

DIKKEHENK · March 5, 2019, 6:56am

Ah, it is that easy : ) ok! i loaded the .conf and there was the connection… small problem though… syslog telling me this :
err openvpn(U13)[3516]: Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/U13.ovpn:48: explicit-exit-notify (2.4.6)
2019-03-05 07:54:04 warning openvpn(U13)[3516]: Use --help for more information.

Now this .conf does work win win10 openvpn. Must be some error in there apparently? ( i removed keys and ip )

dev tun
tls-client

remote xxx.xxx.xxx.xxx 1194

#float

#redirect-gateway def1

#dhcp-option DNS DNS_IP_ADDRESS

pull

proto udp

script-security 2

reneg-sec 0

auth SHA512

cipher AES-256-CBC

auth-user-pass

key-direction 1

comp-lzo
explicit-exit-notify

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----

peci1 · March 5, 2019, 9:14am

Try to delete the explit-exit-notify line and load the conf file again. Although it’s weird this happens… Are you on latest Turris OS versions on both routers?

DIKKEHENK · March 5, 2019, 11:45am

The other router is a Synology running openVPN. I will try to remove the specific line. I can imagine it is asking for auth but does not get any?

edit, removing line gives a lot more trouble/error.

edit 2. Working. modified the .auth and added file for authentication.