[SOLVED] OpenVPN Configuration (non-UCI configuration)

Hello everyone,

I tried to setup OpenVPN but came to the point, that I need to have a few additional settings.
For example, duplicate-cn and ifconfig-pool .
However, these can’t be interpreted by (L)UCI.

Therefore, according to something I found on the internet, I tried the following:

/etc/config/openvpn :

package openvpn
#------------------------------------------------
config openvpn testvpn
option enabled 1
option config /etc/openvpn/openvpn.conf

/etc/openvpn/openvpn.conf (shortened) :

# ------------------------
# turrisomnia_openvpn_test

    dev    tun
    topology       subnet
    proto  udp
    port 1194
    [...]
    log-append      /tmp/openvpn/openvpn.log

testvpn appears correctly in luci-app-openvpn (with a limited number of settings, which is correct also).

When I start OpenVPN using /etc/init.d/openvpn start, nothing happens.
openvpn.log does not receive any entries (also tried only log instead of log-append in the configuration).
In luci-app-openvpn the “Start” button for “testvpn” also remains active.

Any ideas on how to get this setup working?
Anything you need to know for further analysis?

Thanks so much!

I think you can do: openvpn --config /path/to/config and see what happens in the log files.

Also you can do any .configs you want. If still need help post the output.

This is my /etc/config/openvpn, you can start with this. I think, your config is just not correct, at least syntax is wrong.

config openvpn 'myvpn’
option enabled '1’
option verb '3’
option proto 'udp’
option port '1195’
option dev 'tap0’
option mode 'server’
option tls_server '1’
option push 'route-gateway dhcp’
option keepalive '10 120’
option ca '/etc/openvpn/ca.crt’
option cert '/etc/openvpn/server.crt’
option key '/etc/openvpn/server.key’
option dh ‘/etc/openvpn/dh2048.pem’

openvpn --config /path/to/config looks like a good idea. I’ll try that later.

Regarding:

you can start with this

I actually have a working configuration using the UCI syntax. I am looking for a way to move that configuration to a separate file using the “pure” OpenVPN syntax.

You can do the config using LuCI and after add the desired options under corresponding section of “/etc/config/openvpn”:
option duplicate_cn '1’
option ifconfig_pool ‘10.8.0.4 10.8.0.251’

Hi opotinil, thanks so much, good idea.
The underdash (_) may actually solve the problem. I’ll try that later.

However, any ideas on how to properly point to a configuration file using the “pure” OpenVPN syntax?

Hi, I can’t reproduce your issue. My config looks similar and works perfectly:

# cat /etc/config/openvpn 
config openvpn 'custom'
        option enabled '1'
        option config '/etc/openvpn/custom.conf'

# cat /etc/openvpn/custom.conf 
client
nobind
ca /etc/ssl/TCS3chain.crt.pem
cert /etc/ssl/box.crt.pem
dev tunvpn
key /etc/ssl/box.key.pem
proto udp
remote server.example.net 1194
remote-cert-tls server

I tried my config move to separated file, works as well

cat /etc/config/openvpn

config openvpn 'myvpn’
option enabled ‘1’

cat /etc/openvpn/custom.conf

verb 3
proto udp
port 1195
dev tap0
mode server
tls-server 1
push route-gateway dhcp
keepalive 10 120
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem

Well, I love the problems that come and go without really knowing what the issue was.

After cleaning up the configuration files and re-doing them, everything works as expected.
I still need to do some tuning (e.g. ifconfig-pool), but otherwise accessing the “external, pure” OpenVPN configuration file works.

cat /etc/config/openvpn:

package openvpn
#------------------------------------------------
config openvpn testvpn
option enabled 1
option config /etc/openvpn/openvpn.conf

cat /etc/openvpn/openvpn.conf :

# ------------------------
# turrisomnia_openvpn_test

log-append      /tmp/openvpn/openvpn.log
status  /tmp/openvpn/openvpn-status.log
dev     tun
topology        subnet
proto   udp
port    1194
mode    server
server  192.168.33.0 255.255.255.0
ifconfig        192.168.33.1 255.255.255.0
#ifconfig-pool  192.168.33.20 192.168.33.100 255.255.255.0
route-gateway   dhcp
push    "redirect-gateway def1"
ifconfig-pool-persist /tmp/openvpn/clients/ipp.txt
push    "route 192.168.30.0 255.255.255.0"
push    "dhcp-option DNS 192.168.30.1"
push    "dhcp-option WINS 192.168.30.1"
ca      /etc/easy-rsa/keys/ca.crt
cert    /etc/easy-rsa/keys/turrisomnia.crt
key     /etc/easy-rsa/keys/turrisomnia.key
dh      /etc/easy-rsa/keys/dh2048.pem
duplicate-cn
#daemon_log_redirect 1
verb    3
keepalive 10 120
client-to-client
persist-key
persist-tun
max-clients     20