Tutorial - Setup OpenVPN! Need for Dm800 all new Image

Desitv

Registered
Messages
10
Hi
How to Activate OpenVPN! in new dreambox 800 hd Image ..
Like Image
EDG-Nemesis2-2-dm800-e2-(1-6)-2011-25-2-#76D
New Dream Elite 1.0HD PrzEdition Sim2-76D
New DreamElite 1.0 HD - new sim2 boot 76D

Thanks
 

douros

Registered
Messages
61
Hi
How to Activate OpenVPN! in new dreambox 800 hd Image ..
Like Image
EDG-Nemesis2-2-dm800-e2-(1-6)-2011-25-2-#76D
New Dream Elite 1.0HD PrzEdition Sim2-76D
New DreamElite 1.0 HD - new sim2 boot 76D

Thanks

@Desitv openvpn included at these images you talk about and works fine
You have to go blue panel(blue button)....then system utilitties(red button) and the first option is start restart programms....and you start the openvpn
Then the third option is to start programms on boot and you turn the openvpn from no to yes....and then it starts auto any time you boot your dream :thum:
 

mani007

Registered
Messages
19
hi dear

ist why we need open vpn?
2nd by that vpn we can bypass internet provider because in uae etisalat block many server

i am ussing gemini engima2 in dm 800, how i can use vpn?
 

bu3askoor

Registered
Messages
39
mani, i am also from uae. I use openvpn for my usual browsing and in my dreambox. I got the service from witopia. I used their files to transfer to my dreambx. Just follow the link ferret pointed to and you should be fine.

If you do not have a vpn provider, you cannot use openvpn feature in your image.

By the way i moved recently to nemesis 2.2 HD and it is working great.
 

Dream_Merchant

Registered
Messages
4
My friend,

Regarding installing VPN on DM500HD with gemini2.

I registered with witopia, downloaded their software, renamed one of the .ovpn files into a .conf file, edited the .conf file so that it points to the correct ca, key and cert files and copied everything in the /etc/openvpn/ directory of the dreambox.

However, when I attempt to start the openvpn server daemon from services/daemons on the blue panel, the red dot becomes yellow and stays so (doesn't go green). The connection is not made. Am I missing something?

I have searched the internet and you seem to be the only person that has managed to make this work, so I would be very appreciated if you could help me out. Cookies available as reward.
 

bu3askoor

Registered
Messages
39
@Dream,
in my DM800 it stays yellow but the connection is made.

Can you connect thru telnet and execute:

/etc/init.d/openvpn restart

and paste the result.
==================================================

By the way make sure that you have the files have the same names .. such as

myvpn.crt
myvpn.key
myvpn.conf

keep the other crt the same (ca.crt)

Also, make sure you box is connected to the internet.
 
Last edited:

Dream_Merchant

Registered
Messages
4
Thank you for your response. Here is my data:

Dreambox: DM500HD
Image: Gemini2 (gemini2-510-dm500hd-20100721132509.nfi)
VPN: Witopia

Witopia did not provide me any .conf files. There are many .ovpn files, one for each server. So I tested one to see if it connects (New York server) and renamed it to .conf. In addition to myVPN.crt I also have a file ca.crt which is referenced in the
.ovpn (.conf) file.

The contents of the .conf file.

client

dev tun
proto udp
remote vpn.ewr.witopia.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20
ca /etc/openvpn/ca.crt
mssfix 1450

key /etc/openvpn/myVPN.key
cert /etc/openvpn/myVPN.crt



show-net-up
#
# Uncomment only if instructed to do so by WiTopia Support Staff
# route-method exe
#route-delay 2


In the dreambox ftp I have at /etc/openvpn/ the following files:

myVPN.cert
myVPN.key
ta.key
ca.crt

I connect with telnet to the dreambox ip then I give the following command:

sh /etc/init.d/openvpn start

it does nothing.

When I go to the bluepanel services and start openvpn it goes to yellow and then when I try executing the command it says:
starting openvpn: FAILED-> myVPN done

btw I also have a different openvpn service from vpntunnel.se with a different certificate configuration and the last step it says starting and then started, but the IP of the dreambox doesnt change and the yellow never goes green either

still, since it worked with witopia with you.. it should work with me
 

bu3askoor

Registered
Messages
39
In the dreambox ftp I have at /etc/openvpn/ the following files:

myVPN.cert
myVPN.key
ta.key
ca.crt

You did the right thing in renaming the ovpn file to conf. You just did not mention if you have it also in /etc/openvpn/ you should have it with the files you mentioned above.


Backup your conf file and try to paste the following:


Code:
client

dev tun
proto udp
remote vpn.ewr.witopia.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20
#mssfix 1450

ca /etc/openvpn/ca.crt
key /etc/openvpn/myVPN.key
cert /etc/openvpn/myVPN.crt
log /etc/openvpn/openvpn.log

I basically commented out mssfix 1450. And requested for a log file to be created. This will assist us in debugging the issue.

1- Retry with the new conf file
2- Notice if the log file is created. If not create one and name it openvpn.log and rerun openvpn
3- ensure all files in /etc/openvpn/
4- if still did not work, please post the log file details and /etc/init.d/openvpn in order to review the script that came with your image.

best of luck.
 

Dream_Merchant

Registered
Messages
4
Sorry, forgot to include the .conf file in the list, but it was there.

So I followed your advice but also edited out the show-net-up (which you omitted)

so my conf file looks now as follows
Code:
client

dev tun
proto udp
remote vpn.ewr.witopia.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20
#mssfix 1450

ca /etc/openvpn/ca.crt
key /etc/openvpn/myVPN.key
cert /etc/openvpn/myVPN.crt
log /etc/openvpn/openvpn.log



#show-net-up
#
#Uncomment only if instructed to do so by WiTopia Support Staff
#route-method exe
#route-delay 2

The log file looks like this
Code:
Thu Mar 31 00:06:41 2011 OpenVPN 2.1_rc20 mipsel-oe-linux [SSL] [LZO1] [EPOLL] built on Jul 21 2010
Thu Mar 31 00:06:41 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 31 00:06:41 2011 LZO compression initialized
Thu Mar 31 00:06:41 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar 31 00:06:49 2011 RESOLVE: NOTE: vpn.ewr.witopia.net resolves to 10 addresses, choosing one by random
Thu Mar 31 00:06:49 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar 31 00:06:49 2011 Local Options hash (VER=V4): '41690919'
Thu Mar 31 00:06:49 2011 Expected Remote Options hash (VER=V4): '530fdded'
Thu Mar 31 00:06:49 2011 Socket Buffers: R=[103424->131072] S=[103424->131072]
Thu Mar 31 00:06:49 2011 UDPv4 link local: [undef]
Thu Mar 31 00:06:49 2011 UDPv4 link remote: 209.222.3.20:1194
Thu Mar 31 00:06:49 2011 TLS: Initial packet from 209.222.3.20:1194, sid=68378335 5864ffcd
Thu Mar 31 00:06:54 2011 VERIFY OK: depth=1, /C=US/ST=Virginia/L=Reston/O=Full_Mesh_Networks__Inc./OU=FMN_Engineering___Operations/CN=Full_Mesh_Networks_Certificate_Authority/[email protected]
Thu Mar 31 00:06:54 2011 VERIFY OK: nsCertType=SERVER
Thu Mar 31 00:06:54 2011 VERIFY OK: depth=0, /C=US/ST=Virginia/O=Full_Mesh_Networks__Inc./OU=WiTopia_Engineering___Operations/CN=vpn/[email protected]
Thu Mar 31 00:07:04 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar 31 00:07:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 31 00:07:04 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar 31 00:07:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 31 00:07:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Mar 31 00:07:04 2011 [vpn] Peer Connection Initiated with 209.222.3.20:1194
Thu Mar 31 00:07:06 2011 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Thu Mar 31 00:07:07 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.118.0.1,route 10.119.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.119.7.62 10.119.7.61'
Thu Mar 31 00:07:07 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 31 00:07:07 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 31 00:07:07 2011 OPTIONS IMPORT: route options modified
Thu Mar 31 00:07:07 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar 31 00:07:07 2011 ROUTE default_gateway=192.168.100.1
Thu Mar 31 00:07:07 2011 TUN/TAP device tun3 opened
Thu Mar 31 00:07:07 2011 TUN/TAP TX queue length set to 100
Thu Mar 31 00:07:07 2011 /sbin/ifconfig tun3 10.119.7.62 pointopoint 10.119.7.61 mtu 1500
Thu Mar 31 00:07:07 2011 /sbin/route add -net 209.222.3.20 netmask 255.255.255.255 gw 192.168.100.1
Thu Mar 31 00:07:07 2011 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.119.7.61
Thu Mar 31 00:07:07 2011 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.119.7.61
Thu Mar 31 00:07:07 2011 /sbin/route add -net 10.119.0.1 netmask 255.255.255.255 gw 10.119.7.61
Thu Mar 31 00:07:07 2011 Initialization Sequence Completed

Looks like I should be connected. The problem is that my dreambox is still not doing what its supposed to be doing.

When I try to telnet the following:
Code:
ping www.google.com > /etc/openvpn/ping.log

and ctrl-c after a while I get the following log file

Code:
PING www.google.com (209.85.146.147): 56 data bytes

--- www.google.com ping statistics ---
23 packets transmitted, 0 packets received, 100% packet loss

so it resolves the address.. but all the packets are lost. What does that mean?

Ahhh.. I think I found the problem, although I am not any closer to a solution. After a while this is the error that I get in the log file:

Code:
Thu Mar 31 00:08:07 2011 [vpn] Inactivity timeout (--ping-restart), restarting
Thu Mar 31 00:08:07 2011 TCP/UDP: Closing socket
Thu Mar 31 00:08:07 2011 SIGUSR1[soft,ping-restart] received, process restarting
Thu Mar 31 00:08:07 2011 Restart pause, 2 second(s)

Then the whole procedures restarts all over again and keeps repeating
 
Last edited:

bu3askoor

Registered
Messages
39
Good job in having it connect, that is a good progress. I think you have a routing issue due to 100% packet loss. I will look into this issue.

The line drops because of inactivity, so that is normal i think because there is isn't an active connection.

I would suggest using live chat with witopia or openvpn forums, i am sure they can assist you more.

by the way, what router do you have at home? can you temporarily disable its firewall and restart your vpn on the DM to test if it is going thru?
 
Last edited:

Dream_Merchant

Registered
Messages
4
Well, it worked. Connection established.

Actually I don't have a firewall. The problem was some settings on the dreambox itself. I had to start another daemons in addition to the openvpn daemon namely, the Avahi (Multicast DNS) daemon.

I will prepare a primer for installing openvpn on a dreambox with detailed steps, hints and whatnot. Once its ready I would like it if you took a look at it before I post it.

We managed to get it working, hopefully others wont have to go through the troubles we went through once we explain things.
 
Last edited:

ssilwadi

Registered
Messages
3
@Dream,
in my DM800 it stays yellow but the connection is made.

Can you connect thru telnet and execute:

/etc/init.d/openvpn restart

and paste the result.
==================================================

By the way make sure that you have the files have the same names .. such as

myvpn.crt
myvpn.key
myvpn.conf

keep the other crt the same (ca.crt)

Also, make sure you box is connected to the internet.

I have the same yellow. How do yo know that the box is connected to through the VPN?

Samir
 

ssilwadi

Registered
Messages
3
Connecting through VPN

I am using CCcam 2.1.3 and still can not connect to the sharing server.

Samir
 

jojban

Registered
Messages
1
I have Vu + DUO and Xtrend6500. Image OpenPli 6.2. Softcam Oscam. I have the VPN configuration. Please, where do I insert VPN config and how to activate it after installation?
 

biocacchio

Registered
Messages
15
riprendo questo vecchio post per farvi una domanda da vero neofita; sul mio decoder ho installato una vpn. Se volessi condividere la mia linea con mio padre che si trova in un'altra citta' deve avere anche lui la vpn installata sul suo decoder per poter configurargli il p2p client? grazie
 
Top