Forum: Połaczenie VPN pomiędzy Asuswrt-merli a tomato jak skonfigurować ?

Cytat

# Config generated by Asuswrt-Merlin 388.1, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto udp
remote mojasiec.no-ip.com 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIDlDCCAv2gAwIBAgIUKSK3GQ78Jcn0LegedlQX8bMP1mwwDQYJKoZIhvcNAQEL
BQAwgYcxCzAJBgNVBAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVp
MQ0wCwYDVQQKEwRBU1VTMRQwEgYDVQQLEwtIb21lL09mZmljZTETMBEGA1UEAxMK
VFVGLUFYNTQwMDEgMB4GCSqGSIb3DQEJARYRbWVAYXN1c3JvdXRlci5sYW4wHhcN

-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID3TCCA0agAwIBAgIRAJN0CSTDbNQ0fk7sK70uDuQwDQYJKoZIhvcNAQELBQAw
gYcxCzAJBgNVBAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0w
CwYDVQQKEwRBU1VTMRQwEgYDVQQLEwtIb21lL09mZmljZTETMBEGA1UEAxMKVFVG
L
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANhJzscTtFHzDUUj
B1+PoTAVu6dd7jhsd4m2OWRRczW5rTneVnBpyjmQT5BF88fsr4ViLQHh8RpLZTKN
E2Q4yhDv/I35FU2ezwjvCreysAIW3+dC/F7qLgIYb8893S/gENvPakUSAmMuqOEN

-----END PRIVATE KEY-----

</key>

Cytat

Jan 1 01:00:21 unknown user.notice switch4g[485]: 4G MODEM - WAN IFACE configured (eth2)
Jan 1 01:00:22 unknown user.info init[1]: ntpd is started
Apr 7 11:23:40 unknown user.info ntpd_synced[870]: initial clock set
Apr 7 11:23:40 unknown user.info init[1]: httpd is stopped
Apr 7 11:23:41 unknown user.info init[1]: httpd is started
Apr 7 11:24:16 unknown cron.info crond[462]: time disparity of 28014324 minutes detected
Apr 7 11:26:05 unknown user.info kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 7 11:26:05 unknown user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 7 11:26:06 unknown daemon.warn openvpn-client1[2932]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2932]: OpenVPN 2.5.9 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2932]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Apr 7 11:26:06 unknown daemon.warn openvpn-client1[2934]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.148.xxx.xxx:1194
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: UDP link local: (not bound)
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: UDP link remote: [AF_INET]46.148.xxx.xxx:1194
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: TLS: Initial packet from [AF_INET]46.148.xxx.xxx:1194, sid=e7727082 935bc5ab
Apr 7 11:26:06 unknown daemon.warn openvpn-client1[2934]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=TUF-AX5400, emailAddress=me@asusrouter.lan
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: VERIFY KU OK
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Validating certificate extended key usage
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: VERIFY EKU OK
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=TUF-AX5400, emailAddress=me@asusrouter.lan
Apr 7 11:26:06 unknown daemon.warn openvpn-client1[2934]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1557'
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 1024 bit RSA, signature: RSA-SHA256
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: [TUF-AX5400] Peer Connection Initiated with [AF_INET]46.148.xxx.xxx:1194
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: route options modified
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: route-related options modified
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: peer-id set
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: adjusting link_mtu to 1624
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: OPTIONS IMPORT: data channel crypto options modified
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Data Channel: using negotiated cipher 'AES-256-GCM'
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: TUN/TAP device tun11 opened
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: TUN/TAP TX queue length set to 1000
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]

usr/sbin/ip link set dev tun11 up mtu 1500
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]

usr/sbin/ip link set dev tun11 up
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]

usr/sbin/ip addr add dev tun11 10.8.0.2/24
Apr 7 11:26:06 unknown daemon.notice openvpn-client1[2934]: updown-client.sh tun11 1500 1552 10.8.0.2 255.255.255.0 init
Apr 7 11:26:08 unknown daemon.notice openvpn-client1[2934]

usr/sbin/ip route add 192.168.1.0/24 metric 500 via 10.8.0.1
Apr 7 11:26:08 unknown user.notice openvpn-vpnrouting.sh[3104][tun11]: Skipping, client1 not in routing policy mode
Apr 7 11:26:09 unknown daemon.notice openvpn-client1[2934]: Initialization Sequence Completed

admin@TUF-AX5400:/tmp/home/root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 46.148.0.2 0.0.0.0 UG 0 0 0 eth4
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun21
46.148.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth4
46.148.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth4
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
185.170.225.225 46.148.0.2 255.255.255.255 UGH 1 0 0 eth4
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.198.250 46.148.0.2 255.255.255.255 UGH 0 0 0 eth4
192.168.200.250 46.148.0.2 255.255.255.255 UGH 0 0 0 eth4

admin@TUF-AX5400:/tmp/home/root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 46.148.0.2 0.0.0.0 UG 0 0 0 eth4
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun21
46.148.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth4
46.148.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth4
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
185.170.225.225 46.148.0.2 255.255.255.255 UGH 1 0 0 eth4
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.2.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
192.168.198.250 46.148.0.2 255.255.255.255 UGH 0 0 0 eth4
192.168.200.250 46.148.0.2 255.255.255.255 UGH 0 0 0 eth4