RV50 OpenVPN routing problem

AirLink Routers AirLink routers
7

hello!

i had a hard time getting it work (RV50 with OpenVPN) but once it is working it is pretty stable. Thanks to Others i gathered this information:

to get the certs work with the RV50 you need NS support when generating new certs/keys, so i had to set
#Sierra RV50 compaibility add
export EASYRSA_NS_SUPPORT=“yes”
in /usr/share/easy-rsa/vars and start with key/cert building.

once done with this i had to convert the key for FirmWare version 4.9.13 (maybe for prior versions also):
openssl rsa -in rv50.key -out rv50.pem
so it can be used on the RV50 with the newer FW (the older FW i had 4.9.3 used to accept the key that was generated by easy-rsa as it was made, i did not need to convert the format)

then i set up the OpenVPN server like this:
port 9300
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh dh1024.pem
server 192.168.15.0 255.255.255.0
route-gateway 192.168.15.1
ifconfig-pool-persist ipp.txt
client-config-dir ccd
push “route 192.168.13.0 255.255.255.0”
push “route 192.168.12.0 255.255.255.0”
route 192.168.13.0 255.255.255.0
route 192.168.12.0 255.255.255.0
client-to-client
keepalive 10 120
tls-server #Sierra RV50
tls-version-min 1.0 #Sierra RV50
auth sha256 #Sierra RV50
tun-mtu 1500 #Sierra RV50
mssfix 1400 #Sierra RV50
fragment 1300 #Sierra RV50
cipher AES-256-CBC #Sierra RV50
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
topology subnet

(i have 2 RV50 devices with subnets 192.168.12.0 and 192.168.13.0 behind them) the VPN tunnel uses subnet 192.168.15.0

after that i uploaded ca.crt, rv50.crt and rv50.key/rv50.pem (depending on the key format that is requiered by different FWs on the RV50) and set the config like this:

rv50_vpn
rv50_vpn686×730 87.3 KB

i had to create client configs on the server (/etc/openvpn/ccd/rv50):
iroute 192.168.13.0 255.255.255.0

finally it did not connect :smiley: because the time/date was way too off on the RV50, so i had to set a time server too. after that (and since then; it was months ago) it finally connected and i was able to reach devices on the subnets behind the RV50s

hope that helps, aaand good luck!

1 Like