OpenVPN behind ISP - routing issue

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
polarslyfox
DD-WRT Novice


Joined: 06 Mar 2017
Posts: 8

PostPosted: Mon Mar 06, 2017 22:56    Post subject: OpenVPN behind ISP - routing issue Reply with quote
Hi Folks,

I've been reading a lot of different posts on OpenVPN and different configuration types but still cannot get my OpenVPN server working. I can connect to the server without issue but cannot connect/ping any LAN hosts and I cannot connect to the internet (I redirect the gateway).

Current configuration:
NET --> ISP --> DD-WRT --> LAN/WiFi

DD-WRT currently runs OpenVPN Client without issue with policy based routing for some of my LAN hosts.
I have attempted to use the firewall rules detailed by eibgrad in this post:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1003428&sid=a6c5618a391499dfeb76be7724431924

This didnt work so I tried disabling the SPI firewall completely to see if it was the cause but sadly no change. At this point I am thinking it must be a routing problem of some sort.
The DD-WRT router is currently in Gateway mode with a static IP from the ISP router.

I unfortunately need to keep my ISP router as they will not provide the username/password to use on the DDWRT router.

Any help would be much appreciated.

Polar
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Tue Mar 07, 2017 3:51    Post subject: Reply with quote
Ignore the instructions in that older thread. The OpenVPN server doesn’t require any additional firewall rules except one; a firewall rule to NAT the OpenVPN’s tunnel network over the remote WAN. That’s the one rule the GUI won’t create automatically.

Code:
WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE


Since you didn't' provide any details, I arbitrarily chose 10.8.0.0/24 as that network.

As far as not being able to reach LAN devices behind the OpenVPN server, you mentioned an OpenVPN client. Is this an OpenVPN client to *that* OpenVPN server, or an OpenVPN client running on the same routes as the OpenVPN server that’s connected to some other OpenVPN server, perhaps a commercial OpenVPN provider (PureVPN, IPVanish, etc.)?

P.S. And stop messing around w/ other settings like the SPI firewall, operating mode, etc. None of this is necessary and will only start making things worse.
polarslyfox
DD-WRT Novice


Joined: 06 Mar 2017
Posts: 8

PostPosted: Tue Mar 07, 2017 10:33    Post subject: details Reply with quote
Hi eibgrad

Thanks for the advice, my network is almost the default, I'm running 10.8.1.0 so I will sub that into your fw rule.
Can I ask what exactly this section is doing differently from the older rule:

WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"

In regards to the server/client setup:
My OpenVPN client connects to a commercial provider (PIA) for privacy more than anything.
I wanted the OpenVPN server in place as I travel quite a lot so access to my home network would be nice to have.

Thanks
polar
polarslyfox
DD-WRT Novice


Joined: 06 Mar 2017
Posts: 8

PostPosted: Tue Mar 07, 2017 18:58    Post subject: update Reply with quote
So I added the firewall rule specified but unfortunately it hasn't changed anything.
Is it possible that testing using my phone as a hotspot could cause issues?

I am connecting as expected and DD-WRT shows the client on the OpenVPN status page.

These are my current server settings:




Network details:
ISP router - 192.168.1.1
DDWRT - 192.168.1.250
DDWRT Network - 192.168.10.0
OpenVPN Network- 10.8.1.0

DD-WRT is acting as a client on the ISP router network and is not at present in a DMZ.

Thanks
polar
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Tue Mar 07, 2017 21:31    Post subject: Reply with quote
Using an OpenVPN client at the same time as your OpenVPN server can be problematic. So for the time being, disable the OpenVPN client and get the OpenVPN server working. And check the status page of the OpenVPN server to see what it's reporting. It may indicate errors.
polarslyfox
DD-WRT Novice


Joined: 06 Mar 2017
Posts: 8

PostPosted: Mon Jul 17, 2017 20:56    Post subject: now what Reply with quote
ok so very slow response here but turning off the OpenVPN client allowed me to access those hosts from a client on my OpenVPN Server:

External Client -> OepnVPN Server -> LAN Hosts (LAN Hosts no longer leave via VPN Client)

Nothing unusual in the OpenVPN Server log, is it even possible to get both an OpenPVN client and Server running together on the same router?

Thanks
Marty
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum