OpenVPN - connected fine but no routes anywhere?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
mcfuzz89
DD-WRT Novice


Joined: 06 Apr 2017
Posts: 2

PostPosted: Thu Apr 06, 2017 8:20    Post subject: OpenVPN - connected fine but no routes anywhere? Reply with quote
Hi all,

I've setup my OpenVPN server using the guide found here:

https://www.sparklabs.com/support/kb/article/setting-up-an-openvpn-server-with-dd-wrt-and-viscosity/

I can connect without any issues - logs are perfect; I get an IP address, etc.

However, I am unable to ping anything from the "client" nor can I ping the "client" (note - everything is on two separate unrelated networks so this is a true test).

My firewall config looks like this:

Code:

iptables -t nat -A POSTROUTING -s remote.network/24 -j MASQUERADE
iptables -I FORWARD -p udp -s remote.network/24 -j ACCEPT
iptables -I INPUT -p udp --dport=1194 -j ACCEPT
iptables -I OUTPUT -p udp --sport=1194 -j ACCEPT

iptables -I INPUT -p udp -i eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT

iptables -I INPUT -p udp -i br0 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT




Any ideas on what I'm doing wrong here? By the way - all the routes appear to be correctly setup... so this has got to be something on the firewall end.


Thanks!
Sponsor
mcfuzz89
DD-WRT Novice


Joined: 06 Apr 2017
Posts: 2

PostPosted: Tue Apr 11, 2017 21:54    Post subject: Reply with quote
Hello!

Sorry for the late reply but you're absolutely correct! Removing the firewall rules actually got everything to work flawlessly... except DNS within the "LAN" meaning I can't resolve DNS names of resources within VPN network despite configuring the router as the DNS server. Probably fat-fingered something so I'll review my settings.

Thanks!
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5316
Location: Texas

PostPosted: Wed Apr 12, 2017 21:32    Post subject: Reply with quote
mcfuzz89 wrote:
Hello!

Sorry for the late reply but you're absolutely correct! Removing the firewall rules actually got everything to work flawlessly... except DNS within the "LAN" meaning I can't resolve DNS names of resources within VPN network despite configuring the router as the DNS server. Probably fat-fingered something so I'll review my settings.

Thanks!

Including using eibgrad firewall rule
Try -
Input what is in bold --- see if that gets you going.
Assuming you are already using local DNS & name resoloution is ok within your LAN.

example: your WAN connected (OpenVPN server) router LAN IP is 192.168.1.1 /24

Services page / Additional DNSMasq Options:
interface=tun2
You can check:
Setup / Advanced Routing / show routing table -- will tell you if OpenVPN is using tun2 interface.
most likely is but I'm not sure about all routers.


OpenVPN page / Additional Config:
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"


That should work --- BUT If you are using Recursive DNS Resolving it will NOT work to
resovle local names over OpenVPN tun. In this senerio everything is routed thru unbound which he
creates its own conf loaded with local data ..but he still don't know squat about tun2 --- well I haven't sorted it yet anyways Smile
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5316
Location: Texas

PostPosted: Wed Apr 12, 2017 23:09    Post subject: Reply with quote
Just some extra info you might be interested in --

If you want to connect to a windows share (or shared drives attached to a WIN10 computer) by routed
'name/IP resolution' from your openVPN server tun you will have to allow your openVPN subnet in the winders
firewall rules.... it aint too hard.
This does it for me:
Go to windows firewall inbound rules (show all) and locate
'File and Printer (SMB-In) Properties'
Only need to add openVPN server subnet in 'Scope' / Remote IP adress.


--------------
You can avoid all this if you setup the openVPN server on another router conf as a WAP or a WAN enabled router behind your main Smile
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5316
Location: Texas

PostPosted: Tue May 16, 2017 15:35    Post subject: Reply with quote
mrjcd wrote:
That should work --- BUT If you are using Recursive DNS Resolving it will NOT work to
resovle local names over OpenVPN tun. In this senerio everything is routed thru unbound which he
creates its own conf loaded with local data ..but he still don't know squat about tun2 --- well I haven't sorted it yet anyways Smile

Well you goofus, it is really quite simple.
Everything stays the same as mentioned above but you simply only push LAN DHCP & DNS of server IP
Unbound will take over from there resolving local names as well as public.

e.g.
Router Lan is 192.168.1.0 /24
openVPN server is 10.8.0.0 /24
In openVPN server 'Additional Config' you would use
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"

another example:
Router Lan is 10.53.98.0 /23
openVPN server subnet is 10.183.237.240 /28
push "route 10.53.98.0 255.255.254.0"
push "dhcp-option DNS 10.183.237.241"

This works great on the EA8500 using Kong's r31980M kongat (05/11/17)
I understand Kong has taken the webif 'Recursive DNS Resolving' out of his broadcom builds ... too bad Confused
---
EDIT:
I also setup openVPN server tun on a main gateway router WNDR3700v4 / r31924 std (05/02/17) that
also runs 'Recursive DNS Resolving' and this works like a charm.
NOTE: You do not need to include interface=tun2 in Additional DNSMasq Options when you are running unbound.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum