Author
Message
DarkSupremo DD-WRT Novice Joined: 19 Dec 2016 Posts: 1
Posted: Tue Jul 25, 2017 19:52 Post subject: Can't reach LAN machines over VPN
Hello, i'm few days already trying to make it work but without success, any help would be appreciated.
I can access internet just fine over VPN, and i can connect to router admin (10.0.0.1) just fine too, but can't access other machines over the lan (10.0.0.2 for example)
The computer that i'm trying to access (10.0.0.2) is an Windows, with firewall turned off
Router: Netgear R7000
Firmware: DD-WRT v3.0-r29875M kongac (06/11/16)
LAN subnet: 10.0.0.0/255.255.255.0
VPN subnet: 10.8.0.0/255.255.255.0
WAN_IF: ppp0
VPN_IF: tun2
(already tried upgrading firmware, but had connection problems, so i restored it to an older version)
iptable on dd-wrt:
# open the OpenVPN server port
iptables -I INPUT -i ppp0 -p udp --dport 5910 -j ACCEPT
# allow OpenVPN clients to access the OpenVPN server
iptables -I INPUT -i tun2 -m state --state NEW -j ACCEPT
# allow OpenVPN clients to access ALL other devices on the LAN
iptables -I FORWARD -i tun2 -o -m state --state NEW -j ACCEPT
# nat OpenVPN clients over the local internet gateway
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ppp0 -j MASQUERADE
OpenVPN Server settings:
Start Type: System
Config as: Server
Server Mode: Router (TUN)
Network: 10.8.0.0
Netmask: 255.255.255.0
Port: 5910
Tunnel Protocol: UDP
Encryption Cipher: AES-256 CBC
Hash Algorithm: SHA1
TLS Cipher: None
LZO Compression: Yes
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Enable
Tunnel MTU setting: 1500
Tunnel UDP Fragment: (empty)
Tunnel UDP MSS-Fix: Enable
Additional Config:
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0"
push "route 10.0.0.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
persist-key
persist-tun
Back to top
Sponsor
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Tue Jul 25, 2017 21:33 Post subject:
Just a thought, you did not specify the --out-interface -o in the forward chain, try deleting -o or specify the --out-interface, maybe leaving it empty does not work? _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top