Posted: Fri May 10, 2019 16:55 Post subject: Accessing Clients Behind DD-WRT VPN Client
I'm trying to set up VPN access to a handful of computers at our lab. File management, checking tests, etc. The building we lease doesn't allow us to port forward anything, so we've setup an OpenVPN AS on digital ocean and have connected both the remote computers and the lab router to that VPN.
Connections seem to work, and we can see the router remotely. But we cannot figure out how to connect to the computers behind the router. How would we expose those computers to the VPN network for access?
I've tried port forwarding the four ports that Samba uses through the router, to no avail.
If you're referring to site-to-site capabilities, where either the OpenVPN server itself, or clients behind the OpenVPN server are able to initiate connections to the local network behind the OpenVPN client, then it's not enough to simply add a static route to the server's routing table that points to that local network (the first thing ppl usually do). OpenVPN also requires that you specify an iroute directive in a file, whose name is based on the OpenVPN client's common name on its cert, in the CCD directory.
However, I'm not sure how to configure the iroute in dd-wrt. I can add it to the client.conf file like a usual client, but where should I add it in the ddwrt GUI? Still not able to connect without this, so I'm assuming I need it somewhere.
Posted: Mon May 13, 2019 17:48 Post subject: [Solved]
First of all, thank you eibgrad and egc for the help.
I was able to find a solution this morning, and will outline it for posterity.
Configuring CCD is in fact what was necessary, but it's a little different through Access Server. All of the configuration I needed was in the user permissions tab, and was pretty straightforward.
Under the user used by the router, I enabled the VPN Gateway option and entered "10.0.0.0/24", the lab subnet into the box.
Under the users that needed access, I enabled access to the same subnet with NAT.
This technically allows access to the internal network over VPN, but the router will still block incoming connections unless they're port forwarded. Therefore, in DD-WRT I forwarded the ports that I needed for RDP, Samba, etc.
Hope this helps someone in the future, and again thank you for the help.