Openvpn server on second router

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Fri Mar 15, 2019 17:13    Post subject: Openvpn server on second router Reply with quote
Hello together,

I have two router with dd-wrt.
First router runs openvpn in tap mode. Now I like to have on my second router openvpn in tun mode.
I can connect to both openvpn server
but I can not surf in tun mode.
Can someone tell which config I need
In firewall that I can surf?
Port forward I have on router two.
Thanks...
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Sat Mar 16, 2019 12:21    Post subject: Reply with quote
It depends on your network setup, if you simply daisy chain the routers (LAN<>WAN) you only need a port forward to the second router.

For settings see my signature

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Sat Mar 16, 2019 18:15    Post subject: Reply with quote
My second router works as a repeater.
The normal port forward don't run. I can connect from outside but I can not surf from outside. I will see what happened...
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Sat Mar 16, 2019 18:38    Post subject: Reply with quote
Hmm a repeater setup is a kind of hack, not sure if that can work.

In the guide is a chapter about setting up on a Wireless Acces Point have a look there.
You need an other firewall rule, if it can work at all

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Sun Mar 17, 2019 15:34    Post subject: Reply with quote
Thank you for your help.
I can not find you guide. Can you tell me where it is?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Sun Mar 17, 2019 16:00    Post subject: Reply with quote
See my signature at the bottom of this post
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon Mar 18, 2019 2:34    Post subject: Reply with quote
Bit of a guess here, but one problem I've seen with OpenVPN in TUN (bridged) mode is if you rely on DHCP-Proxy mode for configuring your clients, they won't be assigned a gateway IP! And with no gateway IP, those clients can't be routed to the internet. OpenVPN strips the gateway IP for some inexplicable reason. So instead, you should disable DHCP-Proxy mode and explicitly configure a range of IPs for the OpenVPN clients, including a gateway IP.
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Mon Mar 18, 2019 12:39    Post subject: Reply with quote
hello @eibgrad,

I installed on my first router (r7000 with kong build 37900) a dhcp server.

My second router (tp-link 1043 with 33555) is nothing installed.
My second router wan is disabled.
Static IP, gateway and dns IP from first router.
And DHCP as DHCP Forwarder. And IP from first router.

OpenVPN second router:
network: 10.1.1.0
netmask: 255.255.255.0
port: 991
protocol: tcp

Additional config:
push "route 10.1.1.0 255.255.255.0"
keepalive 10 120
max-clients 6

In firewall:
iptables -I INPUT 1 -p tcp --dport 991 -j ACCEPT
iptables -I INPUT 3 -i tun2 -j ACCEPT
iptables -I FORWARD 3 -i tun2 -o tun2 -j ACCEPT
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT

And I find a other problem. When I enable openvpn server
ssh don't go. Some idea ?

thanks.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Mon Mar 18, 2019 13:04    Post subject: Reply with quote
So it looks like you are setting up an OVPN server on a Wirelss Acces Point.
Unfortunately almost everything you are doing is redundant, because DDWRT is doing that for you, but the one and only firewall rule you really need is missing Sad

In the guide (see my signature, at the bottom or look at: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795 ), head over to the Advanced section and look at the section titled: OpenVPN server on a WAP (WAN disabled). Maybe it can help you.

Oh and just disable DHCP do not use forwarder this is the same subnet

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Tue Mar 19, 2019 14:20    Post subject: Reply with quote
Hi..

I changed my whole configuration in second router now.

Basic Setup:
WAN Connection Type disabled
Router Name repeater
DHCP-Server disabled
Local IP Adresse 192.168.6.40
Subnet Mask 255.255.255.0
Gateway and Local DNS from first router 192.168.6.1

Advanced Routing: Operation mode Router

Firewall: Disabled

VPN:
push "route 192.168.6.0 255.255.255.0 vpn_gateway"
push "dhcp-option DNS 192.168.6.1"
max-clients 6

Firewall: Commands
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

I can connect..
In my mobil shows me tun address 10.1.1.2/24
tun routes: 0.0.0.0/1 via 10.1.1.1
128.0.0.0/1 vis 10.1.1.1

In status / openvpn in router 2 it shows.
local address 10.1.1.1
remote address 10.1.1.1

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.6.1 0.0.0.0 UG 0 0 0 br0
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

ssh runs now.
But I can not surf.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Tue Mar 19, 2019 15:36    Post subject: Reply with quote
At first glance it looks alright.

First start with a reboot Smile

Can you ping 8.8.8.8 from your connected phone (I use Fing for troubleshooting on my phone)

If you can ping it can be a DNS problem

Can you ping clients on your network?
If you can ping clients on your network but have no internet access show the following output of your WAP (telnet to your WAP):
iptables -vnL -t nat

If you connect but can not ping anything (i.e, there is no traffic) it could be comp-lzo settings not matching.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
drnorton
DD-WRT User


Joined: 08 Dec 2009
Posts: 106

PostPosted: Wed Mar 20, 2019 9:09    Post subject: Reply with quote
So... Now my result. It runs.
Now I have two openvpn server running.
First router with TAP and second router in TUN mode.

It was a DNS Problem. But now... Perfect.

Thanks for your help..
abcmem
DD-WRT Novice


Joined: 16 May 2019
Posts: 10

PostPosted: Fri May 17, 2019 4:29    Post subject: openvpn no internet Reply with quote
I followed your guide and was able to get connected to my openvpn server.But couldn't surf the internet. The browser's message is "server not found".

LZO Compression is disabled and I'm sure that's not the problem.

I'm completely new to vpn. I'm confused as to what the firewall code should be after reading your guide. Maybe you can post it here.

Router Model Netgear WNDR4300
Firmware Version DD-WRT v3.0-r39715 std
This is a second router behind another router which I use to connect to the broadband. I port forwarded 1194 udp from the main router to the dd-wrt router (secondary router), I wonder if that's enough.

Anyway, thank you very much. I think the guide is the best thing on the internet concerning setting up openvpn on dd-wrt routers. I was excited to get connected. Now I want the internet to work. Can you help please?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3640
Location: Netherlands

PostPosted: Fri May 17, 2019 8:05    Post subject: Reply with quote
As this is another problem would you be so kind to start a new thread?

Describe your problem, show pictures of log file (Status/OVPN page) picture of your OVPN settings page and describe your network setup especially how the second router is configured.

A secondary router can be configured in many ways, but a simple port forward should suffice

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
thomasashwin
DD-WRT Novice


Joined: 14 Aug 2017
Posts: 18

PostPosted: Sun May 19, 2019 10:24    Post subject: Advanced Networking Reply with quote
In the market you can find different type of router with different bandwidth. You can choose your requirement. Wanos Networks Pty (Ltd) is the best network provider. They also provide the best WAN optimization
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum