OpenVPN TUN no ping all devices

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
spyfly
DD-WRT User


Joined: 26 Jun 2010
Posts: 70

PostPosted: Thu May 23, 2019 1:19    Post subject: OpenVPN TUN no ping all devices Reply with quote
I have a main ADSL router with MOVISTAR in my local network in 172.16.0.1 and give dhcp to all devices and wifi, etc...

I have a dd-wrt router in 172.16.0.83 only for server OPENVPN, and i want configure a TUN type of vpn

I have this configuration, and client openvpn can conect ok
But if the client make ping to the main network:
ping 172.16.0.83 is ok
ping 172.16.0.1 is ko
ping 172.16.0.27 is ko

i need see all the equipements in my 172.16.0.x

can you help to me?

thanks

CONFIGURATION:



Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Thu May 23, 2019 3:10    Post subject: Reply with quote
Whenever the device hosting the OpenVPN server is NOT running on the primary router (aka, default gateway), then you need to add a static route to that primary router to tell it how to route packets from the tunnel's private IP network back to that router!

What's happening is that packets from the OpenVPN client are being dropped on the network behind the OpenVPN server, and when devices are reached on that network, they don't know how to route back the replies. They have no idea where packets from the tunnel's IP network are coming from. So they send the replies back to their default gateway, which doesn't know how to route back the replies either. And so the replies never make it back to the OpenVPN client.

That's why you need that static route on the primary router, so you can correct this routing problem.

I should add, sometimes ppl can't add static routes to the primary router because they have a modem+router from their ISP, which doesn't support modifications of this type. In that case, you can alternatively NAT the traffic from the tunnel over the private network.

Code:
iptables -t nat -I POSTROUTING -s 172.16.3.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)


The above goes in the firewall script of the OpenVPN server.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
spyfly
DD-WRT User


Joined: 26 Jun 2010
Posts: 70

PostPosted: Thu May 23, 2019 6:42    Post subject: Reply with quote
the router of my isp dont have for make it chamges.
i will tray changin the router with dd-wrt of openvpn server.

maybe are there other options??? i can use push option of the openvpn for give to the clients this information about the route ????

is the push option valid??? and not modify the firewall commands of my router???
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3680
Location: Netherlands

PostPosted: Thu May 23, 2019 7:37    Post subject: Reply with quote
You do not have to change the ISP router. Just follow the advice from @eibgrad

In my signature (bottom of this post) is an OVPN server setup guide.
There is a chapter about running an "OpenVPN server on a Wireless Access Point (WAP)"

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
spyfly
DD-WRT User


Joined: 26 Jun 2010
Posts: 70

PostPosted: Thu May 23, 2019 12:13    Post subject: Reply with quote
ok, i have seen the manual. Is only this method the unique possibility for resolve it??? isn't not possibly resolve this situation with push rules??
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3680
Location: Netherlands

PostPosted: Thu May 23, 2019 13:07    Post subject: Reply with quote
The other possibility is also outlined by @eibgrad, that is setting a static route on your ISP router (and maybe an extra NAT rule but most of the ISP routers I have worked with do not need that as they are NATting all traffic)

But as you already said that you can not change anything on your ISP router this is the only way to do it

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
spyfly
DD-WRT User


Joined: 26 Jun 2010
Posts: 70

PostPosted: Thu May 23, 2019 21:46    Post subject: Reply with quote
i add

iptables -t nat -I POSTROUTING -s 172.16.3.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)

and now work fine!!! thanks a lot!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum