Posted: Mon Jun 29, 2020 22:39 Post subject: dd-wrt as openvpn-client is NATìng = problem [SOLVED]
i´m new here.
i did do my best to find a solution within this vast amount of articles, also on the web and now i´m back need to ask for assistance after i have no hair left because i scratched them all off ...
- 1x Openvpn server (Ubuntu 18.04) 192.168.242.10/24 (ovpn net 10.8.0.0/24 on tun0)
- all iptables chains on openvpn-server are flushed and set to ACCEPT by default.
- 1x DD-WRT v3.0-r40189 std (07/04/19) acting as openvpn-client01 and local network 192.168.190.0/23
- dd-wrt is openvpn-client01 sending 0.0.0.0/0 to the local DSL line, and just 192.168.242.0/24 to the opvpn-server via tun1
- on serverside openvpn-route and openvpn-iroute settings are set.
- openvpn tunnel is created sucessfully
- LAN behind openvpn-client01 can reach (ping) the internet 0.0.0.0
- LAN behind openvpn-client01 can reach (ping) the internet 192.168.242.0/24
- openvpn-server LAN cannot ping the LAN behind the openvpn-client01
- i can see that traffic is traveling from openvpn-server to openvpn-client but return path is NATed on the dd-wrt.
"iptables -L -v -t nat" shows:
Chain POSTROUTING (policy ACCEPT 602 packets, 40441 bytes)
pkts bytes target prot opt in out source destination
1313 308K SNAT 0 -- any vlan2 192.168.190.0/23 anywhere to:192.168.2.143
0 0 MASQUERADE 0 -- any any anywhere anywhere mark match 0x80000000/0x80000000
if i send a logger message from openvpn-client01 to the openvpn-server:
Bauernhof-Router01:~# logger hallo
i receive on server side:
Jun 29 22:31:09 10.8.0.2 root: hallo
- i need to reach the LAN behind the openvpn-client01 and have no clue where to switch off NAT towards the openvpn-server LAN.
- the DD-WRT is 750km far away and i cannot afford an "big mistake" as you could imagine.
- is the problem known?
- can this be sorted by iptables command/rule?
- any specific hind where i should change something to solve my challenge?