Posted: Mon Apr 05, 2021 3:56 Post subject: ddwrt won't route between server LAN and openvpn client
Hi, I have an openvpn ddwrt client connected to a ddwrt openvpn server. I can ping and access the client from the server, but not from the server's LAN nodes. Below is the server's routing table. It's a typical vanilla setup. How do I make the server route between the vpn client and its LAN nodes? I tried disabling firewall and adding all pass FORWARD rules to iptables to no avail. Also tried masquerading all outgoing traffic to tun2, also no go. I also added push "route 192.168.1.0 255.255.255.0" to openvpn server config, didn't matter either. I suspect it's something else I am missing... Can anyone provide any pointers? I tested the same setup on two different router brands/models both using latest ddwrt fw, same behavior. Also, vpn clients can talk to each other fine.
I want 192.168.1.0/24 nodes to be able to access 10.1.1.0/24 client(s). According to the routing table, the server should be able to forward? but it doesn't want to.
thanks
Code:
Destination LAN NET Gateway Table Scope Metric Interface Source
default x.x.x.1 default 0 WAN
10.1.1.0/24 default link 0 tun2 10.1.1.1
127.0.0.0/8 default link 0 lo
192.168.1.0/24 default link 0 LAN & WLAN 192.168.1.1
x.x.x.0/24 default link 0 WAN x.x.x.x
Inbound Firewall on TUN is disabled, I can access it from the openvpn server itself and from other vpn clients. I can't access it from the server's LAN.
CVE-2019-14899 Mitigation is enabled, could this be the problem?
I am using build DD-WRT v3.0-r46177 std (03/26/21) on a netgear router.
Also, I cannot ping 10.1.1.1 (server's vpn tunnel IP) from the server's 192.168.1.0/24 subnet.
Same behavior with r46177 on an older linksys k26 router as vpn server.
I tend to think it's a server problem, because I cannot ping my android phone client when it's connected to the same vpn server (from server LAN), either. I can ping the android phone when it's not connected to the vpn server, even when I put it on a different VLAN subnet. So the server routes between VLAN subnets ok, but it won't route to/from the openvpn tun2.