Can connect to openvpn server but no internet or lan servers

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 11:24    Post subject: Can connect to openvpn server but no internet or lan servers Reply with quote
Hi, I can connect from my android phone using the OpenVPN client to the OpenVPN server running on my Linksys WRT3200ACM using DD-WRT but there is no internet or any of my LAN devices showing.

My main router/modem that connects to the internet has an IP of 192.168.1.254 I have forwarded port 1194 to my Linksys router that has the OpenVPN server on which is 192.168.1.1
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7747
Location: Netherlands

PostPosted: Wed May 05, 2021 11:31    Post subject: Reply with quote
It helps if you state your build number and what instruction you used to setup

To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

If you have not already read the forum guidelines, please do !!

For the proper setup see the links in my signature at the bottom.

Some pointers:
For internet access of your clients you need a firewall rule.
For reaching other clients on you home LAN you need to disable CVE mitigation and disable/tweak the firewall of the LAN clients to allow the subnet of OpenVPN

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 11:45    Post subject: Reply with quote
I'm using DD-WRT v3.0-r46446 std (04/24/21)

I followed

https://i12bretro.github.io/tutorials/0004.html
https://i12bretro.github.io/tutorials/0017.html

Thanks
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7747
Location: Netherlands

PostPosted: Wed May 05, 2021 12:01    Post subject: Reply with quote
Barcs2002 wrote:
I'm using DD-WRT v3.0-r46446 std (04/24/21)

I followed

https://i12bretro.github.io/tutorials/0004.html
https://i12bretro.github.io/tutorials/0017.html

Thanks


Unfortunately those are obsolete/wrong.

The links in my signature are much better and I am not saying that because I am the author Wink

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 12:49    Post subject: Reply with quote
I've been looking at the OpenVPN server setup guide on here which I would have done the otherday but couldn't as the site was offline sadly.

As I say I am connected so I can't be too far off getting it to work right?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7747
Location: Netherlands

PostPosted: Wed May 05, 2021 12:59    Post subject: Reply with quote
Maybe not but you should get rid of the firewall rules and probably of all the extra rules, you only need the rule to NAT OpenvPN traffic out if your OpenVPN clients want internet as described in paragraph 8a (and of course disable the "Inbound Firewall on TUN")

You should probably also get rid of the extra's in the Additional Config

For access to clients on the LAN disable "CVE-2019-14899 Mitigation" and if necessary allow VPN traffic in the LAN clients firewall

The picture on page 9 should give you a good overview.

Compression is/will be deprecated because it is a safety risk besides it does not help on these soho routers (it does not increase throughput)

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 18:20    Post subject: Reply with quote
Ok I'm making progress, thank you, I can access my NAS at 192.168.1.50 on my LAN but my Nvidia shield at 192.168.1.81 I cannot. Also still can't access the internet.

Can access the web interface of my linksys router with DD-WRT on at 192.168.1.1 but I can't access my isps router web interface at 192.168.1.254

got rid of firewall rules, and replaced with

Quote:
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $(get_wanface) -j MASQUERADE
and changed the network to 10.8.0.0

"Inbound Firewall on TUN" was disabled
Got rid of the extras in additional config

Disabled "CVE-2019-14899 Mitigation"
Disabled compression
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5431
Location: Texas

PostPosted: Wed May 05, 2021 22:44    Post subject: Reply with quote
Do you have in 'Additional Dnsmasq Options'
interface=tun2
assuming your OVPN server is tun2.. you can check that on page ../Routing.asp
show routing table should look so as mine is:
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 23:17    Post subject: Reply with quote
Added that

and this is what I got

mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5431
Location: Texas

PostPosted: Wed May 05, 2021 23:26    Post subject: Re: Can connect to openvpn server but no internet or lan ser Reply with quote
Barcs2002 wrote:
My main router/modem that connects to the internet has an IP of 192.168.1.254


and your pic shows WAN & LAN in same subnet.....
... that aint no goody Rolling Eyes
prolly need to change its LAN net
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Wed May 05, 2021 23:37    Post subject: Reply with quote
I'm fairly inexperienced regarding this, what should I do here...



Thanks
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5431
Location: Texas

PostPosted: Wed May 05, 2021 23:56    Post subject: Reply with quote
Make its Local IP address 192.168.2.1 or some such that is not same as your main.
EDIT: leave its gateway and DNS all blank (zeros) ....end EDIT
you will need to reboot it so all is good and whatever is connected to it will be good.

You can of course set this unit up as a WAP with WAN assigned to switch and still run an OVPN server on it iffin you want.
I have a couple set that way so all my main stuff is on same subnet. You have to do a bit of research Wink
egc likely has a guide about that also....I ain't looked at his stuff...since I've had all mine running long before he got so active Laughing

It's my dinner time so gotta run Cool

good luck


Last edited by mrjcd on Thu May 06, 2021 0:09; edited 1 time in total
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Thu May 06, 2021 0:08    Post subject: Reply with quote
I changed it to 192.168.2.1 now can't access the web interface
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5431
Location: Texas

PostPosted: Thu May 06, 2021 0:11    Post subject: Reply with quote
Barcs2002 wrote:
I changed it to 192.168.2.1 now can't access the web interface

see edit I done
AND you may have to disable network wireless/wired wait minute and enable on whatever you are connecting to it with before all is good Razz

good luck
Barcs2002
DD-WRT Novice


Joined: 05 May 2021
Posts: 9

PostPosted: Thu May 06, 2021 0:23    Post subject: Reply with quote
Ok thanks, its simply not playing ball i can't get back into it to change anything
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum