[gil_happy]

Hello,

I am trying to configure OpenVPN server on my DDWRT router for my specific goal. If you look at the diagrams below, you can see I have installed DDWRT (Buffalo) with OpenVPN Server running a separate router connected to my 'regular' home router. On the other diagram, you can see my OpenVPN server settings (however, it is probably not configured properly).

Per the network diagram, I am trying to allow a certain number of devices (maximum of 5) to remotely connect to the OpenVPN server. I believe I have created the keys correctly using other sites I have found online, but I have a feeling something is not configured correctly on the OpenVPN Server since I am unable to connect to the server and there is nothing in the server logs that shows any kind of attempt, etc. At the end of the day, I want each of the devices to appear to be coming from inside my home (when surfing the internet, they should have the same public facing IP as the TP-Link and the same DNS as the TP-Link).

Can anyone guide me on the right track and see if I have anything configured incorrectly?

Thanks in advance!

Simple Network Diagram



OpenVPN Server Settings



Network Setup

[egc]

Attached my notes, however they deal with setting up a TUN server.
There is a section dealing with setting up on a Wireless Access Point (WAP) (LAN<>LAN connected), like the one you have.

If the OpenVPN status is empty this usually means you have misconfigured, certificate errors are the most likely culprit. if the configuration is done right the status page should show: "Server: CONNECTED SUCCES" (even if there are no connections).

You should enable Advanced Options and enable Redirect default Gateway.

You should also port forward from your main router

As I said, no experience with TAP but maybe my notes can be helpful in checking your certificates

[gil_happy]

[gil_happy]

I just wanted to update everyone and let them know that I have this solution working! Thank you to 'egc' for his guide and assistance getting this working. My VPN is configured using Router (TUN) per his guide.

After testing, there is one final housekeeping item that I'm wondering if someone can help me with? When I connect to the VPN, and go to ipchicken.com, my public IP address on my local PC that I'm using to test is from the remote location (this is perfect and is expected), however, when I run a dns leak test (www.dnsleaktest.com), it says I am using my DNS servers from local ISP (Comcast). When I connect to the VPN, what do I need to change in my config (either on the DDWRT VPN server or my config.opvn file) so that I am using the remote location's DNS servers when connected?

According to dnsleaktest.com, if I add 'block-outside-dns' to my config.ovpn file this should fix my issue. Unfortunately when I add this to my config.ovpn file, I can connect to the VPN with no issues, but I can't surf the internet.

Any suggestions??

[egc]

You can push your DNS server to the clients:

If you want to resolve DNS names over the VPN you will need to add the below lines to “Additional Config.”
If you want to use a public DNS server (e.g. Google's ) :

[egc]

Erratum: you use 192.168.0.1 as main router on your network, so you should use 192.168.0.1 instead of 192.168.1.1

[gil_happy]

[egc]

And in addition in DNS masq options, you have to tell DNS masq to listen on the interface of the VPN e.g. interface=tun2

[gil_happy]

Quick update on this..... in order to get local DNS working, I did the following 3 steps. Once I did step 2, I'm unable to connect to the VPN with a client. I'm not sure if the problem is related to the case (upper in one section vs lower in another)?


1. Go into 'Services', 'Services', then under 'DHCP Server' set the following:
Used Domain = LAN & WLAN
LAN Domain = test

2. Then under 'Services', 'VPN', 'OpenVPN Server / Daemon' under 'Additional Config' add the following:
push “dhcp-option DNS 192.168.0.1”
push “dhcp-option DOMAIN TEST”

3. Under 'Services', 'Services', scroll down to 'Additional DNSMasq Options (I'm using tun2 as well from the routing table):
interface=tun2

It did not matter if I tried, in order (step 1, 2, and 3), or if I tried step 1, 3, then 2. There is something about the 'push' commands that stopped the VPN client from connecting.

[gil_happy]

[gil_happy]

Hello all, I would like to revisit the pushing of the DNS server to the clients for my network.

First of all, from looking at the network diagram, I assume the config is 'all' done on the OpenVPN server (Primary Home router2) and not on the Primary Home (router1)?

Assuming the OpenVPN server (PH router2) is the correct device, I am confused by what needs to be done when comparing the update on this thread from Nov 22, 2018 and onwards vs the DDWRT OpenVPN Server Setup Public v1.98.pdf guide on page 19.

At the end of the day, I want any device (whether a Windows 10 PC that directly connects to my OpenVPN server from a coffee shop, or any client connected to the Vacation Home router2) to not only pull an IP from PH router2 (which works great), but to also use the DNS from inside the Primary Home. I think it is easiest I just focus on a Windows 10 PC (with OpenVPN GUI) pulling the DNS from the Primary Home.

Thanks in advance!

Diagram for multiple lakehouse connections