[x53sv]

DD-WRT v3.0-r47206 std (08/19/21)
ASUS R7000

Ok. OpenVPN Clint or Server setup.

I have an OpenVPN server in the cloud. I can configure DD-WRT to connect to this server. After much trial and error. I had to remove the TA.KEY section.

But once connected, I cannot ping my own IP address while I am logged into the router via SSH to the router.

So I figured I would try server mode instead.

I setup my DD-WRT as an OpenVPN Server on the router. When done and the OpenVPN server is running on the router, I cannot ping the IP of the OpenVPN server while I am logged into the router via SSH.

So let's only look at the simplest option first. The OpenVPN server is running on the router but the router cannot ping the OpenVPN IP address. It can ping it's primary address. It can ping its alternate addresses from the guest network. But not the OpenVPN gateway address. No other routers are involved.

I *would* like point out that while the router is restarting the tunnel, the ping succeeds once or twice. But then as it finishes, the pings stop working. I had the same results in client mode as well.

Any assistance in solving this would be great. I used to be able to use OpenVPN readily on routers before, a few years ago. Not sure what has changed.

Config

[egc]

I am not entirely sure what you want to do but a lot of information can be found at:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

It is a sticky in this forum

[x53sv]

I have followed the tutorial on how to set up OpenVPN.

I am not lost on OpenVPN but I am lost on why the networking is not working via the GUI. Been working with OpenVPN since v1. But this is unprecedented. I have the same OpenVPN configuration working on a digital ocean server.

I've been working with DD-WRT since WRT54g but this behavior is new. In the past, setting up the OpenVPN server via GUI worked easily.

Steps to repeat what I'm trying to do. (I've included my config from /tmp/openvpn/openvpn.conf)
Router IP address: 192.168.1.1
OpenVPN subnet: 10.60.60.0/255.255.255.0
OpenVPN gateway address on Router: 10.60.60.1

Configure and run OpenVPN server.
SSH to router (192.168.1.1)
Ping 10.60.60.1
Failure. (no packets except 1 or 2 when openvpn restarts)

This is where I am.

Thank you for the link. Could you point me to the most helpful section? There's a lot there and I feel like my problem almost very basic. Even though I followed the tutorial.

[egc]

Ok it is very early but I think the problem you are describing is that you can connect to your server but cannot reach anything on your network (the same holds true for a client in site-to-site setup although that will work if you disable NAT)

Read the paragraph about CVE mitigation and as a test disable CVE mitigation.

[x53sv]

Ok. Turning off CVE worked for the r47206. (where is that setting in the config anyway - or is it on the command line?).

When I turned this off on the openvpn client on the r47206, everything works again to connect to the cloud OpenVPN 2.5.3.

Figured out my other problem. I had an unnecessary forward for openvpn.

Still wondering where the CVE setting is used.

Fixed.

[egc]

CVE patch is actually a firewall rule if you enable it see:
iptables -vnL -t raw

More information on page 10 of the DDWRT OpenVPN server setup guide

[x53sv]

I posted something. It might be useful to some. Didn't know where to put it.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330097