openvpn connect perfectly but unable access router

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Sun Sep 20, 2009 18:45    Post subject: openvpn connect perfectly but unable access router Reply with quote
Hi,

I followed the guide VPN (the easy way) 24+, which was excellent by the way.

I am able to connect with openvpn to my lan (192.168.0.0) remotely, Everything work fine except a detail that I don't understand.

I can't access the router address 192.168.0.1

I try to ping it, reach the web server, there is nothing I can do, it is impossible to reach it. The weirdest thing is that when I had setup the openvpn at first I am sure I was able.

Which configuration I should check that can solve this issue.

Thanks

Christian
Sponsor
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Mon Sep 21, 2009 12:35    Post subject: Reply with quote
Are you using routed or bridged connection? It would help to post your server and client config files.
_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 14:03    Post subject: Reply with quote
Hi,

Routed

Christian
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 14:05    Post subject: Reply with quote
Server :

push "route 192.168.0.0 255.255.255.0"
server 192.168.66.0 255.255.255.0

dev tun0
proto udp
port 1194

keepalive 15 60
daemon
verb 3
comp-lzo

client-to-client
duplicate-cn

tls-server
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem


and client:



client
dev tun0
proto udp
remote mydyndns 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
float

ca ca.crt
cert client1.crt
key client1.key
dellsweig
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1476
Location: New York, USA

PostPosted: Mon Sep 21, 2009 14:06    Post subject: Reply with quote
phantom4ever wrote:
Hi,

Routed

Christian


Is your remote subnet different than your local subnet??

IE: are both networks 192.168.0 ?
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 14:07    Post subject: Reply with quote
Yes, the remote subnet is 192.168.66.0/24 and my local is 192.168.0.0/24
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Mon Sep 21, 2009 18:34    Post subject: Reply with quote
Just to make sure I understand, you're connecting from a client PC to your LAN? You're not doing LAN to LAN between routers?
_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 18:42    Post subject: Reply with quote
Exactly

I got a laptop, and I only want to reach my lan when I'm on the road.

When I connect I'm able to reach my lan except the wrt54gl ip.
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Mon Sep 21, 2009 19:30    Post subject: Reply with quote
I have a similar setup with my laptop, but I use a bridged configuration. I haven't tried to use a routed config, but I'd bet that it has something to do with the IPtables rules. You'd probably need to allow the relevant ports from the remote subnet.

For a small number of clients (ie 1), I'm not sure what the advantage is for Routed over Bridged. I've been using this config for some time now with no issues on the LAN or remote side.

My server config:
Code:
mode server
client-to-client
tls-server
192.168.1.180 192.168.1.190
cipher AES-256-CBC
dev tap0
proto udp
port 1193
keepalive 10 120
comp-lzo
duplicate-cn
management localhost 5001
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem


Client config:
Code:
remote my.dyndns.entry 1193
persist-key
tls-client
proto udp
ca ca.crt
nobind
persist-tun
cert cert.crt
comp-lzo
dev tap
key key.key
ns-cert-type server
verb 3
resolv-retry infinite
keepalive 10 120
float
cipher AES-256-CBC

_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 21:07    Post subject: Reply with quote
still no luck
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Mon Sep 21, 2009 21:15    Post subject: Reply with quote
Is there something else that could be using the 192.168.0.0 subnet on your laptop. For example, VMWare workstation? Is it possible something in your laptop's LAN network is using 192.168.0.1?

You might try a Tracert to it. If it's going across the VPN, your laptop should be the only hop before it dies. If it goes anywhere else, you have a routing problem on your laptop.

_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Mon Sep 21, 2009 22:14    Post subject: Reply with quote
Hi,

You make me realise something.

When i did the tracert check in the screenshot what it give.

My openvpn subnet 192.168.66.0 will have to reach the gateway that is map to 192.168.66.1 (this address don't exist it's the openvpn adress that is create for the tap adapter) and a route will map my internal network to this.

How i can reach 192.168.0.1 with my route... You know like :

192.168.66.6
192.168.66.1
192.168.0.1
192.168.0.103

thanks

Christian



tracert.jpg
 Description:
 Filesize:  38.24 KB
 Viewed:  8755 Time(s)

tracert.jpg


crashfly
DD-WRT Guru


Joined: 24 Feb 2009
Posts: 2026
Location: Sol System > Earth > USA > Arkansas

PostPosted: Tue Sep 22, 2009 3:58    Post subject: Reply with quote
The problem *could* be with the network you are connecting from. Imagine connecting to a network where your IP range is already 182.168.0.x. That tends to be one of the more commonly used "private" networks today. It could be that your laptop is being "confused" and unable to route due to similar addressing scheme on the local network.

To be absolutely certain this is *not* the case, you might want to change to a less commonly used network address range. (Maybe 10.1.10.x, or any other random private IP address range.)

_________________
E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]

Try Dropbox for syncing files - get 2.5gb online for free by signing up.

Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
phantom4ever
DD-WRT Novice


Joined: 18 Sep 2009
Posts: 10

PostPosted: Tue Sep 22, 2009 12:22    Post subject: Reply with quote
Hi,

I got a public IP when I try to connect.

As I said, my internal lan is 192.168.0.0 and my subnet for openvpn connections is 192.168.66.0
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum