Can not use openvpn route scripts

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
grumbler_eburg
DD-WRT Novice


Joined: 14 Mar 2012
Posts: 14
PostPosted: Sat Mar 01, 2014 15:52    Post subject: Can not use openvpn route scripts Reply with quote
Hi!

Router: D-Link DIR-320 A1.
DD-WRT revision: v24-sp2 (08/07/10) vpn

It is need to set up VPN between two LANs. In the LAN "first" exist OpenVPN server.
Router should be installed in the "second" LAN as border (firewall).
I setup "OpenVPN Client" using GUI, apply changes. Next I login to router via SSH and look "what does".
ps showed command line:
Code:
openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon

cat /tmp/openvpncl/route-down.sh
Code:
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE

cat /tmp/openvpncl/route-up.sh
Code:
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE


NAT (masquarading) should not be used in the openvpn tunnel!!!

I have question:
Can I may remove route-up and route-down scripts from openvpn command line?[/b]
Back to top View user's profile Send private message
Sponsor
grumbler_eburg
DD-WRT Novice


Joined: 14 Mar 2012
Posts: 14
PostPosted: Sat Mar 01, 2014 17:39    Post subject: Reply with quote
eibgrad wrote:
Sure, you can always remove those options from the command line if you want to.


OK, I known that i do. But I don't known, as does this! What token in the configuration I should cnange? nvram_set "that" ?

I wants remove these authomatic (generated) rules because it is need routing between LANs, not masquarading. All needed rules I may insert in the "manual" scripts (in the GUI: "Administraton" - "Commands")
Back to top View user's profile Send private message
grumbler_eburg
DD-WRT Novice


Joined: 14 Mar 2012
Posts: 14
PostPosted: Sun Mar 02, 2014 4:59    Post subject: Reply with quote
eibgrad wrote:
IIRC, the GUI should have an option to enable/disable NAT (maybe under Advanced Options).


Khmmm. "enable/disable NAT" is possible only for router, but not for one service openvpn: select mode "Router" instead "Gateway" ("Setup"-"Advanced routing").

Quote:
If not, you need to restart the VPN manually, or from the Startup script.


More reliable method - create own script as described in wiki http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

Another bug in the openvpn confirugation of GUI: dd-wrt don't creates tun interface, it is need create it in the user script before start openvpn service.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum