help with OpenVPN Server WAN and LAN reachability

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
kuhnto
DD-WRT Novice


Joined: 31 May 2015
Posts: 14
PostPosted: Sun Nov 06, 2016 3:00    Post subject: help with OpenVPN Server WAN and LAN reachability Reply with quote
Router Model - Asus RT-N66U
Firmware Version - DD-WRT v24-sp2 (02/04/15) mega - build 26138M
Kernel Version - Linux 3.10.67 #6285 Wed Feb 4 06:45:05 CET 2015 mips

For a long while I have been able to connect via Open VPN to my DD-WRT router, but only been able to reach internal addresses such as the router or local computer (RDP).

I recently wanted to add Internet access through the VPN connection, so after perusing the internet for a while I came upon a few NAT firewall and other setting changes that seemed to gave me internet access through the VPN (checking my public IP address is showing my local ISP), but I could no longer access anything locally-192.168.1.x.

It was most likely the NAT setting in the firewall.

This is most likely something really simple. Here are the details:

LAN - 192.168.1.1 / 24
VPN - 10.1.1.1 /24

OpenVPN Services Configuration:
OpenVPN - Enable
Start Type - WAN Up
Config as Server
Server mode Router TUN
Network 10.1.1.0
Netmask 255.255.255.0
Port 443
Tunnel Protocol TCP
Encryption Cipher AES 256
Hash Algorithm SHA 1


Startup:
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
server 10.1.1.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Firewall (DDWRT puts the ""& #-106" for some reason, but it should say "--dport"):
iptables -I INPUT 1 -p tcp &#-106;dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 10.1.1.0/24 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o $(get_wanface) -j SNAT --to-source $(nvram get wan_ipaddr)

Client:

client
remote-cert-tls server
remote mywebsite.com 443
dev tun2
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC

Like I said, It has to be something simple... A Missing route or something. I am unfortunately not a network engineer. Thank you for taking to time to try an assist.

Tom
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum