Can't reach LAN machines over VPN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
DarkSupremo
DD-WRT Novice


Joined: 19 Dec 2016
Posts: 1

PostPosted: Tue Jul 25, 2017 19:52    Post subject: Can't reach LAN machines over VPN Reply with quote
Hello, i'm few days already trying to make it work but without success, any help would be appreciated.

I can access internet just fine over VPN, and i can connect to router admin (10.0.0.1) just fine too, but can't access other machines over the lan (10.0.0.2 for example)

The computer that i'm trying to access (10.0.0.2) is an Windows, with firewall turned off

Router: Netgear R7000
Firmware: DD-WRT v3.0-r29875M kongac (06/11/16)
LAN subnet: 10.0.0.0/255.255.255.0
VPN subnet: 10.8.0.0/255.255.255.0
WAN_IF: ppp0
VPN_IF: tun2

(already tried upgrading firmware, but had connection problems, so i restored it to an older version)


iptable on dd-wrt:

# open the OpenVPN server port
iptables -I INPUT -i ppp0 -p udp --dport 5910 -j ACCEPT

# allow OpenVPN clients to access the OpenVPN server
iptables -I INPUT -i tun2 -m state --state NEW -j ACCEPT

# allow OpenVPN clients to access ALL other devices on the LAN
iptables -I FORWARD -i tun2 -o -m state --state NEW -j ACCEPT

# nat OpenVPN clients over the local internet gateway
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ppp0 -j MASQUERADE



OpenVPN Server settings:

Start Type: System
Config as: Server
Server Mode: Router (TUN)
Network: 10.8.0.0
Netmask: 255.255.255.0
Port: 5910
Tunnel Protocol: UDP
Encryption Cipher: AES-256 CBC
Hash Algorithm: SHA1
TLS Cipher: None
LZO Compression: Yes
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Enable
Tunnel MTU setting: 1500
Tunnel UDP Fragment: (empty)
Tunnel UDP MSS-Fix: Enable

Additional Config:

ifconfig-pool-persist ipp.txt
push "route 10.8.0.0"
push "route 10.0.0.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
persist-key
persist-tun
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 11209
Location: Netherlands

PostPosted: Tue Jul 25, 2017 21:33    Post subject: Reply with quote
Just a thought, you did not specify the --out-interface -o in the forward chain, try deleting -o or specify the --out-interface, maybe leaving it empty does not work?
_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum