Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed May 16, 2012 2:58 pm

Board index » Scripting and Customizations » Routing and Firewall Scripts

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
Print view Previous topic | Next topic 
 Working with VLANs and OpenVPN on a router 
Author Message
sbeaver
 Post subject: Working with VLANs and OpenVPN on a router
PostPosted: Tue Feb 14, 2012 10:17 pm 
OpenVpn Newbie

Joined: Tue Feb 14, 2012 9:42 pm
Posts: 2
I have been struggling with this for a while, and am hoping someone might point me in the right direction. I have a WNR3500L router running TomatoUSB and OpenVPN 2.1 I have been working with for a while and am comfortable compiling from source and modifying the system. Newer versions of TomatoUSB support VLANs. I have configured my router with four VLANs and an OpenVPN tunnel over tun/UDP. It all works great! Each VLAN has it's own IP range, and seems to be able to connect to resources at the far end of the VPN.

Better yet (and this took some source code tweaks in Tomato) if I set the appropriate config option, I can route all traffic down the tunnel, from all the VLANs.

But what if I would like all traffic from one VLAN to go down the tunnel, traffic from another not? Doesn't sound too hard, but so far a solution has eluded me.

I have tried NOT setting the "redirect all" option, and manually routing traffic from a particular VLAN to the tunnel, AND I have tried setting hte "route all" option, and routing traffic from a partuclar VLAN direct to the internet. No yok. My attempts result in a VLAN that no longer seems to even be able to get an IP address via DHCP, never mind connect to the tunnel/internet.

This is an example of what I have tried:

Code:
ip route add 192.168.30.0/24 dev vlan2 table 1
ip route add default via 192.168.254.33 table 1
ip rule add from 192.168.30.0/24 table 1
ip route flush cache


Traffic from my VLANs defaults to the tunnel like it should, but traffic from 192.168.30.0/24 is routed directly to the Ethernet Interface (vlan2)

This is the routing table:

Code:
10.255.0.1      *               255.255.255.255 UH    0      0        0 tun11
192.168.254.33  192.168.254.33  255.255.255.255 UGH   0      0        0 vlan2
192.168.254.33  *               255.255.255.255 UH    0      0        0 vlan2
192.168.254.32  *               255.255.255.224 U     0      0        0 vlan2
192.168.30.0    *               255.255.255.0   U     0      0        0 br3
192.168.20.0    *               255.255.255.0   U     0      0        0 br2
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
192.168.8.0     *               255.255.255.0   U     0      0        0 br1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.255.0.1      128.0.0.0       UG    0      0        0 tun11
128.0.0.0       10.255.0.1      128.0.0.0       UG    0      0        0 tun11
default         192.168.254.33  0.0.0.0         UG    0      0        0 vlan2


More details can be found here: http://tomatousb.org/forum/t-441920/vla ... elp-needed and some help would be most welcome. Am I missing a local route, some sort of broadcast magic?

Steve
Offline
 Profile  
 
janjust
 Post subject: Re: Working with VLANs and OpenVPN on a router
PostPosted: Thu Feb 16, 2012 11:52 am 
I should be on the dev team.
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2083
Location: Amsterdam
VLAN info is ethernet specific - this gets stripped when using a 'tun' based setup. Try switching to 'tap' (no need for bridging, just use 'dev tap') to see if it makes a difference.

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html

Offline
 Profile  
 
sbeaver
 Post subject: Re: Working with VLANs and OpenVPN on a router
PostPosted: Thu Feb 16, 2012 12:30 pm 
OpenVpn Newbie

Joined: Tue Feb 14, 2012 9:42 pm
Posts: 2
Thank you.

Since it is easily possible to route all four of my VLANs down the tunnel via tun, I'm not sure that is the issue. I can also cause my VLAN traffic not to default to the tunnel. The problem I am trying to solve is to route some VLANs to the tunnel, while traffic from the others has direct access to the Internet side of the router.
Offline
 Profile  
 
elessard84
 Post subject: Re: Working with VLANs and OpenVPN on a router
PostPosted: Mon Mar 12, 2012 6:18 pm 
OpenVpn Newbie

Joined: Sun Mar 11, 2012 3:31 am
Posts: 2
@sbeaver I don't have an answer for you... but i have my own issue with openvpn on my tomatoUSB router and as I see it you can have the answer. I searched and ask on many forum (tomato forum even ddwrt and openwrt too) and no answer.

What I want; incoming connections from the WAN/Internet to be forwarded to far clients in my VPN. My vpn is bridged with my local netword and use tap interface....

http://forums.openvpn.net/topic7823.html here is what I should do if my vpn server wasn't on my router but on a local computer. But that can't work in my case.

I don't even speak english so it's realy hard for me to find my way around this problem (must of wikis are in english...)
Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 

Board index » Scripting and Customizations » Routing and Firewall Scripts

All times are UTC


 Who is online 

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.073s | 11 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group