I need help with setting up an OpenVPN server on a CentOS (v5) VPS. I have 2 routers, one of which has DD-WRT installed. I want this router to connect to the OpenVPN server full time so all clients connected to the router will have an American IP address (and thus all traffic will flow through the VPN).
I am able to connect to my OpenVPN server in windows with the OpenVPN gui but not through DDWRT, the connection always fails. I suspect it’s a routing issue that I’m hoping someone can help me with this, I’ve been fighting this for nearly a month now.
Hardware:
DSL Modem – 70.xx.xx.xx
DLink Dir-608 – 192.168.0.xx
Linksys E1200 with DD-WRT VPN version firmware installed – 192.168.2.xx
Here is the setup: Modem->(lan to wan)->DLink->(lan to wan)->E1200
I plan to have clients on both the DLink (non VPN routed traffic) and on the E1200 (VPN traffic).
These are my settings in the DD-WRT firmware Services->VPN tab.
OpenVPN Client: ‘Enabled’
Server IP/name: 199.195.xxx.xxx
Port: 1194
UDP
TUN
LZO Comp : Yes
Ca cert, public client cert and public client key populated.
Here is my server.conf file.
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon
client-config-dir ccd
route 192.168.0.0 255.255.255.0
client1 file in the ccd directory:
iroute 192.168.0.0 255.255.255.0
IPTables:
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source 172.xx.xx.xx
Anyone have similar setup? Would you be so kind as to share your conf file?
Is my ccd route IP info correct?
Any help is appreciated. Thanks much.
OpenVPN and DDWRT
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
ternarybit
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Nov 20, 2012 3:16 pm
Re: OpenVPN and DDWRT
Hey [Daft],
Consider upping the verbosity to 5 or better in DD-WRT, and add the log-append directive to the server. If you can connect via a Windows client, but not a DD-WRT client, chances are it's a config issue in DD-WRT and logs will be helpful.
I could be missing something, but why the nested routers? You don't strictly *need* to run the E1200 behind the DIR-608; you could run everything off the E1200 and eliminate the 192.168.2/24 subnet altogether.
On that note, when you connect successfully via the Windows client, are you *within* the 192.168.2/24 subnet (i.e. connected to the E1200 in Windows)?
Consider upping the verbosity to 5 or better in DD-WRT, and add the log-append directive to the server. If you can connect via a Windows client, but not a DD-WRT client, chances are it's a config issue in DD-WRT and logs will be helpful.
I could be missing something, but why the nested routers? You don't strictly *need* to run the E1200 behind the DIR-608; you could run everything off the E1200 and eliminate the 192.168.2/24 subnet altogether.
On that note, when you connect successfully via the Windows client, are you *within* the 192.168.2/24 subnet (i.e. connected to the E1200 in Windows)?