Bonjour
J ai installé sur un routeur a base de linux Openvpn (client,tap) . Le tunnel s'"etablr correctement avec un serveur vpn distant (vpntunnel.se)
Le probleme est le suivant :
De l'extérieur les connections vers mon routeur qui sont dirigée vers mon réseau local (192.168.5.0 255.255.255.0) ne fonctionnent plus.
Il suffit de faire un killall openvpn et tout remarche (sauf le tunnel bien sur)
QQ a une idée ou mieux une solution?
Merci
dead local network
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: dead local network
please write in english so members that dont speak french may assist you..
ps:google translate is an option for us,but i guess it is also for you
Michael.
ps:google translate is an option for us,but i guess it is also for you
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Sep 15, 2012 1:38 pm
Re: dead local network
Hello
I have installed a linux based router Openvpn (client). The tunnel s "etablr properly with remote vpn server (vpntunnel.se)
The problem is as follows:
Outside connections to my router are directed to my local network (192.168.5.0 255.255.255.0) no longer work.
Just do a killall openvpn and everything works again (except of course the tunnel)
QQ has a better idea or a solution?
thank you
I have installed a linux based router Openvpn (client). The tunnel s "etablr properly with remote vpn server (vpntunnel.se)
The problem is as follows:
Outside connections to my router are directed to my local network (192.168.5.0 255.255.255.0) no longer work.
Just do a killall openvpn and everything works again (except of course the tunnel)
QQ has a better idea or a solution?
thank you
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Sep 15, 2012 1:38 pm
Re: dead local network
~
~
~
~
~
~
~
Le fichier hma.conf :
remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001
Le fichier up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
Le fichier dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
La commande :
openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon
Le fichier hma.log
root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed
le print route :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1
et iptables _L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#
~
~
~
~
~
~
Le fichier hma.conf :
remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001
Le fichier up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
Le fichier dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
La commande :
openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon
Le fichier hma.log
root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed
le print route :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1
et iptables _L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sat Sep 15, 2012 1:38 pm
Re: dead local network
hello
openvpn installed on linux router (dd-wrt) and tunnel established with the remote server correctly (vpntunnel.se)
problem:
access to the lan does not work anymore lorqu'on called router from the wan
killall openvpn and then it works again
what is the solution?
thank you
Jacques
The file hma.conf :
remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001
The file up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
The file dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
The command :
openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon
The file hma.log
root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed
The print route :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1
And iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#
openvpn installed on linux router (dd-wrt) and tunnel established with the remote server correctly (vpntunnel.se)
problem:
access to the lan does not work anymore lorqu'on called router from the wan
killall openvpn and then it works again
what is the solution?
thank you
Jacques
The file hma.conf :
remote 46.19.136.130 443
client
dev tun
proto tcp
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/hma/ca.crt
cert /tmp/hma/cl.crt
ns-cert-type server
key /tmp/hma/cl.key
auth-user-pass /tmp/hma/user.txt
log /tmp/hma/hma.log
verb 2
management 127.0.0.1 5001
The file up.sh
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
The file dn.sh
iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
The command :
openvpn --config /tmp/hma/hma.conf --routr-up /tmp/hma/up.sh --route-down /tmp/hma/dn.sh --daemon
The file hma.log
root@DD-WRT:~# cd /tmp/hma
root@DD-WRT:/tmp/hma# vi hma.log
Mon Oct 1 10:20:56 2012 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1]
Mon Oct 1 10:20:56 2012 MANAGEMENT: Socket bind failed on local address 127.0.0
Mon Oct 1 10:20:56 2012 Exiting
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Mon Oct 1 10:20:57 2012 /sbin/ifconfig tun0 31.7.57.145 netmask 255.255.255.192
Mon Oct 1 10:20:57 2012 Initialization Sequence Completed
The print route :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
46.19.136.130 livebox.home 255.255.255.255 UGH 0 0 0 vlan1
31.7.57.128 * 255.255.255.192 U 0 0 0 tun0
192.168.5.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 31.7.57.130 128.0.0.0 UG 0 0 0 tun0
default livebox.home 0.0.0.0 UG 0 0 0 vlan1
And iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35029 13M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 168 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
158 5056 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
1 70 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
439 38625 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
76531 4091K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 47 -- * vlan1 192.168.5.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 192.168.5.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5496 285K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
24108 7195K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
19952 6954K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.122 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.5.122 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.115 tcp dpt:80
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
4153 241K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
4153 241K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
3 226 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34672 packets, 4954K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (2 references)
pkts bytes target prot opt in out source destination
439 38625 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
root@DD-WRT:/tmp/hma#