Route all traffic back to dd-wrt from private aws vpc subnet

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
ottafish
OpenVpn Newbie
Posts: 3
Joined: Sat Apr 15, 2017 2:59 am

Route all traffic back to dd-wrt from private aws vpc subnet

Post by ottafish » Sat Apr 15, 2017 3:08 am

Hi All,
I've searched for the last few days trying to find an answer - but all the answers seem to be the other way.

We have a openvpn on AWS working ok. In the same VPC, we have 3 windows servers in a private lan with no external nat or EIP
The windows servers can connect to hosts on the local lan ok and they can contact each other too
so, two way access is fine.

What we have been trying to do is force all the VPC private subnet back through the VPN and access the internet at the site with the dd-wrt and let the dd-wrt do the nat'ting for the VPC private lan
Why you may ask? - there are many reason, 1 is I don't need to set up a NAT on AWS. I also don't have to worry so much about ACL's..

All the info I've found is always to force the traffic over the VPN to the server...
We want to go the other way.

I can ping and traceroute back to my local lans without any issues from Windows servers. If I try and traceroute to an external host, the windows boxes stall at the Openvpn server.

Forgot to mention, it's set for NAT and not bridge at the moment.

Thanks for any ideas...

spacex
OpenVpn Newbie
Posts: 1
Joined: Thu Jun 01, 2017 4:34 pm

Re: Route all traffic back to dd-wrt from private aws vpc subnet

Post by spacex » Thu Jun 01, 2017 4:41 pm

Hi ottafish, any luck with this? We are trying the same, or similar.

We have a client that connects to a server which is running a proxy and accepts connections from the wider internet. We want all traffic from the proxy to route to the internet through the client. I think this is the same, or similar, as you have posted above. The main problem prohibiting swapping client-server roles is due to firewall restrictions.

I am happy with lan-to-lan routing, as nicely explained here:

http://community.openvpn.net/openvpn/wiki/RoutedLans

However, there is no mention of a gateway in that configuration, and that is the key requirement for us, to allow the VPN traffic to "get out" to the wider internet.

I'm building up my knowledge in this area and happy to attempt to solve it for myself, but if anyone could point me in the correct direction, that would be great.

My gut feeling at this stage is that configuration requires:

Server OpenVPN configuration: apply some magic routing to let traffic from this host into the VPN tunnel.
Client OpenVPN configuration: apply some magic routing to let VPN traffic out of the tunnel.
Server Routing: Set the client's IP address (either the VPN end point, or its own IP on its own subnet, or even its own gateway) as the default gateway on the server - which should then send all traffic from the server over the VPN and the client's subnet to that gateway, and on to the wider internet.

We don't mind if the routing is inefficient, meaning *all* traffic originating from the server host is routed over the VPN.

Thoughts?

ottafish
OpenVpn Newbie
Posts: 3
Joined: Sat Apr 15, 2017 2:59 am

Re: Route all traffic back to dd-wrt from private aws vpc subnet

Post by ottafish » Thu Jun 01, 2017 11:42 pm

Hi Spacex,

Sounds very similar to what I was chasing.

I tried many different variations of routing and firewall changes and gateways.. All I seemed to do was to confuse myself and kept breaking things.

After a couple of weeks it became very frustrating and in the end, I gave up.
The reason I wanted to do it was the hosting for the server wants to charge extra for a external internet NAT setup. I was hoping I could have avoided the charge by routing the traffic back to my end and out the gateway at my end where I was already paying for.

As I mentioned, I tried every idea I could come up with, but it either broke, or I lost connection..

If you do get it working, be great to see what you did - best of luck.
Cheers

Post Reply