I have checked now for many days a solution to this... But nothing worked so far.
I am trying to setup OpenVPN (I have installed DD-WRT v3.0-r34929 giga (02/12/18) on an Asus RT-AC66U).
Internal IP of the router is 192.168.0.1
External IP of the router is 10.0.0.1
I have setup an OpenVPN server and I can get a connection from my client (iPhone 7). The subnet for the tunnel tun0 interface is 192.168.66.0/24
I have used the push "redirect-gateway def1" in the OpenVPN server configuration. What I want to achieve is to use on my iPhone the same Internet gateway as on the router with DD-WRT.
Client
remote MyIP 1194
client
remote-cert-tls server
dev tun0
proto tcp 4
resolv-retry infinite
nobind
persist-key
persist-tun
route-delay 30
redirect-gateway def1
comp-lzo
cipher AES-256-CBC
auth SHA256
float
# And the key part
client
remote-cert-tls server
dev tun0
proto tcp 4
resolv-retry infinite
nobind
persist-key
persist-tun
route-delay 30
redirect-gateway def1
comp-lzo
cipher AES-256-CBC
auth SHA256
float
# And the key part
Server
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto tcp4-server
cipher aes-256-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
duplicate-cn
client-to-client
push "redirect-gateway def1"
tcp-nodelay
tun-mtu 1500
mtu-disc yes
server 192.168.66.0 255.255.255.0
dev tun2
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0
push "redirect-gateway def1"
dev tun0
proto tcp4
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
verb 5
management localhost 5001
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto tcp4-server
cipher aes-256-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
duplicate-cn
client-to-client
push "redirect-gateway def1"
tcp-nodelay
tun-mtu 1500
mtu-disc yes
server 192.168.66.0 255.255.255.0
dev tun2
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0
push "redirect-gateway def1"
dev tun0
proto tcp4
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
verb 5
management localhost 5001
This is the firewall script.
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -0 tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
I connect to the OpenVPN server, this is fine. I can see that the server has assigned the address 192.168.66.2 to my cellphone. If I check my "gateway IP", which should be the one of my ISP, I do not get anything. In fact, no internet connection is available.
So, I can come in, but out out... hehe
Is this due to the OpenVPN or routing?
Thank you.
Kind regards,