routing on dreambox

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

routing on dreambox

Post by radero » Sat Dec 19, 2015 9:03 am

Hi

I have on may LAN 192.168.1.0 a Dreambox satellite receiver which is a linux machine that act a server openvpn (192.168.3.0)
its address is 192.168.1.10. My adsl router is 192.168.1.1. So far on my router adsl i added a static route 192.168.3.0/24 255.255.255.0 gw 192.168.1.10 and from client i could reach each host on the lan server (192.168.1.0).

On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?

server conf:
port 1194
proto tcp
dev tun0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 192.168.3.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
tls-auth /etc/openvpn/keys/delite.key 0
max-clients 10
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 5


client conf

client
dev tun0
proto tcp
remote xxxxxxx.xxxxx
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
tls-auth delite.key 1 verb 5

Thank you

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Sat Dec 19, 2015 1:55 pm

radero wrote:On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?
If you cannot add routing to the router you can use NAT on the VPN server instead.

To enable NAT on the VPN server:

Code: Select all

iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
Note: (#1) 192.168.3.0/24 is the VPN subnet range. (#2) eth0 is the local output interface on the vpn server, make sure you select the correct name. (#3) iptables may not be available to your server Linux distro.

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sat Dec 19, 2015 2:14 pm

yes if i write the line you've suggested i get error:

root@vuduo2:~# iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
-sh: iptables: command not found
root@vuduo2:~#

the version is this one:

root@vuduo2:~# cat /proc/version
Linux version 3.13.5 (plnick@build-plnick) (gcc version 4.9.2 (GCC) ) #1 SMP Wed Oct 21 17:14:49 CEST 2015
root@vuduo2:~#

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sat Dec 19, 2015 8:06 pm

Hi Traffic

On the drambox i have added iptables
opkg install iptables

and then your line command and it works :D :D :D .

Now I can reach all the lan 192.168.1.0 fron openvpn clients.

i have another question how can openvpn (192.168.3.0) client can see each other?

I have added in server conf file the line
client-to-client

But no way to see the clients each other

Grazie

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Sat Dec 19, 2015 10:02 pm

radero wrote:i have another question how can openvpn (192.168.3.0) client can see each other?
Can these clients ping each other ?

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sat Dec 19, 2015 10:04 pm

Sorry i've written wrong.


Actually the vpn clients can't ping to each other.

the question is how is it possible?

Thank you

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Sat Dec 19, 2015 10:26 pm

Most likely your client firewalls are set to block incoming packets ..

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sun Jan 03, 2016 6:59 pm

Hi

Forgive me but i have another question

Adding : iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE

it works, but as soon as i reboot the decoder enigma2 i have to insert again the command via telnet .

How can I make this command permanent?

or maybe create a script which start each reboot

thank you

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Mon Jan 04, 2016 10:29 pm

It depends on what system your Linux uses to start .. init, systemd, proprietary ..

There are plenty of tutorials for this on the internet.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Wed Jan 06, 2016 2:37 pm

I just noticed this:
radero wrote:Actually the vpn clients can't ping to each other.

the question is how is it possible?
Your server needs to have --client-to-client

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sat Jan 09, 2016 8:09 am

about start as i said is enigma2 and i think it uses initd, otherwise how can I check? Sorry but linux is not familiar to me.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: routing on dreambox

Post by Traffic » Sat Jan 09, 2016 2:40 pm

radero wrote:how can I check?
Please post details of:

Code: Select all

uname -a

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Sat Jan 09, 2016 2:46 pm

root@vuduo2:~# uname -a
Linux vuduo2 3.13.5 #1 SMP Wed Oct 21 17:14:49 CEST 2015 mips GNU/Linux

User avatar
Pippin
Forum Team
Posts: 767
Joined: Wed Jul 01, 2015 8:03 am

Re: routing on dreambox

Post by Pippin » Sun Jan 10, 2016 6:46 pm

Nothing to do with OpenVPN so I don`t know if this gets pass moderation.

On Vuduo I'm not 100% sure but on Gigablue with OpenATV:

Place shell script youriptables.sh in:

Code: Select all

/usr/script
and make it executable.

Create a link in /etc/rc3.d which points to /usr/script/youriptables.sh with:

Code: Select all

ln -s /usr/script/youriptables.sh /etc/rc3.d/S90youriptables
The number 90 determines when the script gets executed during boot.
Obviously you want it to happen after all networking is started.

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Mon Jan 11, 2016 6:45 am

Hi pippin

Thank you for your answer.

I've created a file xxxx.sh, now i've typed in just the instructions :
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
made it with 777 permission

but at reboot it doesnt' work.

Maybe something wrong in the sh file

User avatar
Pippin
Forum Team
Posts: 767
Joined: Wed Jul 01, 2015 8:03 am

Re: routing on dreambox

Post by Pippin » Mon Jan 11, 2016 1:29 pm

It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.

radero
OpenVpn Newbie
Posts: 10
Joined: Sun Sep 22, 2013 7:53 am

Re: routing on dreambox

Post by radero » Tue Jan 12, 2016 5:52 am

Pippin wrote:It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.
My image is VTI 9.0.1

User avatar
Pippin
Forum Team
Posts: 767
Joined: Wed Jul 01, 2015 8:03 am

Re: routing on dreambox

Post by Pippin » Tue Jan 12, 2016 2:47 pm

This was easy to find, first hit on search.....but here you go:
http://www.vuplus-support.org/wbb3/inde ... post828168

enigma2user
OpenVpn Newbie
Posts: 3
Joined: Sat May 23, 2020 6:35 pm

Re: routing on dreambox

Post by enigma2user » Sat May 23, 2020 8:26 pm

Hello guys I just posted a kind of same issue if someone could help me.

Iam well connected to the VPN serveur from my client vu+zero running openatv6.4 but I can not use the public distant ip adress...

I don’t knoW why

Thank you

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: routing on dreambox

Post by TinCanTech » Sat May 23, 2020 8:54 pm

Please start here: viewtopic.php?f=30&t=22603

Post Reply