Setting up router as a OpenVPN client

[bartoszmarcin]

Hi everyone, I have utilized OpenVPN in a simple way previously and it works quite well, I am very happy with the results.
So far I have installed an Advanced Tomato firmware on a router and have configured the OpenVPN server onto it.
Then installed OpenVPN on each individually device and connected to the server, this works perfectly, very happy with it.

However I would like to instead connect another router acting as an OpenVPN client via the internet to the router acting as an OpenVPN server.
Essentially what I would like to do is for the network devices connected to the OpenVPN client router to be able to connect to an OpenVPN server without configuring all the network devices individually. The OpenVPN client router would presumably allow for communication and assign appropriate IP addresses to the network devices.
Attached is the topology:



Here are some screenshots of the interface that I am working with. Please ignore that I do not have the client started, I simply have it stopped at the moment. With the current configuration, the client router actually does connect to the server router, but the devices connected to the client router simply do not have access to the internet whatsoever and cannot communicate with the openvpn server router. My guess is that I am missing something in the custom configuration in the advanced tab, routing policy and probably IPtables of the firewall perhaps for both the client and server. I have done as much research as possible, and am just not getting this. I would appreciate any help. Thank you very much and I apologize if a similar question was posted already. Thank you once again.

[bartoszmarcin]

Here is a bit more information about my setup, hopefully it will help with figuring out how to create a site-to-site setup, I appreciate the help...Thank you.

View Originalserver config

daemon
server 10.8.0.0 255.255.255.0
proto udp
port 1195
dev tun22
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.104.0 255.255.255.0"
client-config-dir ccd
client-to-client
push "dhcp-option DNS 192.168.104.1"
push "redirect-gateway def1"
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

View Originalclient config

daemon
client
dev tun11
proto udp
remote ************ 1195
resolv-retry 30
nobind
persist-key
persist-tun
cipher AES-256-CBC
redirect-gateway def1
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
cert client.crt
key client.key
status-version 2
status status

# Custom Configuration
auth-nocache
nobind
persist-tun
persist-key
remote-random
remote-cert-tls server
route-metric 1
auth sha512
tun-mtu 1500

Also there are a few more configurations on the client:

View Originaladditional client config

echo 0 > /proc/sys/net/ipv4/conf/tun11/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
iptables -t mangle -A PREROUTING -m set --match-set vpnrouting311 dst,src -j MARK --set-mark 311
iptables -t mangle -A PREROUTING -s 1.2.3.0/24 -j MARK --set-mark 311

iptables -I INPUT -i tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.54.0/255.255.255.0 -o tun11 -j MASQUERADE

There is no CCD file on the server, but my guess is that I need to create a CCD file in it for the client with the certificate and some ifconfig-push statements....and perhaps some route/iroute/push statements...as mentioned, I am no expert, but understand the concepts in general so far. Please help, I appreciate your time and help. Have a nice day.

[bartoszmarcin]

I found this additional server configuration:

View Originaladditional server configuration

iptables -t nat -I PREROUTING -p udp --dport 1195 -j ACCEPT
iptables -I INPUT -p udp --dport 1195 -j ACCEPT
iptables -I INPUT -i tun22 -j ACCEPT
iptables -I FORWARD -i tun22 -j ACCEPT