It's about three week that I tryed to connect two routers(my home router and a router in the corporate network) with openvpn without success. I can't
figure out how to make it works.
I guess that my issue is routing/firewall misconfiguration.
My goal is seems to be simple, I'd like to connect 2 LAN network, and reach the entire 10.x.x.x class from home.
At the moment ;
router1 can ping router2, and nothing else
lan1 can ping router1,router2 and nothing else
router2 can ping router1, LAN1 and LAN2
LAN2 can ping router2 and nothing else
Configuration:
--------------
Router1(dd-wrt - home router) - openVPNServer
WAN1 DHCP
LAN1 192.168.11.0/24
OpenVPN1 192.168.20.0/24 (ifconfig 192.168.20.1 192.168.20.2)
---------------
cat openvpn.conf
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
tls-server
management 127.0.0.1 5002
management-log-cache 50
mtu-disc yes
topology subnet
client-config-dir /tmp/openvpn/ccd
script-security 2
port 443
proto tcp-server
cipher aes-256-cbc
auth sha1
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
comp-lzo yes
client-to-client
tcp-nodelay
tun-mtu 1500
server 192.168.20.0 255.255.255.0
dev tun0
route 10.0.0.0 255.0.0.0 192.168.20.2
verb 6
------------------------
routing table;
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.1 * 255.255.255.255 UH 0 0 0 vlan2
192.168.20.0 * 255.255.255.0 U 0 0 0 tun0
192.168.11.0 * 255.255.255.0 U 0 0 0 br0
192.168.10.0 * 255.255.255.0 U 0 0 0 vlan2
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
10.0.0.0 192.168.20.2 255.0.0.0 UG 0 0 0 tun0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 1.10.168.192.in 0.0.0.0 UG 0 0 0 vlan2
------------------------
Firewall rules
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
------------------------------------------------------------------------------------
Router2(pfsense 2.0 -corporate router- OpenVPN Client)
WAN2 10.0.127.146/30 gw 10.0.127.145
LAN2 10.0.64.0/25
Openvpn2 192.168.20.2 192.168.20.1
-------------------
cat openvpn.conf
dev ovpnc1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-client
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.0.127.146
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote c2punti.homeunix.org 443
ifconfig 192.168.20.2 192.168.20.1
http-proxy proxy.intranet.local 80 /var/etc/openvpn/client1.pas basic
route 192.168.11.0 255.255.255.0
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
comp-lzo
resolv-retry infinite
--------------------------------
client configuration(client-config-dir /tmp/openvpn/ccd on router1)
iroute 10.0.0.0 255.0.0.0
route 192.168.11.0 255.255.255.0 192.168.20.1
-------------------------------
Routing table; click the following image...
-------------------------------
Firewall rule
pass lan->any destination - any protocol.
pass openvpn from any to any destination - any protocol
