DDwrt/OpenVPN starts, vpn works on router, not for computers

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Nadine
OpenVpn Newbie
Posts: 1
Joined: Thu Aug 11, 2011 8:30 am

DDwrt/OpenVPN starts, vpn works on router, not for computers

Post by Nadine » Thu Aug 11, 2011 8:35 am

Howdy, I'm in need of help and posting is a last resort so I'll try to keep it brief.

A little background:

- I am a novice when it comes to linux and routers/networking, I only understand some of the basics.
- My main router that is connected to the internet is 192.168.1.1, my vpn router is 192.168.1.3
- I disabled the DHCP server on my vpn router so that my computers on my main router could communicate with the computers behind my vpn router.
- My goal is to be able to plug in a computer to my VPN router and have all the traffic be routed to the VPN, and still be able to communicate with those computers behind that router with the rest of my computers behind main router. If I am unable to communicate with the computers behind the VPN router I am fine with that so long as all traffic is forwarded to the VPN.

My Config:

Code: Select all

Setup:
WAN Connection Type: Disabled
STP: Disabled
Local IP Address: 192.168.1.3
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
Local DNS: 192.168.1.1
Assign WAN Port to Switch: yes
DHCP disabled
DNSMasq DHCP/DNS Disabled

Advanced Routing:
Operating Mode: Router
Interface: LAN & WLAN

Services:
OpenVPN Client: Enabled, default settings

Security:
SPI Firewall: Disabled
Administration Commands: Startup Script

Code: Select all

sleep 5

echo "
client
dev tun
proto udp
remote ******.com 1194
redirect-gateway def1
resolv-retry infinite
server-poll-timeout 10
script-security 2
nobind
persist-key
persist-tun
comp-lzo
verb 5
mute 5
ns-cert-type server

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/server.crt
key /tmp/openvpncl/server.key
tls-auth /tmp/openvpncl/tls.key 1
" > /tmp/openvpncl/myopenvpn.conf

sleep 1

echo "
-----BEGIN CERTIFICATE-----
*********************************
-----END CERTIFICATE-----
" > /tmp/openvpncl/ca.crt

sleep 1

echo "
-----BEGIN CERTIFICATE-----
*********************************
-----END CERTIFICATE-----
" > /tmp/openvpncl/server.crt

sleep 1

echo "
-----BEGIN RSA PRIVATE KEY-----
*********************************
-----END RSA PRIVATE KEY-----
" > /tmp/openvpncl/server.key

sleep 1

echo "
-----BEGIN OpenVPN Static key V1-----
*********************************
-----END OpenVPN Static key V1-----
" > /tmp/openvpncl/tls.key

sleep 5
killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/myopenvpn.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/router-down.sh --daemon &
note: route up and down file do not contain anything, I was planning to put any iptables there once I figure them out


Once I start openvpn everything starts fine, so I run the following commands on my router via ssh

Code: Select all

wget http://whatismyip.org

cat index.html

85.*.*.*

visiting from a computer behind this router:

24.*.*.*
I obviously need to figure out how to do the routing, but I am completely lost about how to do the routing and iptables. I have googled what to type and switched the devices that were used but nothing seems to work, I am not sure what the reason could be, I can tinker with things but don't really understand the workings behind it.

typing the command route results in this:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.*.*.*        192.168.1.1     255.255.255.255 UGH   0      0        0 br0
10.32.0.1       10.32.0.33      255.255.255.255 UGH   0      0        0 tun0
10.32.0.33      *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
169.254.0.0     *               255.255.0.0     U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.32.0.33      128.0.0.0       UG    0      0        0 tun0
128.0.0.0       10.32.0.33      128.0.0.0       UG    0      0        0 tun0
default         192.168.1.1     0.0.0.0         UG    0      0        0 br0
typing the command ifconfig results in this:

Code: Select all

br0       Link encap:Ethernet  HWaddr BC:*:*:*:*:4C
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:157010 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34883 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:25754616 (24.5 MiB)  TX bytes:22261545 (21.2 MiB)

br0:0     Link encap:Ethernet  HWaddr BC:*:*:*:*:4C
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr BC:*:*:*:*:4C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:157027 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165044 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:29211084 (27.8 MiB)  TX bytes:47704027 (45.4 MiB)
          Interrupt:4 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr BC:*:*:*:*:4E
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:3 Base address:0x1000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:113 errors:0 dropped:0 overruns:0 frame:0
          TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:20074 (19.6 KiB)  TX bytes:20074 (19.6 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.32.0.34  P-t-P:10.32.0.33  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:102 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:14994 (14.6 KiB)  TX bytes:0 (0.0 B)

vlan1     Link encap:Ethernet  HWaddr BC:*:*:*:*:4C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21044 errors:0 dropped:0 overruns:0 frame:0
          TX packets:136358 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4448643 (4.2 MiB)  TX bytes:28951278 (27.6 MiB)

vlan2     Link encap:Ethernet  HWaddr BC:*:*:*:*:4C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:135982 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21935905 (20.9 MiB)  TX bytes:18752749 (17.8 MiB)
This is all the information I could think to provide.

I've tried googling for the past few days so this is my last resort, any help is appreciated, thank you!
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: DDwrt/OpenVPN starts, vpn works on router, not for compu

Post by Mimiko » Thu Aug 18, 2011 6:07 pm

It's because your dd-wrt with openvpn is not the default gateway of lan computers. You dd-wrt has IP 192.168.1.3. The default gateway is 192.168.1.1 for all computers. That's why all computers access the internet thru the default gateway: 192.168.1.1. But your dd-wrt acces the internet trhu the tunnel insteed of default gateway because of "redirect-gateway def1" in the config file.
I obviously need to figure out how to do the routing
You have to install OpenVPN on the router 192.168.1.1
Top
Post Reply

Return to “Scripting and Customizations”