[Resolved] Problem using two routers dd-wrt

[Pazzeo]

Hello guys,

I'm configuring a VPN between my house and my brother's house. In both houses we have the buffalo router dd-wrt with openvpn.
The openvpn server is running in the buffalo configured as bridge/repeater and the lan is the following:

server lan information:

• internal lan: 192.168.2.0/24
  internal ip buffalo: 192.168.2.1
  internet lan(wireless interface buffalo repeater): 192.168.1.120/24
  default gateway: 192.168.1.1

While the configuration of the client is the following:

client lan information:

• internal lan: 192.168.0.0/24
  ip internal buffalo: 192.168.0.254
  internet lan: z.z.z.z/29
  gateway : y.y.y.y
  where z.z.z.z and y.y.y.y is the ip given by my provider.

The configuration on the server is the following:
server.conf

Code: Select all

dh /tmp/openvpn/dh.pem 
ca /tmp/openvpn/ca.crt 
cert /tmp/openvpn/cert.pem 
key /tmp/openvpn/key.pem 
keepalive 10 120 
verb 4 
mute 5 
log-append /var/log/openvpn 
tls-server 
mtu-disc yes 
topology subnet 
script-security 2 
port 2194 
proto tcp-server 
cipher aes-256-cbc 
auth sha1 
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400 
comp-lzo yes 
client-config-dir /tmp/openvpn/ccd 
client-to-client 
tcp-nodelay 
tun-mtu 1500 
server 192.168.66.0 255.255.255.0 
dev tun0 
local 192.168.1.120 
route 192.168.0.0 255.255.255.0 
push "route 192.168.2.0 255.255.255.0"

the client file in the cct directory is the following:

Code: Select all

iroute 192.168.0.0 255.255.255.0

the client configuration is the following:
client.conf

Code: Select all

ca /tmp/openvpncl/ca.crt 
cert /tmp/openvpncl/client.crt 
key /tmp/openvpncl/client.key 
management 127.0.0.1 5001 
management-log-cache 50 
verb 4 
mute 5 
log-append /var/log/openvpncl 
client 
tls-client 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
script-security 2 
mtu-disc yes 
dev tun1 
proto tcp-client 
cipher aes-256-cbc 
auth sha1 
remote ip.brother.house 2194 
tun-mtu 1500 
comp-lzo no 

The connection between client and server goes up, in fact from client and server I can ping the tunnel ip (192.168.66.1 and 192.168.66.2).
The problem is that the following: in the buffalo server I could not ping the internal client ip (192.168.0.0/24). Using traceroute I see that the packets go through the default gateway of the server router(192.168.1.1).

In the client side, from the buffalo i can ping the internal ip of buffalo (192.168.2.1) but the clients behind the client router are not able to ping the 192.168.2.1.
How could I solve the problem?

I checked also the route table in both routers:

client route table:

Code: Select all

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 
y.y.y.y    *               255.255.255.255 UH        0 0          0 vlan1 
192.168.2.0     192.168.66.1    255.255.255.0   UG        0 0          0 tun1 
192.168.0.0     *               255.255.255.0   U         0 0          0 br0 
192.168.66.0    *               255.255.255.0   U         0 0          0 tun1 
y.y.y.y  *               255.255.248.0   U         0 0          0 vlan1 
169.254.0.0     *               255.255.0.0     U         0 0          0 br0 
127.0.0.0       *               255.0.0.0       U         0 0          0 lo 
default         z.z.z.z    0.0.0.0         UG        0 0          0 vlan1

server route table

Code: Select all

Kernel IP routing table 
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 
192.168.1.1     *               255.255.255.255 UH        0 0          0 eth1 
192.168.2.0     *               255.255.255.0   U         0 0          0 br0 
192.168.1.0     *               255.255.255.0   U         0 0          0 eth1 
192.168.66.0    *               255.255.255.0   U         0 0          0 tun0 
169.254.0.0     *               255.255.0.0     U         0 0          0 br0 
127.0.0.0       *               255.0.0.0       U         0 0          0 lo 
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth1

In the openvpn log in the server I have the following messages:

Code: Select all

Mon Nov 28 00:34:45 2011 us=166760 casa/z.z.z.z:2186 SENT CONTROL [casa]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 192.168.66.1,topology subnet,ping 10,ping-restart 120,socket-flags TCP_NODELAY,ifconfig 192.168.66.2 255.255.255.0' (status=1) 
Mon Nov 28 00:36:31 2011 us=587297 casa/93.37.220.223:2186 MULTI: Learn: 192.168.0.104 -> casa/z.z.z.z:2186 
Mon Nov 28 01:34:43 2011 us=615586 casa/93.37.220.223:2186 TLS: soft reset sec=0 bytes=50745/0 pkts=724/0 
Mon Nov 28 01:34:50 2011 us=836055 casa/93.37.220.223:2186 VERIFY OK: depth=1, /C=IT/ST=PD/L=House/O=House/CN=House_CA/name=Pazzeo/emailAddress=pazzeo29@gmail.com 
Mon Nov 28 01:34:50 2011 us=845007 casa/93.37.220.223:2186 VERIFY OK: depth=0, /C=IT/ST=PD/L=House/O=House/CN=casa/name=Pazzeo/emailAddress=myemail@email.com 
Mon Nov 28 01:34:53 2011 us=435970 casa/z.z.z.z:2186 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 
Mon Nov 28 01:34:53 2011 us=436490 casa/z.z.z.z:2186 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
Mon Nov 28 01:34:53 2011 us=437358 casa/z.z.z.z:2186 NOTE: --mute triggered... 

Could you help me please? I don't understand how I could add the route to 192.168.0.0 in the server side.

Thanks,

Pazzeo

[Mimiko]

Remove "mute" option from server.conf and show the full log of the server, especially where routes are added and interface is bring up.

[Pazzeo]

Thanks I found the problem.

In server.conf I changed the following line in:

Code: Select all

route 192.168.0.0 255.255.255.0 

in

Code: Select all

route 192.168.0.0 255.255.255.0 192.168.66.1

and everything is working

Thanks

Matteo