Here's my current setup:
Code: Select all
VPS ( RouterStation Pro (RSP) )
openvz<---------{ external ip: 72.209.203.184 (eth0) }<-------local clients
( internal ip: 192.168.1.10 (eth1/br-lan) ) 192.168.1.x
( openvpn ip: 10.9.0.10 (tun0) )-The RSP is acting as the DHCP server for the clients, giving out IPs 192.168.1.x
-The VPS is set up as the OpenVPN Server giving out IPs in the 10.9.0.x range
-The RSP is set up as an OpenVPN client
-The RSP is connecting to the VPS without error. I have verified that the server is setup correctly with other clients.
Here's what I would ideally like:
The RSP will continue to act as DHCP and hand out IPs on the 192.168.1.x subnet. All traffic destined for the internet will be routed through the tunnel. It seems to me that all I would need is a rule on the RSP that says that "all traffic destined for the default gateway (192.168.1.10) should be forwarded through the tunnel." This way all of my local clients will still be able to see each other.
Is this possible? I know enough about this to be dangerous, but not enough to actually get things done Can you help me get my internet traffic into that tunnel?
OpenVPN Server Config File
Code: Select all
local 187.63.22.57
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/serverconfig.crt
key /etc/openvpn/keys/serverconfig.key
dh /etc/openvpn/keys/dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist serverdefault-ipp.txt
client-config-dir ccd
route 192.168.1.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/serverdefault-status.log
log-append /var/log/openvpn/serverdefault.log
verb 3
mute 20Code: Select all
config openvpn sample_client
# Set to 1 to enable this instance:
option enable 1
option client 1
option dev tun
option proto tcp
list remote "187.63.22.57"
option resolv_retry infinite
option nobind 1
option persist_key 1
option persist_tun 1
option mute_replay_warnings 1
option ca /etc/openvpn/keys/ca.crt
option cert /etc/openvpn/keys/owrt.crt
option key /etc/openvpn/keys/owrt.key
option ns_cert_type server
option tls_auth "/etc/openvpn/keys/ta.key 1"
option cipher AES-256-CBC
option comp_lzo 1
option verb 7
option log /tmp/openvpn.log
option mute 20Code: Select all
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.10'
option 'netmask' '255.255.255.0'
option 'gateway' '192.168.1.1'
option '_orig_ifname' 'eth1'
option '_orig_bridge' 'true'
option 'ifname' 'eth1 tun0'
config 'interface' 'wan'
option 'ifname' 'eth0'
option 'proto' 'dhcp'
config 'switch'
option 'name' 'eth1'
option 'reset' '1'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'eth1'
option 'vlan' '1'
option 'ports' '0 1 2 3 4'
option 'vid' '1'
config 'switch_port'
option 'pvid' '1'
option 'port' '0'
config 'switch_port'
option 'pvid' '1'
option 'port' '1'
config 'switch_port'
option 'pvid' '1'
option 'port' '2'
config 'switch_port'
option 'pvid' '1'
option 'port' '3'
config 'switch_port'
option 'pvid' '1'
option 'port' '4'
config 'switch_port'
option 'pvid' '1'
option 'port' '5'Code: Select all
root@OpenWrt:/etc/config# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
187.63.22.57 ip72-209-200-1. 255.255.255.255 UGH 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
72.209.200.0 * 255.255.252.0 U 0 0 0 eth0
default ip72-209-200-1. 0.0.0.0 UG 0 0 0 eth0Code: Select all
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config rule
option target ACCEPT
option dest_port 443
option src wan
option proto tcp
option family ipv4