dd-wrt client/server home/home - works 1 way need 2 way

[fotonut]

Many years experimenting with dd-wrt and trying OpenVPN and finally have a working link but it's one-way link and I would like to have a two-way. Family member abroad wanted all traffic from there routed out from the USA dd-wrt server port here (including DNS). However, I can't figure out a way to configure my dd-wrt server where I can look backwards from the server to the subnet on the foreign client.

Anyone have any guidance, e.g. I'm looking for "try adding a line IPTable xx to firewall" - if anything more complex it will likely be over my head (i.e. scan the routing tables, arp tables etc. because I really don't understand

This is sort of an Abyss, configuring dd-wrt considering that the last official release was nearly 2 years ago with v24 pre-SP2. At this (working) release, none of the new functions to add configuration table has yet been added to the dd-wrt client, however, I took a snapshot of the config file that it creates from the short menu selection of IP address, UDP protocol, TUN.

Client:

The dd-wrt client, /tmp/openvpncl/openvpn.conf:

Code: Select all

client
dev tun
proto udp
remote usa-id.dyndns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
ns-cert-type server
key /tmp/openvpncl/client.key
comp-lzo

Server:

My dd-wrt server file:
/tmp/openvpncl/openvpn.conf

Code: Select all

push "route 192.168.158.0 255.255.255.0"
server 10.8.0.0 255.255.255.0

#add the following 2 lines if you want EVERYTHING routed through here on VPN connect
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"

dev tun0
proto udp
keepalive 10 120

comp-lzo

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

verb 5

management localhost 5001

Server Firewall:

Code: Select all

iptables -I INPUT 1 -p udp -dport=1194 -j ACCEPT

iptables -I FORWARD 1 -source=192.168.158.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

The subnet on the client is 192.168.8.x (sees server as 192.168.158.x & 10.8.0.x)
The subnet on the server is 192.168.2.x

I copied these profiles from someone else - not sure why I have access the 192.168.2.x server side as both subnet 10.8.0.x and 192.168.158.x addresses on the client side. Is this required????

The setup does not allow the server to access client ipaddresses. The "push" done in the server is done in this instance because there is no direct access to the client config file with this version of dd-wrt.

I would like to be able to access the 192.168.8.x from the client from the 192.168.2.x on the server.

Thanks in advance.

[fotonut]

Can anyone who understands OpenVPN give me a hint or point me to how to figure this out? Maybe the question is too ambiguous, or I not included enough info?

One network is a simple NAT network behind a dd-wrt router. Gateway is 192.168.2.1 runs OpenVPN server and all the attached computers to this home gateway are 192.168.2.x.

Remote roving computer has a gateway of for example 192.168.158.1 and a random IP say this time of 192.168.158.134

With the above configuration, I can connect the roving computer to the 192.168.2.1 gateway via OpenVPN but from my 192.168.2.x network, I cannot ping the remote roving OpenVPN client computer.

When OpenVPN roving client links into my 192.168.2.1 OpenVPN dd-wrt router at home, the OpenVPN Client says it has secured an IP address of 10.8.0.10 and the gateway is 10.8.0.9, thanks in advance.