Anyone have any guidance, e.g. I'm looking for "try adding a line IPTable xx to firewall" - if anything more complex it will likely be over my head (i.e. scan the routing tables, arp tables etc. because I really don't understand
This is sort of an Abyss, configuring dd-wrt considering that the last official release was nearly 2 years ago with v24 pre-SP2. At this (working) release, none of the new functions to add configuration table has yet been added to the dd-wrt client, however, I took a snapshot of the config file that it creates from the short menu selection of IP address, UDP protocol, TUN.
Client:
The dd-wrt client, /tmp/openvpncl/openvpn.conf:
Code: Select all
client
dev tun
proto udp
remote usa-id.dyndns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
ns-cert-type server
key /tmp/openvpncl/client.key
comp-lzo
My dd-wrt server file:
/tmp/openvpncl/openvpn.conf
Code: Select all
push "route 192.168.158.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
#add the following 2 lines if you want EVERYTHING routed through here on VPN connect
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
dev tun0
proto udp
keepalive 10 120
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
verb 5
management localhost 5001
Code: Select all
iptables -I INPUT 1 -p udp -dport=1194 -j ACCEPT
iptables -I FORWARD 1 -source=192.168.158.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
The subnet on the server is 192.168.2.x
I copied these profiles from someone else - not sure why I have access the 192.168.2.x server side as both subnet 10.8.0.x and 192.168.158.x addresses on the client side. Is this required????
The setup does not allow the server to access client ipaddresses. The "push" done in the server is done in this instance because there is no direct access to the client config file with this version of dd-wrt.
I would like to be able to access the 192.168.8.x from the client from the 192.168.2.x on the server.
Thanks in advance.