Strange issue with internet connection

[zinky]

Hi,

I know it's really hard to read long posts but I will try to be really short.

I've red thousands of posts and manuals but still could not find an answer.

I've set up openvpn connection on my openvpn server (DD-WRT router) and 1 client is connecting to it. The connection is established correctly, BUT NO INTERNET connection is available on client side. If I disconnect OPENVPN on client side Internet connection is working again.I've tried many combinations but still something is missing. The client is openwrt (Linux) and Server ddwrt (Linux).

My OpenVPN network is : 10.8.0.0/24
Tunnel : 10.8.0.1
Client: VPN 10.8.0.9 , LAN 192.168.1.1/24 , WAN 172.29.19.45
Server: OpenVPN 10.8.0.1, LAN 192.168.0.201/24, WAN 195.xxx.xxx.xxx

CLIENT TABLES:

109.175.81.224 172.29.19.45 255.255.255.255 UGH 0 0 0 usb0
172.29.19.44 0.0.0.0 255.255.255.252 U 0 0 0 usb0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 172.29.19.45 0.0.0.0 UG 0 0 0 usb0


CLIENT openvpn.conf

client
dev tun
proto tcp
remote z***.dyndns.org 1194
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
reneg-sec 0
cipher AES-256-CBC
comp-lzo
verb 3
ns-cert-type server

SERVER TABLES

Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 109.175.48.1 0.0.0.0 UG 0 0 0 ppp0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun2
109.175.48.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

SERVER openvpn.conf

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto tcp-server
cipher aes-256-cbc
auth sha1
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
tcp-nodelay
tun-mtu 1500
mtu-disc yes
server 10.8.0.0 255.255.255.0
dev tun2
tun-ipv6
client-config-dir /tmp/openvpn/ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"


CLIENT firewall settings
iptables -A forwarding_rule -i tun0 -j ACCEPT
iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -A output_rule -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT


iptables -t nat -I PREROUTING -p udp -i tun0 -d 10.8.0.9 --dport 1:65535 -j DNAT --to 192.168.1.100:1-65535
iptables -t nat -I PREROUTING -p tcp -i tun0 -d 10.8.0.9 --dport 1:65535 -j DNAT --to 192.168.1.100:1-65535
iptables -t nat -I PREROUTING -p tcp -i tun0 -d 10.8.0.9 --dport 8090 -j DNAT --to 192.168.1.1:8090
iptables -t nat -I PREROUTING -p tcp -i tun0 -d 10.8.0.9 --dport 80 -j DNAT --to 192.168.1.100:80


SERVER firewall settings

iptables -I INPUT 1 -p udp -dport 1194 -j ACCEPT
iptables -I FORWARD 1 -source 192.168.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -I FORWARD 1 -source 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o tun2 -j MASQUERADE


Just let me know what else to put here. But issue is still present with internet connection.

[maikcat]

the NAT rule should be

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Michael.

[zinky]

Thank you very much Michael. You're magician

I've solve this but one more issue remain:

1. On the OpenVPN client side LAN IP 192.168.1.1 is attached device with IP 192.168.1.100 what I need to add in iptables so that user can send SMTP. I've tried with FTP (on 192.168.1.100 )it works but SMTP port 25 or 443 does not. Is there anything else I need to add?

I appreciate your knowlege and help ..