All client traffic through the VPN not working (Buffalo/DD-WRT)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dast
OpenVpn Newbie
Posts: 3
Joined: Tue Sep 05, 2017 3:21 pm

All client traffic through the VPN not working (Buffalo/DD-WRT)

Post by dast » Tue Sep 05, 2017 3:30 pm

Hi,

I have a "Buffalo WZR-HP-G300NH" router running DD-WRT.

Now, I have configured the OpenVPN server inside DD-WRT so that all client traffic should go through the VPN.
Connecting from my mobile phone (Android) and my Ubuntu notebook to any IP-adress inside my local network at home works fine,
but connecting any other web side outside my local network at home (e.g. google.com, ...) will fail.

Here is the OpenVPN server config file:

Code: Select all

port 1194
proto udp
dev tun0
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.11.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
cipher AES-256-CBC
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
And here the client config file:

Code: Select all

client
dev tun
proto udp
remote mynet.ddns.net 1194
persist-key
ca ca.crt
cert galaxy.crt
key galaxy.key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
And here the iptables rules:

Code: Select all

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I INPUT 3 -i tun0 -j ACCEPT
iptables -I FORWARD 3 -i tun0 -o tun0 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
Is there anything I have done wrong?

Thanks and regards,
Daniel.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: All client traffic through the VPN not working (Buffalo/DD-WRT)

Post by TinCanTech » Tue Sep 05, 2017 3:59 pm

dast wrote:push "dhcp-option DNS 10.8.0.1"
Is this a DNS server ?

If not push google DNS servers or something you know is a DNS server.

dast
OpenVpn Newbie
Posts: 3
Joined: Tue Sep 05, 2017 3:21 pm

Re: All client traffic through the VPN not working (Buffalo/DD-WRT)

Post by dast » Tue Sep 05, 2017 8:10 pm

I changed it to

Code: Select all

push "dhcp-option DNS 8.8.8.8"
(Google DNS), but it doesn't work :(

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: All client traffic through the VPN not working (Buffalo/DD-WRT)

Post by TinCanTech » Tue Sep 05, 2017 8:31 pm

dast wrote:it doesn't work
You don't know that ..

And, as you don't seem to understand why, I will presume you cannot answer this:
TinCanTech wrote:
dast wrote:push "dhcp-option DNS 10.8.0.1"
Is this a DNS server ?
And repeat this:
TinCanTech wrote:push google DNS servers or something you know is a DNS server.
Also, please add your log files at --verb 4

See --log & --verb in The Manual v24x

dast
OpenVpn Newbie
Posts: 3
Joined: Tue Sep 05, 2017 3:21 pm

Re: All client traffic through the VPN not working (Buffalo/DD-WRT)

Post by dast » Wed Sep 06, 2017 9:04 pm

TinCanTech wrote:
dast wrote:it doesn't work
You don't know that ..
That's true! Sorry for that ...
TinCanTech wrote:And, as you don't seem to understand why, I will presume you cannot answer this:
TinCanTech wrote:
dast wrote:push "dhcp-option DNS 10.8.0.1"
Is this a DNS server ?
And repeat this:
TinCanTech wrote:push google DNS servers or something you know is a DNS server.
I thought 10.8.0.1 is the VPN-Server on my Buffalo-Router (in DD-WRT) and so it will be forwarded to the configured DNS-Server(s) in the Buffalo Router.
But now I replaced it with the Google DNS-Server 8.8.8.8, which I am also using in my Buffalo Router and which seems to work fine.
But maybe I misunderstand something here?!
TinCanTech wrote:Also, please add your log files at --verb 4

See --log & --verb in The Manual v24x
Here is the OpenVPN log:

Code: Select all

root@DD-WRT:~# tail /tmp/openvpn.log  -f
Wed Sep  6 22:53:47 2017 us=688069 TUN/TAP TX queue length set to 100
Wed Sep  6 22:53:47 2017 us=688415 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Sep  6 22:53:47 2017 us=697775 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Sep  6 22:53:47 2017 us=735199 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep  6 22:53:47 2017 us=736731 Socket Buffers: R=[114688->131072] S=[114688->131072]
Wed Sep  6 22:53:47 2017 us=737084 UDPv4 link local (bound): [undef]:1194
Wed Sep  6 22:53:47 2017 us=737207 UDPv4 link remote: [undef]
Wed Sep  6 22:53:47 2017 us=737333 MULTI: multi_init called, r=256 v=256
Wed Sep  6 22:53:47 2017 us=737960 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Sep  6 22:53:47 2017 us=738273 Initialization Sequence Completed
Wed Sep  6 22:55:09 2017 us=415961 MULTI: multi_create_instance called
Wed Sep  6 22:55:09 2017 us=416378 213.162.68.133:43158 Re-using SSL/TLS context
Wed Sep  6 22:55:09 2017 us=416532 213.162.68.133:43158 LZO compression initialized
Wed Sep  6 22:55:09 2017 us=417727 213.162.68.133:43158 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep  6 22:55:09 2017 us=417933 213.162.68.133:43158 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep  6 22:55:09 2017 us=418342 213.162.68.133:43158 TLS: Initial packet from 213.162.68.133:43158, sid=3c6eaf01 c7ed39ad
Wed Sep  6 22:55:10 2017 us=75942 213.162.68.133:43158 VERIFY OK: depth=1, /C=AT/ST=Bundesland/L=Ort/O=MyOrg/OU=changeme/CN=Zuhause/name=changeme/emailAddress=mein.mail_mail.com
Wed Sep  6 22:55:10 2017 us=79311 213.162.68.133:43158 VERIFY OK: depth=0, /C=AT/ST=Bundesland/L=Ort/O=MyOrg/OU=changeme/CN=MeinHandy/name=changeme/emailAddress=mein.mail_mail.com
Wed Sep  6 22:55:10 2017 us=259048 213.162.68.133:43158 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep  6 22:55:10 2017 us=259263 213.162.68.133:43158 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep  6 22:55:10 2017 us=259413 213.162.68.133:43158 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep  6 22:55:10 2017 us=259559 213.162.68.133:43158 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep  6 22:55:10 2017 us=308175 213.162.68.133:43158 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Wed Sep  6 22:55:10 2017 us=308482 213.162.68.133:43158 [MeinHandy] Peer Connection Initiated with 213.162.68.133:43158
Wed Sep  6 22:55:10 2017 us=309199 MeinHandy/213.162.68.133:43158 MULTI: Learn: 10.8.0.6 -> MeinHandy/213.162.68.133:43158
Wed Sep  6 22:55:10 2017 us=309366 MeinHandy/213.162.68.133:43158 MULTI: primary virtual IP for MeinHandy/213.162.68.133:43158: 10.8.0.6
Wed Sep  6 22:55:10 2017 us=311472 MeinHandy/213.162.68.133:43158 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep  6 22:55:10 2017 us=312171 MeinHandy/213.162.68.133:43158 SENT CONTROL [MeinHandy]: 'PUSH_REPLY,route 192.168.11.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Sep  6 22:56:03 2017 us=886218 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Wed Sep  6 22:56:14 2017 us=42320 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)

Post Reply