DD-WRT Connected to VPN but cannot browse the internet
Posted: Sat Jul 20, 2013 10:27 am
Hi,
I hope somebody will help to find solution how to access the internet when iam connected to openvpn server.
After successful connection to OpenVPN i can surf web but my public ip is not changing.
Adding push "redirect-gateway def1" i can still connect to server but web is inaccessible.
Below are my configs
Port forwarding: 78.xxx.xxx.xxx both tcp and udp 1194
SERVER CFG
push "route 192.168.54.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
push "redirect-gateway def1"
server 10.8.0.0 255.255.255.0
#push "dhcp-option DNS 192.168.66.1"
#server 192.168.66.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
cipher AES-128-CBC
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 16
--------------------------------------------------
CLIENT CFG
client
dev tun0
#Network Settings
proto udp
remote 78.xxx.xxx.xxx 1194
#remote 192.168.1.1 1194
remote-cert-tls server
#Auth Settings
;auth-user-pass
#Connection
resolv-retry infinite
nobind
float
verb 3
#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 2
#Certificate Settings
ca ca.crt
cert xxx.crt
key xxx.key
cipher AES-128-CBC
persist-key
persist-tun
--------------------------------------------------
FIREWALL RULES
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
#iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o tun0 -j MASQUERADE
--------------------------------------------------
I can provide iptables and route table
Hope you guys can help me with this
I hope somebody will help to find solution how to access the internet when iam connected to openvpn server.
After successful connection to OpenVPN i can surf web but my public ip is not changing.
Adding push "redirect-gateway def1" i can still connect to server but web is inaccessible.
Below are my configs
Port forwarding: 78.xxx.xxx.xxx both tcp and udp 1194
SERVER CFG
push "route 192.168.54.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
push "redirect-gateway def1"
server 10.8.0.0 255.255.255.0
#push "dhcp-option DNS 192.168.66.1"
#server 192.168.66.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
cipher AES-128-CBC
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 16
--------------------------------------------------
CLIENT CFG
client
dev tun0
#Network Settings
proto udp
remote 78.xxx.xxx.xxx 1194
#remote 192.168.1.1 1194
remote-cert-tls server
#Auth Settings
;auth-user-pass
#Connection
resolv-retry infinite
nobind
float
verb 3
#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 2
#Certificate Settings
ca ca.crt
cert xxx.crt
key xxx.key
cipher AES-128-CBC
persist-key
persist-tun
--------------------------------------------------
FIREWALL RULES
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
#iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o tun0 -j MASQUERADE
--------------------------------------------------
I can provide iptables and route table
Hope you guys can help me with this