routing on dreambox

[radero]

Hi

I have on may LAN 192.168.1.0 a Dreambox satellite receiver which is a linux machine that act a server openvpn (192.168.3.0)
its address is 192.168.1.10. My adsl router is 192.168.1.1. So far on my router adsl i added a static route 192.168.3.0/24 255.255.255.0 gw 192.168.1.10 and from client i could reach each host on the lan server (192.168.1.0).

On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?

server conf:
port 1194
proto tcp
dev tun0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 192.168.3.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
tls-auth /etc/openvpn/keys/delite.key 0
max-clients 10
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 5


client conf

client
dev tun0
proto tcp
remote xxxxxxx.xxxxx
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
tls-auth delite.key 1 verb 5

Thank you

[Traffic]

On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?

If you cannot add routing to the router you can use NAT on the VPN server instead.

To enable NAT on the VPN server:

Code: Select all

iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE

Note: (#1) 192.168.3.0/24 is the VPN subnet range. (#2) eth0 is the local output interface on the vpn server, make sure you select the correct name. (#3) iptables may not be available to your server Linux distro.

[radero]

yes if i write the line you've suggested i get error:

root@vuduo2:~# iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
-sh: iptables: command not found
root@vuduo2:~#

the version is this one:

root@vuduo2:~# cat /proc/version
Linux version 3.13.5 (plnick@build-plnick) (gcc version 4.9.2 (GCC) ) #1 SMP Wed Oct 21 17:14:49 CEST 2015
root@vuduo2:~#

[radero]

Hi Traffic

On the drambox i have added iptables
opkg install iptables

and then your line command and it works .

Now I can reach all the lan 192.168.1.0 fron openvpn clients.

i have another question how can openvpn (192.168.3.0) client can see each other?

I have added in server conf file the line
client-to-client

But no way to see the clients each other

Grazie

[Traffic]

i have another question how can openvpn (192.168.3.0) client can see each other?

Can these clients ping each other ?

[radero]

Sorry i've written wrong.


Actually the vpn clients can't ping to each other.

the question is how is it possible?

Thank you

[Traffic]

Most likely your client firewalls are set to block incoming packets ..

[radero]

Hi

Forgive me but i have another question

Adding : iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE

it works, but as soon as i reboot the decoder enigma2 i have to insert again the command via telnet .

How can I make this command permanent?

or maybe create a script which start each reboot

thank you

[Traffic]

It depends on what system your Linux uses to start .. init, systemd, proprietary ..

There are plenty of tutorials for this on the internet.

[Traffic]

I just noticed this:

Actually the vpn clients can't ping to each other.

the question is how is it possible?

Your server needs to have --client-to-client

[radero]

about start as i said is enigma2 and i think it uses initd, otherwise how can I check? Sorry but linux is not familiar to me.

[Traffic]

how can I check?

Please post details of:

Code: Select all

uname -a

[radero]

root@vuduo2:~# uname -a
Linux vuduo2 3.13.5 #1 SMP Wed Oct 21 17:14:49 CEST 2015 mips GNU/Linux

[Pippin]

Nothing to do with OpenVPN so I don`t know if this gets pass moderation.

On Vuduo I'm not 100% sure but on Gigablue with OpenATV:

Place shell script youriptables.sh in:

Code: Select all

/usr/script

and make it executable.

Create a link in /etc/rc3.d which points to /usr/script/youriptables.sh with:

Code: Select all

ln -s /usr/script/youriptables.sh /etc/rc3.d/S90youriptables

The number 90 determines when the script gets executed during boot.
Obviously you want it to happen after all networking is started.

[radero]

Hi pippin

Thank you for your answer.

I've created a file xxxx.sh, now i've typed in just the instructions :
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
made it with 777 permission

but at reboot it doesnt' work.

Maybe something wrong in the sh file

[Pippin]

It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.

[radero]

It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.

My image is VTI 9.0.1

[Pippin]

This was easy to find, first hit on search.....but here you go:
http://www.vuplus-support.org/wbb3/inde ... post828168

[enigma2user]

Hello guys I just posted a kind of same issue if someone could help me.

Iam well connected to the VPN serveur from my client vu+zero running openatv6.4 but I can not use the public distant ip adress...

I don’t knoW why

Thank you

[TinCanTech]

Please start here: viewtopic.php?f=30&t=22603