OpenVPN Support Forum

Hi

I have on may LAN 192.168.1.0 a Dreambox satellite receiver which is a linux machine that act a server openvpn (192.168.3.0)
its address is 192.168.1.10. My adsl router is 192.168.1.1. So far on my router adsl i added a static route 192.168.3.0/24 255.255.255.0 gw 192.168.1.10 and from client i could reach each host on the lan server (192.168.1.0).

On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?

server conf:
port 1194
proto tcp
dev tun0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 192.168.3.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
tls-auth /etc/openvpn/keys/delite.key 0
max-clients 10
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 5


client conf

client
dev tun0
proto tcp
remote xxxxxxx.xxxxx
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
tls-auth delite.key 1 verb 5

Thank you

radero wrote:On my new vdsl router i can't add a static route so i can't reach the lan server. On the pc on 192.168.1.0 LAN if i add a static route i can reach them from client.
I need to reach from the client the vdsl router 192.168.1.1.1. How can i do this?

If you cannot add routing to the router you can use NAT on the VPN server instead.

To enable NAT on the VPN server: Note: (#1) 192.168.3.0/24 is the VPN subnet range. (#2) eth0 is the local output interface on the vpn server, make sure you select the correct name. (#3) iptables may not be available to your server Linux distro.

yes if i write the line you've suggested i get error:

root@vuduo2:~# iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
-sh: iptables: command not found
root@vuduo2:~#

the version is this one:

root@vuduo2:~# cat /proc/version
Linux version 3.13.5 (plnick@build-plnick) (gcc version 4.9.2 (GCC) ) #1 SMP Wed Oct 21 17:14:49 CEST 2015
root@vuduo2:~#

Hi Traffic

On the drambox i have added iptables
opkg install iptables

and then your line command and it works .

Now I can reach all the lan 192.168.1.0 fron openvpn clients.

i have another question how can openvpn (192.168.3.0) client can see each other?

I have added in server conf file the line
client-to-client

But no way to see the clients each other

Grazie

radero wrote:i have another question how can openvpn (192.168.3.0) client can see each other?

Can these clients ping each other ?

Sorry i've written wrong.


Actually the vpn clients can't ping to each other.

the question is how is it possible?

Thank you

Most likely your client firewalls are set to block incoming packets ..

Hi

Forgive me but i have another question

Adding : iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE

it works, but as soon as i reboot the decoder enigma2 i have to insert again the command via telnet .

How can I make this command permanent?

or maybe create a script which start each reboot

thank you

It depends on what system your Linux uses to start .. init, systemd, proprietary ..

There are plenty of tutorials for this on the internet.

I just noticed this:

radero wrote:Actually the vpn clients can't ping to each other.

the question is how is it possible?

Your server needs to have --client-to-client

about start as i said is enigma2 and i think it uses initd, otherwise how can I check? Sorry but linux is not familiar to me.

radero wrote:how can I check?

Please post details of:

root@vuduo2:~# uname -a
Linux vuduo2 3.13.5 #1 SMP Wed Oct 21 17:14:49 CEST 2015 mips GNU/Linux

Nothing to do with OpenVPN so I don`t know if this gets pass moderation.

On Vuduo I'm not 100% sure but on Gigablue with OpenATV:

Place shell script youriptables.sh in: and make it executable.

Create a link in /etc/rc3.d which points to /usr/script/youriptables.sh with: The number 90 determines when the script gets executed during boot.
Obviously you want it to happen after all networking is started.

Hi pippin

Thank you for your answer.

I've created a file xxxx.sh, now i've typed in just the instructions :
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
made it with 777 permission

but at reboot it doesnt' work.

Maybe something wrong in the sh file

It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.

Pippin wrote:It depends on your image, mine is OpenATV.
Yours is maybe OpenPLI, VIX, VTI, etc, ??? I don`t know.
Just do a search on ixquick or duckduckgo:
"vuduo yourimagehere startup script init.d symlink" or something like that.

My image is VTI 9.0.1

This was easy to find, first hit on search.....but here you go:
http://www.vuplus-support.org/wbb3/inde ... post828168

Hello guys I just posted a kind of same issue if someone could help me.

Iam well connected to the VPN serveur from my client vu+zero running openatv6.4 but I can not use the public distant ip adress...

I don’t knoW why

Thank you

Please start here: viewtopic.php?f=30&t=22603