[SOLVED] Need help with my openVPN Configuration
Posted: Fri Dec 17, 2010 2:16 pm
All,
I need help with my openVPN configuration. Hope to get help here.
I am running a Linksys WRT54Gv4 Router with DD-WRT (15200 vpn-small build) as my openVPN server with the following specs.
WAP IP: 192.168.20 (connected to an internet facing router)
LAN IP: 10.100.2.200/24
There is a another subnet 10.100.1.200/24 connected to the internet facing router that has various devices connected to it, printers, media, file servers, NAS etc.
Here are my OpenVPN Configs
OpenVPN Server Config
#
# BRIDGED OpenVPN Server Config
#
mode server
tls-server
proto udp
port 1194
dev tap0
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem
server-bridge <router IP Address> <mask> <IP Address Start> <IP Address Stop>
push "dhcp-option DOMAIN <hostname>"
push "dhcp-option DNS <local DNS Server>"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-to-client
daemon
keepalive 10 120
tls-auth /tmp/openvpn/ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 1
management localhost 5001
OpenVPN Client Config
#
# BRIDGED OpenVPN Client Config
#
remote <hostname> 1194
client
dev tap0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
verb 1
ns-cert-type server
mute-replay-warnings
tls-client
tls-auth ta.key 1
ca ca.crt
cert DV6-1030-US.crt
key DV6-1030-US.key
cipher AES-256-CBC
comp-lzo
route-gateway <Router IP Address>
redirect-gateway def1
Server Startup Commands
#
# BRIDGED OpenVPN Server Startup Script
#
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Server Firewall Rules
#
# BRIDGED OpenVPN Firewall Script
#
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
From the outside, I am able to connect to the OpenVPN server, and get an IP address assignment. However, I cannot see any of the devices (including the Router acting as the OpenVPN server) on the 'internal' network.
In looking at the tracert (to the router IP) output, it looks like I am still going over the internet to access the internal IP. A visit to the 'whatsmyip.org' site shows the WAN IP of my location, not the WAN IP of the 'home network'. I am guessing that once I address the WAN IP issue, I should be able to see the devices on the 'home network'. Needless to say, even thought I have a 'connection', it is not functional.
Any thoughts on what might be wrong with my configuration. Am I missing something critical, that would help establish the VPN ?
Thanks.
I need help with my openVPN configuration. Hope to get help here.
I am running a Linksys WRT54Gv4 Router with DD-WRT (15200 vpn-small build) as my openVPN server with the following specs.
WAP IP: 192.168.20 (connected to an internet facing router)
LAN IP: 10.100.2.200/24
There is a another subnet 10.100.1.200/24 connected to the internet facing router that has various devices connected to it, printers, media, file servers, NAS etc.
Here are my OpenVPN Configs
OpenVPN Server Config
#
# BRIDGED OpenVPN Server Config
#
mode server
tls-server
proto udp
port 1194
dev tap0
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem
server-bridge <router IP Address> <mask> <IP Address Start> <IP Address Stop>
push "dhcp-option DOMAIN <hostname>"
push "dhcp-option DNS <local DNS Server>"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-to-client
daemon
keepalive 10 120
tls-auth /tmp/openvpn/ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 1
management localhost 5001
OpenVPN Client Config
#
# BRIDGED OpenVPN Client Config
#
remote <hostname> 1194
client
dev tap0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
verb 1
ns-cert-type server
mute-replay-warnings
tls-client
tls-auth ta.key 1
ca ca.crt
cert DV6-1030-US.crt
key DV6-1030-US.key
cipher AES-256-CBC
comp-lzo
route-gateway <Router IP Address>
redirect-gateway def1
Server Startup Commands
#
# BRIDGED OpenVPN Server Startup Script
#
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Server Firewall Rules
#
# BRIDGED OpenVPN Firewall Script
#
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
From the outside, I am able to connect to the OpenVPN server, and get an IP address assignment. However, I cannot see any of the devices (including the Router acting as the OpenVPN server) on the 'internal' network.
In looking at the tracert (to the router IP) output, it looks like I am still going over the internet to access the internal IP. A visit to the 'whatsmyip.org' site shows the WAN IP of my location, not the WAN IP of the 'home network'. I am guessing that once I address the WAN IP issue, I should be able to see the devices on the 'home network'. Needless to say, even thought I have a 'connection', it is not functional.
Any thoughts on what might be wrong with my configuration. Am I missing something critical, that would help establish the VPN ?
Thanks.