I'm looking for some help with routing to a server behind another router. I've spent a few days on this now and am completely stumped.
I'm trying to create a tunnel between two DD-WRT routers.
Main router - 10.10.8.50/24 forwarding UDP port to the OpenVPN Server
OpenVPN Server (behind NAT) - 10.10.8.53/24
OpenVPN Client (public facing) - 10.10.7.1/24
-----------------------------------------------
SERVER CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up
route add -net 10.10.7.0 netmask 255.255.255.0 gw 10.0.0.2
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
CLIENT CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
remote REMOTE IP
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up
route add -net 10.10.8.0 netmask 255.255.255.0 gw 10.0.0.1
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
I've added the following routes to the LAN gateway on the server side.
10.10.7.0/24 10.10.8.53
10.0.0.0/24 10.10.8.53
Machines on the client LAN can ping the server (10.10.8.53) and the main router (10.10.8.50). They cannot ping any of the other machines on the server LAN.
Machines on the server LAN cannot ping anything on the client LAN.
The server router can ping everything on the client side (endpoint/router/machines).
IP forwarding is turned on for both DD-WRT routers, and the firewall is turned off on both routers.
Thanks for any help in advance.
Routing help for OpenVPN server behind NAT
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
wdconnors
- OpenVpn Newbie
- Posts: 3
- Joined: Sun Feb 13, 2011 11:58 pm
-
wdconnors
- OpenVpn Newbie
- Posts: 3
- Joined: Sun Feb 13, 2011 11:58 pm
Re: Routing help for OpenVPN server behind NAT
The DD-WRT server router was getting it's connection to my local network via Wireless Client Bridge. Once I realized that this connection was probably altering the setup in someway, I disabled this and connected ethernet from the main router to the DD-WRT router.
This resolved half of my problem.
I can now get to everything on the client LAN from the server LAN, but still am unable to connect to anything other than the VPN server router from the client LAN.
Any help is appreciated.
This resolved half of my problem.
I can now get to everything on the client LAN from the server LAN, but still am unable to connect to anything other than the VPN server router from the client LAN.
Any help is appreciated.
-
wdconnors
- OpenVpn Newbie
- Posts: 3
- Joined: Sun Feb 13, 2011 11:58 pm
Re: Routing help for OpenVPN server behind NAT
I'm surprised I didn't get anyone to respond with suggestions, but hopefully the following will help someone in the future.
I was pretty sure that the issue was due to NAT. I was using the following rule:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
This did not work. I changed the rule to the following and everything is now working.
iptables -t nat -A POSTROUTING -o ! tun0 -j MASQUERADE
I was pretty sure that the issue was due to NAT. I was using the following rule:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
This did not work. I changed the rule to the following and everything is now working.
iptables -t nat -A POSTROUTING -o ! tun0 -j MASQUERADE