Routing help for OpenVPN server behind NAT
Posted: Mon Feb 14, 2011 12:15 am
I'm looking for some help with routing to a server behind another router. I've spent a few days on this now and am completely stumped.
I'm trying to create a tunnel between two DD-WRT routers.
Main router - 10.10.8.50/24 forwarding UDP port to the OpenVPN Server
OpenVPN Server (behind NAT) - 10.10.8.53/24
OpenVPN Client (public facing) - 10.10.7.1/24
-----------------------------------------------
SERVER CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up
route add -net 10.10.7.0 netmask 255.255.255.0 gw 10.0.0.2
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
CLIENT CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
remote REMOTE IP
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up
route add -net 10.10.8.0 netmask 255.255.255.0 gw 10.0.0.1
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
I've added the following routes to the LAN gateway on the server side.
10.10.7.0/24 10.10.8.53
10.0.0.0/24 10.10.8.53
Machines on the client LAN can ping the server (10.10.8.53) and the main router (10.10.8.50). They cannot ping any of the other machines on the server LAN.
Machines on the server LAN cannot ping anything on the client LAN.
The server router can ping everything on the client side (endpoint/router/machines).
IP forwarding is turned on for both DD-WRT routers, and the firewall is turned off on both routers.
Thanks for any help in advance.
I'm trying to create a tunnel between two DD-WRT routers.
Main router - 10.10.8.50/24 forwarding UDP port to the OpenVPN Server
OpenVPN Server (behind NAT) - 10.10.8.53/24
OpenVPN Client (public facing) - 10.10.7.1/24
-----------------------------------------------
SERVER CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up
route add -net 10.10.7.0 netmask 255.255.255.0 gw 10.0.0.2
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
CLIENT CONFIG
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
echo "
remote REMOTE IP
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
echo "
STATIC KEY
" > static.key
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up
route add -net 10.10.8.0 netmask 255.255.255.0 gw 10.0.0.1
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
-----------------------------------------------
I've added the following routes to the LAN gateway on the server side.
10.10.7.0/24 10.10.8.53
10.0.0.0/24 10.10.8.53
Machines on the client LAN can ping the server (10.10.8.53) and the main router (10.10.8.50). They cannot ping any of the other machines on the server LAN.
Machines on the server LAN cannot ping anything on the client LAN.
The server router can ping everything on the client side (endpoint/router/machines).
IP forwarding is turned on for both DD-WRT routers, and the firewall is turned off on both routers.
Thanks for any help in advance.