It is currently 01.05.2017 04:24


All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: OpenVPN on DD-WRT behind a telecom provider Router
PostPosted: 18.01.2013 12:25 
DES
DES

Joined: 28.04.2005 10:09
Posts: 2
Hello,
I just configured a openvpn server on my DD-WRT v24-sp2 (08/07/10) std - build 14896 TP-Link TL-WR1043ND.

I am using my telecom providers router (Speedport W 701V) for the dial in so it is the gateway.
So the DD-WRT Router is behind the provider router and connected via cable.
The WAN Port of the DD-WRT is "Assign WAN Port to Switch"

Speedport W 701V (Gateway)
IP: 192.168.0.1 /24
Forwarding port TCP 443 to 192.168.0.2

TP-Link TL-WR1043ND (DD-WRT)
IP: 192.168.0.2 /24
FW: Disabled
Assign WAN Port to Switch

I used this guide to configure the VPN (Sample Setup with Routing):
http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B#Sample_Setup_with_Routing


When I use a UMTS Connection I can connect to my VPN but I have some Routing problems I think. I can only Ping the DD-WRT Router with the VPN Server and no other Clients in the Network or a Internet Site... like google....
Maybe someone can help me here:


This is the VPN Client IP 192.168.66.6

Here is a list of IPs I can Ping or not...:

192.168.66.5 Ping is not working
92.168.66.2 Ping is not working
192.168.0.1 Ping is not working
192.168.0.2 Ping is working
192.168.66.1 Ping is working
192.168.66.6 Ping is working

other Computers,
192.168.0.51 Ping is not working
192.168.0.3 Ping is not working

Here are all Config and Log Files
VPN Server config:

Code:
push "redirect-gateway def1"
server 192.168.66.0 255.255.255.0

dev tun0
proto tcp
port 443
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem



Firewall settings on DD-WRT

Code:
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
 # These next two lines may or may not be necessary.
 # I (dereks) did not need them, but bmatthewshea did.
 # Thus, we include them so that this works for more people:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT



Client Config:

Code:
remote xxx.dyndns.org 443 tcp-client
pull
tls-client
persist-key
ca ca.crt
redirect-gateway def1
nobind
persist-tun
cert cert.crt
dev tun
key key.key
remote-cert-tls server
float
resolv-retry infinite



Client Log:
Code:
Jan 18 12:22:32: OpenVPN 2.2.1 x86_64-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Aug  1 2011
Jan 18 12:22:31: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 18 12:22:31: Attempting to establish TCP connection with 84.159.203.103:443 [nonblock]
Jan 18 12:22:34: TCP connection established with 84.159.203.103:443
Jan 18 12:22:34: TCPv4_CLIENT link local: [undef]
Jan 18 12:22:34: TCPv4_CLIENT link remote: xxx:443
Jan 18 12:22:50: [dd-wrt] Peer Connection Initiated with xxx:443
Jan 18 12:22:53: TUN/TAP device /dev/tun0 opened
Jan 18 12:22:53: /sbin/ifconfig tun0 delete
Jan 18 12:22:53: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Jan 18 12:22:53: /sbin/ifconfig tun0 192.168.66.6 192.168.66.5 mtu 1500 netmask 255.255.255.255 up
Jan 18 12:22:53: Initialization Sequence Completed


Routing Table Client:
Code:
$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1                192.168.66.5       UGSc            2        0    tun0
default            172.20.10.1        UGSc            9        0     en1
84.159.203.103/32  172.20.10.1        UGSc            1        0     en1
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              9    36555     lo0
128.0/1            192.168.66.5       UGSc            3        0    tun0
169.254            link#4             UCS             0        0     en1
172.20.10/28       link#4             UCS             2        0     en1
172.20.10.1        7e:c5:37:6:48:0    UHLWIir         3       30     en1   1051
172.20.10.2        127.0.0.1          UHS             1        0     lo0
172.20.10.15       ff:ff:ff:ff:ff:ff  UHLWbI          0       32     en1
192.168.66.1/32    192.168.66.5       UGSc            0        0    tun0
192.168.66.5       192.168.66.6       UHr             8        0    tun0


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net