Posted: Tue Jul 19, 2016 20:55 Post subject: Setting up openVPN
I have tried to understand this stuff for the past 2 weeks and everything I think i get somewhere, i go back to step 1.
I went into OpenVPN, enable server, start type is WAN up, and the default config is "Daemon" (not sure if thats what it needs to be?)
I entered in the CA, Public CA, Private Key, DH PEM.
under additional config, i have the following:
"push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.1 255.255.255.0
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001"
Is that correct? The "Push" Route 192.168.20.1 is my local IP Address. The dhcp-option, i just used googles 8.8.8.8 BUT i have no idea if thats correct or not? The Server 10.8.0.1 is just a made up number (i think i read thats what openvpn default it).
As for the hd, ca, cert, key...do i need to change any of those? When i had the server set up on my computer those were pointing to the folder on my computer. Now with this on the router, i am assuming that it is correct but i have no idea?
I didnt't change anything else on the router except for the firewall:
I have all the certificates you mentioned + tls
my config is:
script-security 2
management 127.0.0.1 14
mode server
push "dhcp-option DNS 192.168.1.1"
daemon
persist-key
persist-tun
verb 3
ca /tmp/openvpn/ca.crt
dh /tmp/openvpn/dh.pem
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
tls-auth /tmp/openvpn/ta.key 0
port 1194
proto tcp-server
dev tap0
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.105
push "redirect-gateway def1"
cipher AES-128-CBC
comp-lzo
tls-server
keepalive 10 120
client-to-client
my startup configuration
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
my firewall
iptables -t nat -I PREROUTING -p tcp --dport 1194 -d 192.168.1.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d `nvram get wan_ipaddr` --dport 1194 -j ACCEPT _________________ Netgear R9000 main router
RAX80 as AP
Thanks for posting your config file. that is what i have been trying to do is copy people's config file in order to make mine work but still haven't had any luck. I would copy yours but it mentions bridging and i have mine set up as my main router. Do you know if this is correct?
push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.1 255.255.255.0
When i had my stock firmware, there was a place to change the DNS, if need be. I cant find anywhere on the DD-WRT firmware where the DNS can be changed. The is the first time diving into DNS as well so i'm really not sure if that is correct or if it even matters?
My wireless is slower, dont know if its because of the DNS or could be something else...
I'm pretty much stuck with getting OpenVPN working on my R7000. I followed the instructions on the linked site (substituting the 192.168.x.x networks for the 10.x.x.x ones) but can't seem to get this thing working quite right.
I can connect in using my Android phone but can't reach anything once the session is established. I'm pretty sure it's something with my iptables rules but can't quite figure out what.