Posted: Mon Nov 07, 2016 10:13 Post subject: OpenVPN, no internet
I’m trying to create a VPN tunnel with OpenVPN, but I can’t get it to work. It is building the connection but I don’t have internet access with the VPN. I tried several configurations which I found on this forum and followed some tutorials but it doesn’t work.
I have to say that I also use dd-wrt to directly connect with my Fiber provider (KPN) which results in some different VLAN for the internet. I used this topic to set it up for internet so I can image that I also need some different settings for the VPN:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=930420
I also tried to add this line, but it didn’t make a difference:
Code:
iptables -t nat -A POSTROUTING -s 192.168.77.0/24 -o eth0 -j SNAT --to-source $(nvram get wan_ipaddr)
Startup script (needed for fiber connection):
Code:
stopservice wan
nvram unset vlan2ports
nvram set vlan1ports="3 4 8*"
nvram set wan_ifname2=vlan6
nvram set pppoe_ifname=vlan6
nvram set wan_default=vlan6
nvram set wan_ifnames=vlan6
nvram set wan_ifname=vlan6
nvram set pppoe_wan_ifname=vlan6
nvram commit
ifconfig vlan6 up
ifconfig vlan4 up
ifconfig vlan7 up
startservice wan
OpenVPN settings:
Code:
Start Type: Wan up
config as: Server
Server mode: Router (TUN)
network: 192.168.77.0
netmask: 255.255.255.0
port: 443
tunnel protocol: TCP
Config OPEN vpn:
Code:
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
server 192.168.77.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
I think you're okay security-wise with those rules. FWIW the OpenVPN tab in r30805 and recent builds sets up all the necessary firewall rules except for the MASQUERADE/SNAT rule that allows WAN access. _________________ [Broadcom] Asus rt-ac66u r35531 ('66 should only be factory reset through the DD UI)
Fix RT-AC66U "wl1 [2.4 GHz TurboQAM]". DD-WRT failsafe UI @ http|https://169.254.255.1/
I updated my router to build 30880 but not everything seems to work the same way. I first tried the openvpn without the extra rules but that didn't work at all, so aparently it is still needed to add extra rules. If I add the rules listed above everything is working fine expect the fact that I can't access the router itself from a vpn client. I tried to search for a solution but couldn't find anything, al the guides are for older builds. Is there something that needs to be set in V3 builds to access the router from a vpn client?
, I'm now using these routing rules: