OpenVPN bypass of a DHCP client (Netgear R7000)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
gabedot
DD-WRT Novice


Joined: 19 May 2017
Posts: 5
PostPosted: Wed May 24, 2017 11:16    Post subject: OpenVPN bypass of a DHCP client (Netgear R7000) Reply with quote
Hello!

I want to let every client (Private + Guest) use the VPN connection. Only my Xbox on the Private LAN (192.168.8.101 static dhcp lease) shall use the direct connection.

I have tried already different Tutorials but nothing works at the end.
Can you help me?


That's my Setup:
Netgear R7000 (Firmware: DD-WRT v3.0-r29627 std (05/12/16)) connected to the ISP modem.
ISP LAN: 10.0.0.138. 255.255.255.0
Private LAN: 192.168.8.1 255.255.255.0
Guest Public LAN: 192.168.100.1 255.255.255.0

Bridges:
br0 vlan1, eth1, eth2
br1 wl0.1 (guest wifi)

Routing:
Kernel IP routing table
Code:
Destination       Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0               172.111.253.129 128.0.0.0       UG    0      0        0 tun1
0.0.0.0               10.0.0.138      0.0.0.0         UG    0      0        0 vlan2
10.0.0.0             0.0.0.0         255.255.255.0   U     0      0        0 vlan2
127.0.0.0            0.0.0.0         255.0.0.0       U     0      0        0 lo
128.0.0.0           172.111.253.129 128.0.0.0       UG    0      0        0 tun1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 br0
172.111.253.2   10.0.0.138      255.255.255.255 UGH   0      0        0 vlan2
172.111.253.128 0.0.0.0         255.255.255.192 U     0      0        0 tun1
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 br1


Iptables:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            tcp dpt:https reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:www reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:ssh reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere            tcp dpt:telnet reject-with tcp-reset
DROP       0    --  anywhere             192.168.8.0/24     
ACCEPT     tcp  --  anywhere             192.168.8.0/24      tcp dpt:8118
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
logdrop    udp  --  anywhere             anywhere            udp dpt:route
logdrop    udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere           
logdrop    icmp --  anywhere             anywhere           
logdrop    igmp --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state NEW
ACCEPT     0    --  anywhere             anywhere            state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
logdrop    0    --  anywhere             anywhere            state NEW
ACCEPT     0    --  anywhere             anywhere           
logdrop    0    --  anywhere             anywhere           
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       0    --  anywhere             192.168.8.0/24      state NEW
DROP       0    --  anywhere             anywhere            state NEW
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway
PostPosted: Wed May 24, 2017 13:52    Post subject: Reply with quote
You need a Policy Based Routing with a new table for 192.168.8.101 where the Default Route 0.0.0.0 does not go out tun1, but vlan2

http://www.dd-wrt.com/wiki/index.php/Policy_Based_Routing
Back to top View user's profile Send private message
gabedot
DD-WRT Novice


Joined: 19 May 2017
Posts: 5
PostPosted: Wed May 24, 2017 15:11    Post subject: Reply with quote
thanks for the hint. I tried to run it as a command as follows:

Code:
ip rule add from 192.168.8.101 table 200
ip route add default via 0.0.0.0 dev vlan2 table 200
ip route flush cache


but it does not seem to have an effect. =(

The routing seems not being modified:

route -n doesn't show the new entries.
Maybe my dd-wrt version does not support the ip route command?

Any ideas?
Back to top View user's profile Send private message
gabedot
DD-WRT Novice


Joined: 19 May 2017
Posts: 5
PostPosted: Mon May 29, 2017 19:24    Post subject: Reply with quote
any ideas?
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway
PostPosted: Tue May 30, 2017 4:45    Post subject: Reply with quote
gabedot wrote:
ip rule add from 192.168.8.101 table 200
ip route add default via 0.0.0.0 dev vlan2 table 200
ip route flush cache


The gateway is wrong. It have to be

ip route add default dev vlan2 table 200

or

ip route add default via 10.0.0.138 dev vlan2 table 200
Back to top View user's profile Send private message
gabedot
DD-WRT Novice


Joined: 19 May 2017
Posts: 5
PostPosted: Fri Jun 02, 2017 18:47    Post subject: Reply with quote
hello, I finally have the impression that the problem is not the configuration.

The problem seems to be the combination of the tutorial and the actual dd-wrt Version. Which Netgear R7000 dd-wrt build is really fully stable?

I actually run DD-WRT v3.0-r31980M kongac (05/11/17)
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum