openvpn can connect just fine but no access to lan

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
emiliospam
DD-WRT Novice


Joined: 14 Jun 2017
Posts: 4
PostPosted: Wed Jun 14, 2017 20:27    Post subject: openvpn can connect just fine but no access to lan Reply with quote
I have an netgear wrn3500l router running openvpn SVN revision 14929.
I can connect to the vpn server just fine but i can't connect to any devices on the lan. The devices are connected to de lan-ports of the router and the vpnrouter is switched to the ispmodem. No wan port al lan ports. DHCP is disabled on the vpnrouter.
Clients behind the vpnrouter have a internet connection and the lan-port of the vpon router has a 192.168.2.0/24 ipadres just like the rest of the network.
vpnpouter config:

push "route 192.168.2.0 255.255.255.0"
server 10.8.0.0 255.255.255.0

dev tun0
proto tcp
tun-mtu 1500
comp-lzo
cipher AES-128-CBC
auth SHA1
keysize 128
key-method 2
tls-server
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

management localhost 5001

Iptable:

iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT
iptables -I FORWARD 1 –source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

vpn client connects without errors but no access to the lan.

I have no idea what i'm doing wrong.
Does anyone have an idea?
Back to top View user's profile Send private message
Sponsor
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Thu Jun 15, 2017 12:07    Post subject: Reply with quote
You sholuld update first because there were lot of changes with OpenVPN since 14929

ftp://ftp.dd-wrt.com/betas/2017/06-01-2017-r32170/netgear-wnr3500lv2/
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Thu Jun 15, 2017 13:41    Post subject: Re: openvpn can connect just fine but no access to lan Reply with quote
emiliospam wrote:
I have no idea what i'm doing wrong.
Does anyone have an idea?

After you update to new build.....

If using local DNS and it works fine on your local network ---
If local network is 192.168.1.0 255.255.255.0
If router IP is 192.168.1.1
If ovpn server network is 10.9.8.0 255.255.255.240

Services / OpenVPN Server
OpenVPN Enable
Start Type WANUp .. use System if this is on WAP
Server Mode Router (TUN)
Network 10.9.8.0
Netmask 255.255.255.240
Port 1194
Tunnel Protocol UDP

Advanced Options Enable
TLS Cipher None
LZO Compression Adaptive
Redirect default Gateway Enabled
Tunnel MTU setting leave at 1500
Tunnel UDP MSS-Fix Enable ... this should be off on the clients

ovpn server Additional Config use only -
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"

If using 'Recursive DNS Resolving' and ovpn server is on main router only use ONLY these in ovpn server Additional Config
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 10.9.8.1"

-----
Services / In Additional DNSMasq Options add
interface=tun2
You can check in the routing table to see if server is using tun2 all routers I use, atheros,
broadcom (including old WRT54G) all use tun2 for ovpn server with new builds
-----
Admin / commands / Saved as Firewall
iptables -t nat -A POSTROUTING -s 10.9.8.0/28 -j MASQUERADE

If ovpn server is on WAP use only
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

-----
If trying to access window shares you will need to open the firewall on the
windows device to allow IPs from 10.9.8.0/28
Back to top View user's profile Send private message
emiliospam
DD-WRT Novice


Joined: 14 Jun 2017
Posts: 4
PostPosted: Thu Jun 15, 2017 17:24    Post subject: Reply with quote
Many thanks.....I'll have a look tommorow!
Back to top View user's profile Send private message
emiliospam
DD-WRT Novice


Joined: 14 Jun 2017
Posts: 4
PostPosted: Thu Jun 15, 2017 19:07    Post subject: No joy Reply with quote
The firMware update failed!

unfortunately de WRN3500L router turns out to be ISP branded.I found a link where i could alter the hex code so that i Can install the firmware. But the link says I should look for code U12H127T00 with an hex editor. But it doesn't seem to find it. That's problem 1.
I have an other spare netgear router but that is the wrn3500 version.
I think i'v seen somewhere that one is no longer supported?
It's running DD-WRT right now.
Maybe time to update to a newer router model? Or do you guys have an other sollution?

If there is no alternative i would like your advice on an other router.

kind regards,

emiliospam
Back to top View user's profile Send private message
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Fri Jun 16, 2017 7:47    Post subject: Reply with quote
seems that there are V1 and V2...
I would give it a try with https://lede-project.org/toh/start?dataflt%5BModel*~%5D=3500

LEDE (OpenWRT) has GUI (luci) support for OpenVPN...
Back to top View user's profile Send private message
emiliospam
DD-WRT Novice


Joined: 14 Jun 2017
Posts: 4
PostPosted: Fri Jun 16, 2017 13:01    Post subject: Reply with quote
хвала!
I'll have a look in the weekend.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum