Posted: Sat Aug 19, 2017 14:49 Post subject: Reach home via OpenVPN. Connecting but cannot see LAN
Hi there,
Here is my setup:
Netgear NightHawk R70000 running DD-WRT v3.0-r31870M kongac (04/16/17)
R7000 as internal router set to give 10.0.0.x lan addresses
R7000 as OpenVPN server set to give 10.10.0.x vpn addresses
Windows 10 laptop outside using OpenVPN client 2.4.3
Certificates generates and applied on the server config.
I can connect. but no lan. I read in OpenVPN forums and DDWrt that I have to push some commands in Firewall and create some static routes on my R7000.
I'm not an OpenVPN Guru nor DD-WRT.
At this point, this is all new to me. I'm beginning to be lost . here is my config:
*Client config*
client
dev tun
proto udp
remote 162.253.128.26 2255
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
auth-nocache
verb 3
*Server additional config*
push "route 10.0.0.0 255.255.255.0"
server 10.10.0.0 255.255.255.0
dev tun0
keepalive 10 120
push "redirect-gateway def1"
*Firewall commands*
ptables -A INPUT -p udp --dport 2255 -j ACCEPT
iptables -A FORWARD --src 10.10.0.0/24 -j ACCEPT
iptables -A FORWARD --src 10.0.0.00/24 -j ACCEPT
iptables -A FORWARD -i br0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o br0 -j ACCEPT
*Routing table*
default 128.0.0.0 10.9.0.82 UG 0 tun1
default 0.0.0.0 135.0.228.161 UG 0 WAN
10.0.0.0 255.255.255.0 * U 0 LAN & WLAN
10.9.0.1 255.255.255.255 10.9.0.82 UGH 0 tun1
10.9.0.82 255.255.255.255 * UH 0 tun1
10.10.0.0 255.255.255.0 10.0.0.2 UG 0 LAN & WLAN
10.10.0.0 255.255.255.0 * U 0 tun0
20.0.0.0 255.255.255.0 * U 0 wl0.1
128.0.0.0 128.0.0.0 10.9.0.82 UG 0 tun1
135.0.228.160 255.255.255.240 * U 0 WAN
162.253.128.26 255.255.255.255 135.0.228.161 UGH 0 WAN
169.254.0.0 255.255.0.0 * U 0 LAN & WLAN
It's probably a routing issue as the VPN is not on your main router with the public ip. A: The R7000 is the main and only router with the VPN server running on it.
What router do the NAS have as gateway? A: 10.0.0.2 (R7000)
Do the main router have all necessary routes? A: This the part I'm not sure of. I've incluedd details in the first post. I can provide more if needed.
Joined: 13 Aug 2013 Posts: 6868 Location: Romerike, Norway
Posted: Sat Aug 26, 2017 6:52 Post subject:
Code:
iptables -A FORWARD --src 10.10.0.0/24 -j ACCEPT
iptables -A FORWARD --src 10.0.0.00/24 -j ACCEPT
These iptables statements are invalid. You have specifies a sub-option '--' without the parent option '-'. You don't need this lines anyway as their interfaces is accepted in the next lines.