[estarna]

Hi there,

Here is my setup:

Netgear NightHawk R70000 running DD-WRT v3.0-r31870M kongac (04/16/17)
R7000 as internal router set to give 10.0.0.x lan addresses
R7000 as OpenVPN server set to give 10.10.0.x vpn addresses
Windows 10 laptop outside using OpenVPN client 2.4.3

Certificates generates and applied on the server config.

I can connect. but no lan. I read in OpenVPN forums and DDWrt that I have to push some commands in Firewall and create some static routes on my R7000.

I'm not an OpenVPN Guru nor DD-WRT.

At this point, this is all new to me. I'm beginning to be lost . here is my config:


*Client config*
client
dev tun
proto udp
remote 162.253.128.26 2255
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
auth-nocache
verb 3


*Server additional config*
push "route 10.0.0.0 255.255.255.0"
server 10.10.0.0 255.255.255.0
dev tun0
keepalive 10 120
push "redirect-gateway def1"


*Firewall commands*
ptables -A INPUT -p udp --dport 2255 -j ACCEPT
iptables -A FORWARD --src 10.10.0.0/24 -j ACCEPT
iptables -A FORWARD --src 10.0.0.00/24 -j ACCEPT
iptables -A FORWARD -i br0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o br0 -j ACCEPT



*Routing table*
default 128.0.0.0 10.9.0.82 UG 0 tun1
default 0.0.0.0 135.0.228.161 UG 0 WAN
10.0.0.0 255.255.255.0 * U 0 LAN & WLAN
10.9.0.1 255.255.255.255 10.9.0.82 UGH 0 tun1
10.9.0.82 255.255.255.255 * UH 0 tun1
10.10.0.0 255.255.255.0 10.0.0.2 UG 0 LAN & WLAN
10.10.0.0 255.255.255.0 * U 0 tun0
20.0.0.0 255.255.255.0 * U 0 wl0.1
128.0.0.0 128.0.0.0 10.9.0.82 UG 0 tun1
135.0.228.160 255.255.255.240 * U 0 WAN
162.253.128.26 255.255.255.255 135.0.228.161 UGH 0 WAN
169.254.0.0 255.255.0.0 * U 0 LAN & WLAN



Some pics here...

https://onedrive.live.com/?authkey=%21AGY74gHQZZ9EtrQ&id=958235AB27D0283C%2167460&cid=958235AB27D0283C

Any more info/log I could include?

Thanks for any inputs.

[Per Yngve Berg]

Can you reach the stations at the lan by ip address?
Have you tried ping?

You have set up a routed VPN, so broadcasts does not traverse.

[estarna]

I cannot reach any lan devices nor by ping or any web interface , in this case QNAP NAS.

My goal for setting up OpenVPN is to reach my lan devices from outside. Did I choose the correct strategy ?

[Per Yngve Berg]

It's probably a routing issue as the VPN is not on your main router with the public ip.

What router do the NAS have as gateway?
Do the main router have all necessary routes?

[estarna]

Answers below... Thanks.

It's probably a routing issue as the VPN is not on your main router with the public ip. A: The R7000 is the main and only router with the VPN server running on it.

What router do the NAS have as gateway? A: 10.0.0.2 (R7000)

Do the main router have all necessary routes? A: This the part I'm not sure of. I've incluedd details in the first post. I can provide more if needed.

[estarna]

Anyone ?

[Per Yngve Berg]