Posted: Sat Oct 21, 2017 15:12 Post subject: Lan Network not accessible to OpenVPN Clients
Hello everyone,
I am new to ddwrt. I need help to configure openvpn server. My current scenario :
Linksys e900 flashed with dd-wrt.v24-21061_NEWD-2_K2.6_big-nv64k. Certificates have been successfully created for the server as well as the client.
Local network : 172.16.8.1
OpenVPN Network : 172.16.10.1
The configuration at server end is as follows :
Start Type : WAN Up
Config as : Server
Server Mode : Router (tun)
Network : 172.16.10.1
Netmask : 255.255.255.0
Port : 1595
Protocol : udp
TLS Cipher : None
Compression : No
Additional config : push "route 172.16.8.0 255.255.255.0"
Server cert, CA cert , Server Key, DH PEM, TLS auth key has been copied.
The client is able to connect successfully through openvpn. I can even access e900 through openvpn. But none of the LAN devices are accessible.
Surprisingly I can access e900 through web browser but I cannot ping e900 (172.16.8.1). Also If traceroute to 172.16.8.X the packets are sent to wan IP of openvpn server (e900) but after that it shows *.
I am completely clueless where am I going wrong. I searched the forum but couldn't find an appropriate solution.
For my openvpn config one thing that i have that i didnt see mentioned in your config is under additional dnsmasque options:
interface=tun2
no-dhcp-interface=tun2
( adjust tun to whatever adapter your openvpn uses weather its tun1 tun2 or tun3 )
In dnsmasque additionl option, I have added the configuration as specified by you. But still couldn't access the LAN network.
If I disable SPI firewall it starts working. I am able to access the LAN Network. I am not sure if it is a right thing to do. Also would like to mention, right now the whole setup is in test environment. The WAN Ip for the e900 (OPENVpn Server ) is 192.168.1.4. I am connecting from OpenVPN client having IP address 192.168.1.6. So may be SPI firewall is blocking as I am using private Network range.
In dnsmasque additionl option, I have added the configuration as specified by you. But still couldn't access the LAN network.
If I disable SPI firewall it starts working. I am able to access the LAN Network. I am not sure if it is a right thing to do. Also would like to mention, right now the whole setup is in test environment. The WAN Ip for the e900 (OPENVpn Server ) is 192.168.1.4. I am connecting from OpenVPN client having IP address 192.168.1.6. So may be SPI firewall is blocking as I am using private Network range.
Any suggestions,
Ashima
I have openvpn set up as well using a private ip network. Did you make sure its a different subnet than 1 where you are and different than your home network? Myself I decided using 10.255.230.0/24 would likely be oddball enough to not match most networks i travel to.
Its also odd that turning spi off allows it to work.