heiner
DD-WRT Novice
Joined: 16 Oct 2007
Posts: 1
|
 Posted: Tue Oct 16, 2007 15:17 Post subject: [Prob] WRT54GL as OpenVPN Client - no route for LAN Clients |
 |
Hello,
I have some problems to access the net behind the vpn-server (Windows 2003 SBS R2) from clients behind the WRT (client).
My setup:
OpenVPN (2.1 rc4) on Win2003 as server, route-mode. Network on this side: hamburg (192.168.40.0/24)
WRT with dd-wrt (Release: 10/10/07 (SVN revision: 8151)) as client. Network on this side: berlin (192.168.30.0/24)
VPN: 192.168.238.0/24
The VPN-connection is working, I can connect with a Win XP client and the WRT is connecting, too. But my clients in berlin can't connect to any client in hamburg. The clients are behind the WRT, the WRT is the router of this network, internet is working on the clients, but accessing any client in hamburg (over the working vpn-connection ServerHH<->WRT) isn't - but when i log in my WRT (over ssh) i can ping every client in hamburg....
my server config:
| Code: | port 1194
proto tcp
dev tun
dev-node OpenVPN
comp-lzo
persist-key
persist-tun
tun-mtu 1500
mssfix
server 192.168.238.0 255.255.255.0
push "route 192.168.40.0 255.255.255.0"
push "dhcp-option DNS 192.168.40.1"
push "dhcp-option WINS 192.168.40.1"
push "dhcp-option DOMAIN hamburg.zz"
push "route-delay 2 600"
ifconfig-pool-persist hamburg/ipp.txt
keepalive 10 120
float
max-clients 10
client-to-client
ca hamburg/certs/ca.crt
cert hamburg/certs/server.crt
key hamburg/keys/server.key # This file should be kept secret
dh hamburg/keys/dh1024.pem
tls-auth hamburg/keys/ta.key 0 # This file is secret
cipher AES-256-CBC # AES
tls-cipher DHE-RSA-AES256-SHA
crl-verify hamburg/crl.pem
status hamburg/logs/openvpn-status.log
log hamburg/logs/openvpn.log
|
On the WRT I have enabled the openVPN service and I am useing the following startup script:
| Code: | sleep 10
killall -9 openvpn
( while [ ! -f /tmp/openvpn/route-up.sh ]; do sleep 1; done; \
echo "iptables -t filter -I INPUT -i tun0 -j ACCEPT; iptables -t filter -I FORWARD -i tun0 -j ACCEPT" > /tmp/openvpn/route-up.sh
sleep 5
echo "#!/bin/sh
case \"\$1\" in
up) export action=\"up\" ;;
down) export action=\"down\" ;;
*) echo \"No action specified.\" && exit 1 ;;
esac
if [ \"\$action\" = \"up\" ]; then
mv /tmp/resolv.conf /tmp/resolv.conf.bak
echo "search hamburg.zz" > /tmp/resolv.conf
echo "nameserver 192.168.40.1" >> /tmp/resolv.conf
cat /tmp/resolv.conf.bak >> /tmp/resolv.conf
fi
if [ \"\$action\" = \"down\" ]; then
mv /tmp/resolv.conf.bak /tmp/resolv.conf
fi
" > /tmp/openvpn/resolv.sh
chmod +x /tmp/openvpn/resolv.sh
echo "
client
dev tun
proto tcp
remote myVPN.in.hamburg 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
tun-mtu 1500
mssfix
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/client.crt
ns-cert-type server
key /tmp/openvpn/client.key
tls-auth /tmp/openvpn/ta.key 1
comp-lzo
up \"/tmp/openvpn/resolv.sh up\"
down \"/tmp/openvpn/resolv.sh down\"
route-up /tmp/openvpn/route-up.sh
pull
" > /tmp/openvpn/berlin.conf
echo "
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
" > /tmp/openvpn/ta.key
sleep 5
killall -9 openvpn
sleep 5
openvpn --config /tmp/openvpn/berlin.conf ) & |
the dhcp server and the dns-server are enabled without any special conf. on the WRT, what do I miss????
Thanks for help,
Heiner |
|
