Posted: Tue Feb 03, 2009 8:26 Post subject: SOLVED Proxy traffic over Open VPN Tunnel Using 2 DDWRT v 24
UPDATED:
OKAY FIGURED IT OUT. Ive modified my configs below
See RED.
I Was missing a couple things from both of my config files. I am now able to allow any host behind my routers in Canada to use HULU without PPTP or SSH/Putty. NO Client configs, it's all handled by the routers baby!.
If you find this usefull or need any help with your configs, or have any suggestions to add functionality please post here.
Would love to know if there is a way to add dns routes to my config.
ORIGINAL:
I am trying to route/proxy specifc traffic thru my VPN connection using 2 DDWRT Routers w/ Routed Open VPN implementation. I have successfully made my connection using this guide and have no issues connecting internally.
The reason I am trying to do this is to allow myself access to content not otherwise accessible in Canada thru my connection (gateway) in the US. I realize i may have issues with video streaming but I still want to give it a try.
I realize I could use the built in PPTP server or SSH/Putty to create a connection but I'd like to avoid this if possible.
The goal is to allow all of my machines in my Canadian subnet access to these restricted sites without configuring and toggling a software VPN connection.
Here is my setup..
USA (Open VPN CLIENT 192.168.10.1) <-(VPN)-> Canada (Open VPN SERVER 192.168.0.1)
Ideally Id like my router in Canada to recognize a request for HULU or NBC (Via DNS request) and pass that request thru my vpn to my US gataway and then return the content.
Or
Configure my Proxy settings in my browser to use my remote VPN gateway (192.168.10.1) to access these sites. In which case I would need to configure this gateway to act as a proxy.
Im not sure if this is complicated or I am missing something simple but I have been searching for days for a solution.
Could it be a firewall rule? YES Partly
Any help would be greatly appreciated.
Below are my config files:
SERVER CONFIG - CANADA
# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
# Config for Site-to-Site SiteA-SiteB
echo "
proto udp
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
# Catch Hulu Stream and route thru vpn
# Do a netstat to determine which subnet they are using. Hint: look for connections on port 1935.
# Note: As of the writing of this i could only find one subnet in use, If they ever change this in the future you will have to add / change / modify these next line
route add -net X.X.X.0 netmask 255.255.255.0 gw 10.0.0.2
# Hulu Geo Check Servers
# Hulu does a check on your ipaddress,
# You must catch this traffic and route thru your vpn connection as they check the RTSP stream for ip address validity.
# (http://releasegeo.hulu.com/geoCheck)
# Hint: do an nslookup to determine the subnet of the geo check servers.
# I have 2 entries here as they use round robin dns to alternate between two subnets, do a couple ns lookups to determine yours.
# Note: if they ever change this in the future you will have to add / change / modify these next 2 lines.
route add -net X.X.X.0 netmask 255.255.255.0 gw 10.0.0.2
route add -net X.X.X.0 netmask 255.255.255.0 gw 10.0.0.2
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
Posted: Thu Feb 10, 2011 18:22 Post subject: I am facing a similar issue...
Hi,
I am facing a similar issue and wonder if you could help me?
(Sniffer) <--- (Router A) <---VPN--- (Router B) <--- (HUB) <--- Traffic
My setup is between 2 DD-WRT routers which create a VPN link between 2 sites. One end of the VPN (Router B) will be in a client network which is where the traffic needs to be routed from. I plan to tap into the traffic that i need via a Hub and Router B will be directly connected to this Hub. The other end of the VPN link, will be in my remote location where i will be running a sniffer (Behind Router A). I want Router B to accept traffic from any sender and route that packet through my VPN so that my remote sniffer can process it so i can provide services.
During testing, this does work for traffic that is routed through Router B, but i found that the router is dropping packets at the MAC layer when the packets do not have Router B's MAC set as their destination. So the approach that was taken so far was to set Router B into Promiscuous mode to accept all packets.
Are there any other ways to accomplish this? Can anyone shed any light?
Has anyone got promiscuous mode to work?