[DIY] Configure OpenVPN on newer releases DD-WRT (GUI Style)

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3
Author Message
can't flash
DD-WRT User


Joined: 14 Jan 2010
Posts: 70
Location: Michigan, USA

PostPosted: Mon Aug 19, 2013 21:19    Post subject: dd-wrt openvpn not resolving remote DNS [updated] Reply with quote
UPDATE: Seem to have found success by adding the following rule to iptables with the address changed to match my vpn subnet settings
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE

Sorry for jumping the gun on a forum post w/o first exhausting options. As I mention below though, this command was not necessary with my previous EKO build (17084) and I'm not savy enough to see what may have changed in how dd-wrt handles firewall commands.

Quote:
I recently upgraded to a kongmod with VPN. After restoring my settings, I am running into an old error whereby DNS queries from VPN clients will not resolve through the VPN server. Before I simply had the following in my dnsmasq options:
Code:
interface=tun0

Now it seems that newer firmware is using tun2; however, when changing the above code to reflect that, I am still not able to resolve resolve DNS queries. Has anyone run into this problem? What changed between newer and older firmware that would cause resolution issue to crop up again? Several forum postings suggest adding rules to iptables but this was never necessary for me...only the dnsmasq option listed above. Any suggestions here?
[/i]
_________________
Linksys E3000
DD-WRT v3.0-r31277 mega
Release: 02/17/2017 (SVN revision: 31277)
dd-wrt.v24-31277_NEWD-2_K3.x_mega-e3000.bin

Netgear R7000
DD-WRT v3.0-r29300M kongac
Release: 03/30/2016 (SVN revision: 29300)
dd-wrt.v24-K3_AC_ARM_STD.bin
Sponsor
ldv
DD-WRT Novice


Joined: 19 Nov 2014
Posts: 2

PostPosted: Wed Nov 19, 2014 17:37    Post subject: Reply with quote
Hi. First time poster and pretty new to dd-wrt, and I was hoping I could get a bit of a hand with OpenVPN. I got dd-wrt onto my router just fine, and tried all sorts of different configurations with my OpenVPN and firewall settings. I narrowed down the problem to that my port (1194) seems to be blocked.

The router is a Netgear AC1450 running a DD-WRT v24-sp2 (10/08/14) kongac.

I'm trying to set this up as a bridge, per the guide. My router is 192.168.1.1, and it assigns addresses .2 to .50 to ethernet and WiFi users.

My Firewall is saved with:
Code:
iptables -A INPUT -i tap0 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT


My Additional config reads:
Code:
mode server
proto udp
port 1194
dev tap0
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.150
 # Gateway (VPN Server)   Subnetmask   Start-IP   End-IP
keepalive 10 120
daemon
verb 5
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem


So after I OpenVPN would fail without giving me any info, I tried a telnet test and it failed. I tried other ports (such as the one forwarded for SSH) and that succeeded just fine. I considered the possibility that my ISP blocked 1194 and tried a different port, but that failed all the same (and, when I forwarded 1194 to the SSH server, that succeeded). So it's not the ISP and it's definitely something in the router configuration for that specific port.

I'd appreciate any help that someone can lend me, because with those lines, I can't think of anything else that might cause telnet to just miss the port.

(Obviously, if I can provide any info that might help solve the problem, I'd be glad to do so.)
shpitz461
DD-WRT User


Joined: 28 Oct 2012
Posts: 132

PostPosted: Fri Nov 21, 2014 14:35    Post subject: Reply with quote
Hi idv, this is what I have configured on mine (Buffalo WZR-D1800H) and it works great. See screenshots.

This is my config file (client):

Code:
client
remote-cert-tls server
remote "<your hostname/ip here>" 443
dev tun2
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC



vpn02.png
 Description:
 Filesize:  34.85 KB
 Viewed:  3431 Time(s)

vpn02.png



vpn01.png
 Description:
 Filesize:  62.81 KB
 Viewed:  3431 Time(s)

vpn01.png


ldv
DD-WRT Novice


Joined: 19 Nov 2014
Posts: 2

PostPosted: Wed Dec 03, 2014 12:38    Post subject: Reply with quote
shpitz461:

That solution worked almost perfectly. Immediately after inputting this (with my own keys, of course), I could resolve a connection and got an address in the 192.168.44.x range and was considered in-network for most purposes. Unfortunately, I couldn't connect to the internet at this point, but all I had to do after was change the server mode from "TUN" to "TAP" and the config line from "dev tun2" to "dev tap 2" and everything worked.

Thank you very much. This ended a lot of frustration.

Now my only issue is with my rather lackluster "broadband" speeds.
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum