Joined: 14 Jan 2010 Posts: 73 Location: Flint, Michigan
Posted: Mon Aug 19, 2013 21:19 Post subject: dd-wrt openvpn not resolving remote DNS [updated]
UPDATE: Seem to have found success by adding the following rule to iptables with the address changed to match my vpn subnet settings
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
Sorry for jumping the gun on a forum post w/o first exhausting options. As I mention below though, this command was not necessary with my previous EKO build (17084) and I'm not savy enough to see what may have changed in how dd-wrt handles firewall commands.
Quote:
I recently upgraded to a kongmod with VPN. After restoring my settings, I am running into an old error whereby DNS queries from VPN clients will not resolve through the VPN server. Before I simply had the following in my dnsmasq options:
Code:
interface=tun0
Now it seems that newer firmware is using tun2; however, when changing the above code to reflect that, I am still not able to resolve resolve DNS queries. Has anyone run into this problem? What changed between newer and older firmware that would cause resolution issue to crop up again? Several forum postings suggest adding rules to iptables but this was never necessary for me...only the dnsmasq option listed above. Any suggestions here?
Hi. First time poster and pretty new to dd-wrt, and I was hoping I could get a bit of a hand with OpenVPN. I got dd-wrt onto my router just fine, and tried all sorts of different configurations with my OpenVPN and firewall settings. I narrowed down the problem to that my port (1194) seems to be blocked.
The router is a Netgear AC1450 running a DD-WRT v24-sp2 (10/08/14) kongac.
I'm trying to set this up as a bridge, per the guide. My router is 192.168.1.1, and it assigns addresses .2 to .50 to ethernet and WiFi users.
mode server
proto udp
port 1194
dev tap0
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.150
# Gateway (VPN Server) Subnetmask Start-IP End-IP
keepalive 10 120
daemon
verb 5
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
So after I OpenVPN would fail without giving me any info, I tried a telnet test and it failed. I tried other ports (such as the one forwarded for SSH) and that succeeded just fine. I considered the possibility that my ISP blocked 1194 and tried a different port, but that failed all the same (and, when I forwarded 1194 to the SSH server, that succeeded). So it's not the ISP and it's definitely something in the router configuration for that specific port.
I'd appreciate any help that someone can lend me, because with those lines, I can't think of anything else that might cause telnet to just miss the port.
(Obviously, if I can provide any info that might help solve the problem, I'd be glad to do so.)
That solution worked almost perfectly. Immediately after inputting this (with my own keys, of course), I could resolve a connection and got an address in the 192.168.44.x range and was considered in-network for most purposes. Unfortunately, I couldn't connect to the internet at this point, but all I had to do after was change the server mode from "TUN" to "TAP" and the config line from "dev tun2" to "dev tap 2" and everything worked.
Thank you very much. This ended a lot of frustration.
Now my only issue is with my rather lackluster "broadband" speeds.