gilgongo DD-WRT Novice
Joined: 18 Jan 2008 Posts: 13
|
Posted: Thu Jun 21, 2012 12:08 Post subject: WAP connecting hosts to VPN? |
|
I'm running v24-sp2 (08/07/10, svn 14896) on Broadcom, set up as a WAP according to this excellent guide:
http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
The WAP is also configured to get its IP, DNS and gateway via the DHCP server on the LAN (using a startup script in the above guide).
I'd like the WAP to be a gateway to my company's openvpn server for machines that connect to the WAP's SSID (which has a different name to the main WLAN).
So, I've set up the openvpn client on the WAP. If I log in to the WAP and run a traceroute, it looks like this - which shows packets going out via the VPN:
Code: |
traceroute to ds-eu-fp3.wa1.b.yahoo.com (87.248.122.122), 30 hops max, 38 byte packets
1 10.8.1.1 (10.8.1.1) 24.988 ms 23.487 ms 30.255 ms
2 80-x-x-x.domain.co.uk (80.x.x.x) 30.486 ms 23.702 ms 23.598 ms
3 89-x-x-x.domain.co.uk (89.x.x.x) 24.062 ms 24.394 ms 24.132 ms
4 te3-3.cr02.man.bytemark.co.uk (91.223.58.78) 24.549 ms 25.022 ms 23.856 ms
5 gi5-2.cr01.sov.bytemark.co.uk (91.223.58.77) 45.060 ms 45.099 ms 42.753 ms
6 ge-3-3-0.pat1.tc2.yahoo.com (195.66.236.129) 35.883 ms 31.229 ms 36.459 ms
7 ge-1-1-0.pat1.the.yahoo.com (66.196.65.0) 74.837 ms 31.318 ms 33.783 ms
8 as-0.pat2.ams.yahoo.com (66.196.65.66) 37.130 ms 38.067 ms 41.704 ms
9 xe-0-1-0.msr1.ch1.yahoo.com (66.196.65.69) 69.082 ms 66.774 ms 73.075 ms
10 te-8-4.bas-a1.ch1.yahoo.com (87.248.127.9) 65.216 ms te-8-4.bas-a2.ch1.yahoo.com (87.248.127.11) 61.922 ms 61.873 ms
|
The route command shows this:
Code: |
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.1.5 * 255.255.255.255 UH 0 0 0 tun0
80.x.x.x DD-WRT 255.255.255.255 UGH 0 0 0 br0 <== The VPN server's IP
10.8.1.1 10.8.1.5 255.255.255.255 UGH 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.8.1.5 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.8.1.5 128.0.0.0 UG 0 0 0 tun0
default DD-WRT 0.0.0.0 UG 0 0 0 br0
|
Machines connected to the WAP's SSID don't get their traffic routed through the VPN, they go through the LAN like all other machines on the network.
Does anyone know how I can get the WAP to pass traffic from its connected machines through the VPN? I'm looking at various resources here, but I'm having trouble understanding where I should start.
Is it a DHCP thing (the WAP to allocate addresses on the VPN's subnet?) or a static route thing, iptables, or something else I need to look at?
Any clues much appreciated. |
|