dogboyaa1 DD-WRT Novice
Joined: 25 Feb 2012 Posts: 1
|
Posted: Tue Apr 22, 2014 1:20 Post subject: Guide To Setting Up OpenVPN w/ DNS Resolution |
|
I am not sure if this will work for everyone but after about 2 weeks of playing around I have it working. Figured I will share just incase.
Note: Only issue I have noticed is I do not always get 'short' name dns resolution. Ex: 'dd-wrt' instead of 'dd-wrt.myhome.local'
1: Setup -> Basic Setup
Leave all settings as default
Except check: 'Use DNSMasq for DHCP' 'Use DNSMasq for DNS' and 'DHCP-Authoritative'
2: Services -> Services
Used Domain: LAN & WLAN
LAN Domain: myhome.local (use your own if you wish)
Under DNSMasq: Enable 'DNSMasq', 'Local DNS', and 'No DNS Rebind'
For 'Additional DNSMasq Options' type: interface=br0,tun2
3: Services -> VPN
Enable 'OpenVPN' under 'OpenVPN Server/Daemon'
Start Type: System
Config as: Server
Server mode: Router (TUN)
Network: 192.168.10.0 (or whatever you prefer)
Netmask: 255.255.255.0
Port: 1194 (default but you can change it if you want)
Tunnel Protocol: UDP (I guess you can use TCP as well)
Encryption Cipher: Blowfish CBC (Depends on what you setup)
Hash Algorithm: SHA1 (Same as above)
Advanced Options: Enable
TLS Cipher: None (Depends on what you setup)
LZO Compression: Yes (I’m not sure how this works out)
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Disable
Tunnel MTU setting: 1500
Tunnel UDP Fragment: <blank>
Tunnel UDP MSS-Fix: Disable
<Fill in your Certs and Keys and etc. I’m assuming you have mostly filled this out before.>
Additional Config: <I filled the following out and it worked for me. Assuming your regular network is the default: 192.168.1.1>
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option DOMAIN myhome.local" (this line was critical for me)
keepalive 10 120
*Press Save and Apply*
4: Statues -> OpenVPN
Look for a line that has something to this effect.
‘TUN/TAP device tun<number> opened’
What you want to look for is the tun<number> in my case it was tun2 but it could be different.
5: Administration -> Commands
*This is what I typed in to make it work. Of course yours can be different in particular the ‘tun’ can be different and so can the VPN IP address. Take note of the first line which mentions ‘udp’ and port ‘1194’ if you are not using the default then this could be different. If you used my example and your ‘tun’ is tun2 already you should be able to copy and paste*
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.10.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -t nat -I POSTROUTING -o tun2 -j MASQUERADE
CLICK ‘Save Firewall’
Save and Apply Changes and Reboot Router just incase.
6: Last for the Client Config mine looks like this:
client
remote-cert-tls server
remote <your ip address> 1194
dev tun2
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float
comp-lzo
verb 3
Hope this helps someone out there! |
|