[DwanyeDibbley]

Hi,

I have configured my Netgear WNDR3700 V1 with DD-WRT v24 SP2 and manually set-up an OpenVPN client.

The client is connecting and from the DD-WRT shell I can ping IP addresses on the remote side.

The problem that I have is that devices connected to the routers Ethernet ports are not being routed to the VPN tun1 when necessary.

NOTE: I would like all connected devices to root only the IPs in the VPN route list automatically, all other IPs should go via the local gateway.

The firewall is enabled as devices on the other side of this router should not have access to VPN.

I'm guessing some manual configuration of routing between 192.168.2.x <--> tun1 needs sorted?

Unfortunately this is where my experience runs out. All help greatly appreciated.

Cheers!

[DwanyeDibbley]

Some more information to go with this - maybe it will help.

When I say manually configured I mean configured via the DD-WRT GUI. That is to say I haven't used any scripts to automate configuration of the VPN client.

When the client connects the VPN server pushes a load of routing rules which I can see configured when I run the 'route' command.

Heres a small sample:

Destination Gateway Genmask Flags Metric Ref Use Iface
default BThomehub.home 0.0.0.0 UG 0 0 0 ath0
10.1.0.0 10.8.0.205 255.255.254.0 UG 0 0 0 tun1
10.1.10.0 10.8.0.205 255.255.254.0 UG 0 0 0 tun1
10.1.20.0 10.8.0.205 255.255.254.0 UG 0 0 0 tun1
10.8.0.205 * 255.255.255.255 UH 0 0 0 tun1
192.168.1.0 * 255.255.255.0 U 0 0 0 ath0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0

ath0 is connected via client mode to my ISP router. Devices connected to the LAN ports of the DD-WRT router are on 192.168.2.0

What seems to be confusing me is the difference between IPTABLES and ROUTES. My understanding is that IPTABLES are used to control traffic going across the NAT but as far as I can tell NAT traversal is already handled since the VPN connection is open and active.

As the VPN client has already created routing rules automatically I don't want to replicate these rules (it's better that they are created automatically, they may change in future).

Why does a ping from a 192.168.2.x device on the LAN ports to 10.1.x.x not get picked up by one of the existing rules? Is this a IPTABLES thing? Disabling the firewall makes not difference as I would expect.

[DwanyeDibbley]

*bump*

Security --> Log Management with everything turned on shows nothing for NAT activity so that's no use.

tracert to a 10.x.x.x host form a device on 192.168.2.x stops at 192.168.2.1.

traceroute to a 10.x.x.x host from dd-wrt shell routes to 10.8.0.1 (route rule pushed by VPN server) and onto the final host destination.

It seems iptables tracing is not available so I'm not sure how one goes about debugging these types of issues.

[DwanyeDibbley]

*bump*

I really could do with hand to get this working.

I have tried with the NAT enabled/disabled and also tried:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

From the command line (having connected via telnet)

The client seems connected as I can ping a host on the remote side from the DD-WRT command line. But no machines on the local LAN can ping through DD-WRT. They stop at 192.168.2.1 (which is the routers local ip).