Author
Message
gabedot DD-WRT Novice Joined: 19 May 2017 Posts: 5
Posted: Wed May 24, 2017 11:16 Post subject: OpenVPN bypass of a DHCP client (Netgear R7000)
Hello!
I want to let every client (Private + Guest) use the VPN connection. Only my Xbox on the Private LAN (192.168.8.101 static dhcp lease) shall use the direct connection.
I have tried already different Tutorials but nothing works at the end.
Can you help me?
That's my Setup:
Netgear R7000 (Firmware: DD-WRT v3.0-r29627 std (05/12/16)) connected to the ISP modem.
ISP LAN: 10.0.0.138. 255.255.255.0
Private LAN: 192.168.8.1 255.255.255.0
Guest Public LAN: 192.168.100.1 255.255.255.0
Bridges:
br0 vlan1, eth1, eth2
br1 wl0.1 (guest wifi)
Routing:
Kernel IP routing table
Code: Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.111.253.129 128.0.0.0 UG 0 0 0 tun1
0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 vlan2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
128.0.0.0 172.111.253.129 128.0.0.0 UG 0 0 0 tun1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
172.111.253.2 10.0.0.138 255.255.255.255 UGH 0 0 0 vlan2
172.111.253.128 0.0.0.0 255.255.255.192 U 0 0 0 tun1
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
Iptables:
Code: Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:www reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:ssh reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with tcp-reset
DROP 0 -- anywhere 192.168.8.0/24
ACCEPT tcp -- anywhere 192.168.8.0/24 tcp dpt:8118
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
logdrop udp -- anywhere anywhere udp dpt:route
logdrop udp -- anywhere anywhere udp dpt:route
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
logdrop icmp -- anywhere anywhere
logdrop igmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
ACCEPT 0 -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
logdrop 0 -- anywhere anywhere state NEW
ACCEPT 0 -- anywhere anywhere
logdrop 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP 0 -- anywhere 192.168.8.0/24 state NEW
DROP 0 -- anywhere anywhere state NEW
Back to top
Sponsor
Per Yngve Berg DD-WRT Guru Joined: 13 Aug 2013 Posts: 6870 Location: Romerike, Norway
Back to top
gabedot DD-WRT Novice Joined: 19 May 2017 Posts: 5
Posted: Wed May 24, 2017 15:11 Post subject:
thanks for the hint. I tried to run it as a command as follows:
Code: ip rule add from 192.168.8.101 table 200
ip route add default via 0.0.0.0 dev vlan2 table 200
ip route flush cache
but it does not seem to have an effect. =(
The routing seems not being modified:
route -n doesn't show the new entries.
Maybe my dd-wrt version does not support the ip route command?
Any ideas?
Back to top
gabedot DD-WRT Novice Joined: 19 May 2017 Posts: 5
Posted: Mon May 29, 2017 19:24 Post subject:
any ideas?
Back to top
Per Yngve Berg DD-WRT Guru Joined: 13 Aug 2013 Posts: 6870 Location: Romerike, Norway
Posted: Tue May 30, 2017 4:45 Post subject:
gabedot wrote: ip rule add from 192.168.8.101 table 200
ip route add default via 0.0.0.0 dev vlan2 table 200
ip route flush cache
The gateway is wrong. It have to be
ip route add default dev vlan2 table 200
or
ip route add default via 10.0.0.138 dev vlan2 table 200
Back to top
gabedot DD-WRT Novice Joined: 19 May 2017 Posts: 5
Posted: Fri Jun 02, 2017 18:47 Post subject:
hello, I finally have the impression that the problem is not the configuration.
The problem seems to be the combination of the tutorial and the actual dd-wrt Version. Which Netgear R7000 dd-wrt build is really fully stable?
I actually run DD-WRT v3.0-r31980M kongac (05/11/17)
Back to top