[Old_Codger]

I am trying to get a TP-Link router with dd-wrt to connect devices at a second location over the internet.

I have successfully created a bridge (TAP) between the two routers and can browse the "Home" location from the "Remote" location.

The remote devices get IP addresses from the DHCP server at the home end but for some reason the gateway doesn't survive the trip - here is the ipconfig from my windows laptop at the remote end. NO Gateway address but a correct DNS

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-60-0C-47-10-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2197:6f71:cfe3:c4a4%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 05 August 2017 17:03:52
Lease Expires . . . . . . . . . . : 06 August 2017 17:03:51
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.0.2
DHCPv6 IAID . . . . . . . . . . . : 53239820
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-44-E2-D9-2C-60-0C-47-10-5E
DNS Servers . . . . . . . . . . . : 192.168.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled


The OpenVPN server at the home end is not DD-WRT, it is Netgear's own implementation on their stock firmware for the R7000 and I cannot make any changes to the config there. I can only make changes at the client end (Remote DD-WRT).

For info If I set my Laptop to have a fixed IP address with the same details as above plus adding the gateway as 192.168.0.2 then everything works correctly.

How do I get the client end to pass on the gateway address from the home DHCP server?


====

Old_Codger

[Old_Codger]

This is getting tedious.

I know it is capable of working because if I add a fixed IP address to a client (my laptop) then everything works - but I have a couple of devices at the remote end which will not let me provide fixed IP addresses - I need to use reservations on the DHCP server at the home end.

The problem is definitively that the gateway address provided by the DHCP server at the home end does not survive the trip across the bridge.

Key details:

Remote end
TP-LINK N600 running firmware: DD-WRT v24-sp2 (03/25/13) std Latest "stable" behind an ISP router.
DD-WRT - set to create a BRIDGE to my home end (TAP) successfully gets IP and DNS assigned from home DHCP server
(NO GATEWAY - field is blank) IP address scope 192.168.0.0/24

ISP router network 192.168.10.0/24

Home End
Netgear r7000 running stock netgear firmware with its own implementation of OpenVPN (Firmware Version V1.0.9.6_1.2.19 (up to date)

ISP router dumb cable modem IP address of WAN from Netgear is 80.x.y.z


The Status log on the remote (client) end of the tunnel says:

20170807 20:01:29 PUSH: Received control message: 'PUSH_REPLY route 192.168.0.0 255.255.255.0 route-delay 5 redirect-gateway def1 route-gateway dhcp ping 10 ping-restart 120'
20170807 20:01:29 OPTIONS IMPORT: timers and/or timeouts modified
20170807 20:01:29 NOTE: --mute triggered...
20170807 20:01:29 2 variation(s) on previous 3 message(s) suppressed by --mute
20170807 20:01:29 ROUTE_GATEWAY 192.168.10.1/255.255.255.0 IFACE=vlan2 HWADDR=f8:1a:67:5a:ce:41
20170807 20:01:29 I TUN/TAP device tap1 opened
20170807 20:01:29 TUN/TAP TX queue length set to 100

Which suggests that the route is set:
route 192.168.0.0 255.255.255.0

the gate is redirected: (NB: I've tried this with and without the def1 parameter.)
redirect-gateway def1

the DHCP is redirected
route-gateway dhcp

TAP is established

Not sure what the timeout fails are but for now I have ignored them.

whatever I do the gateway is just not showing in the ipconfig.

IP details: (* is from FIXED config)

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-60-0C-47-10-5E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2197:6f71:cfe3:c4a4%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred) *
Subnet Mask . . . . . . . . . . . : 255.255.255.0 *
Default Gateway . . . . . . . . . : 192.168.0.2 *
DHCPv6 IAID . . . . . . . . . . . : 53239820
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-44-E2-D9-2C-60-0C-47-10-5E
DNS Servers . . . . . . . . . . . : 8.8.8.8 *
8.8.4.4 *
NetBIOS over Tcpip. . . . . . . . : Enabled

Everything works


DHCP supplied (over bridge from home server)

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-60-0C-47-10-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2197:6f71:cfe3:c4a4%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 07 August 2017 20:32:46
Lease Expires . . . . . . . . . . : 08 August 2017 20:32:45
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.0.2
DHCPv6 IAID . . . . . . . . . . . : 53239820
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-44-E2-D9-2C-60-0C-47-10-5E
DNS Servers . . . . . . . . . . . : 192.168.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled

NB: Default Gateway field is blank. I can browse remote network, ping, http, even print but I can't get off the network at the home end.
e.g.
PS C:\WINDOWS\system32> ping 192.168.0.2

Pinging 192.168.0.2 with 32 bytes of data:
Reply from 192.168.0.2: bytes=32 time=49ms TTL=64
Reply from 192.168.0.2: bytes=32 time=48ms TTL=64
Reply from 192.168.0.2: bytes=32 time=48ms TTL=64
Reply from 192.168.0.2: bytes=32 time=48ms TTL=64

Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms

PS C:\WINDOWS\system32> ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.10.3: Destination host unreachable.
Reply from 192.168.10.3: Destination host unreachable.
Reply from 192.168.10.3: Destination host unreachable.
Reply from 192.168.10.3: Destination host unreachable.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
PS C:\WINDOWS\system32>

(Not sure where 192.168.10.3 comes in - it is on the remote end ISPs network which my dd-wrt router connects to. (192.168.10.0/24)

When a fixed IP address is supplied with a valid gateway - everything works as expected....

I saw this on the DD-WRT web interface:

OpenVPN ClientPolicy based Routing:
Add IPs/NETs in the form 0.0.0.0/0 to force clients to use the tunnel as default gateway. One line per IP/NET.
IP Address/Netmask:
Must be set when using DHCP-Proxy mode and local TAP is NOT bridged

So as suggested somewhere I added these routes to the remote/dd-wrt/client end of the BRIDGE:

route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway

no difference.

incidentally the routes which show up in the OpenVPN status log (web gui) are this:


20170807 20:01:35 /sbin/route add -net 86.12.63.20 netmask 255.255.255.255 gw 192.168.10.1
20170807 20:01:35 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.0.1
20170807 20:01:35 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.0.1
20170807 20:01:35 /sbin/route add -net 0.0.0.0 netmask 192.0.0.0 gw 192.168.10.1
20170807 20:01:35 /sbin/route add -net 64.0.0.0 netmask 192.0.0.0 gw 192.168.10.1
20170807 20:01:35 /sbin/route add -net 128.0.0.0 netmask 192.0.0.0 gw 192.168.10.1
20170807 20:01:35 /sbin/route add -net 192.0.0.0 netmask 192.0.0.0 gw 192.168.10.1
20170807 20:01:35 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1
20170807 20:01:35 I Initialization Sequence Completed

But I notice all the gw addresses are the remote gateway (192.168.0.1) not the "home" gateway (102.168.0.2) as (in my ignorance ) I would expect - any suggestions

Please?