OpenVPN problem: iptables dropping tun0

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
LeftyAce
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 2
PostPosted: Thu Oct 19, 2017 3:01    Post subject: OpenVPN problem: iptables dropping tun0 Reply with quote
Hi all,

I'm trying to set up an OpenVPN server on my router (so I can use my home connection as a secure tunnel if I'm connected to un-trusted coffee shop wifi).

I have the client and server set up, and I can connect to the server from outside.

The problem is that after I connect, I cannot go anywhere, and checking dmesg on the router reveals that it is dropping everything that comes in on tun0:

Code:

#dmesg
[78456.782338] DROP IN=tun0 OUT=eth0 MAC= SRC=10.8.0.6 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=205 DF PROTO=ICMP TYPE=8 CODE=0 ID=2581 SEQ=2


I have the following set of iptables commands:

Code:

iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
 # Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT


I'm using this code in the router's OpenVPN config to force all traffic through the vpn:
Code:

# Force all traffic through the VPN
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"


Is there any way to verify that those itpables rules are active, and that they are the only ones active?

Any ideas why iptables is dropping everything?

Thanks,

Lefty
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6868
Location: Romerike, Norway
PostPosted: Thu Oct 19, 2017 7:30    Post subject: Reply with quote
Why are you appending (-A)?

The ACCEPT may get after a DROP.
Back to top View user's profile Send private message
LeftyAce
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 2
PostPosted: Fri Oct 20, 2017 2:17    Post subject: Reply with quote
Thank you, that solved the problem! I changed the commands to:

Code:

iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

# Allow TUN interface connections to OpenVPN server
iptables -I INPUT 2 -i tun+ -j ACCEPT
 # Allow TUN interface connections to be forwarded through other interfaces
iptables -I FORWARD 1 -i tun+ -j ACCEPT


If I understand correctly, this means the router accepts anything on tun interfaces, so as long as only trustworthy people can establish a VPN connection, I'm ok.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum