I have the latest firmware (DD-WRT v24-sp2 (08/07/10) vpn - build 14896) as well running, and I have a similair Gui, but yours clearly has more options then mine. I have to compensate by adding the commands to my server configs _________________ WRT54G v3
WRT300N v1
Last edited by McKayCR on Mon Jan 24, 2011 22:08; edited 1 time in total
I added some routes through the gui on both the server router and the client router. Now computers behind the server can ping the internal 192.168.2.1 of the client router, but they still can't ping any computers connected to it. However, everyone connected to the client router was able to fully communicate to computers behind the server router.
So close...
Still no changes, I have been stumped by this.. any input would be awesome _________________ WRT54G v3
WRT300N v1
Hi all
Some questions here
Have 1 local LAN (something like 192.168.1.0)
And started:
PPTP Server (192.168.0.0)
OpenVPN Server (192.168.100.0)
Some clients connect to PPTP server and some clients connect to OpenVPN server.
How i can allow clients in the server side local LAN (192.168.1.0) to access clients in the clients LAN (OpenVPN - 192.168.100.0 and PPTP - 192.168.0.0) and PPTP clients can access OpenVPN clients? Router ASUS RT-N16, DD-WRT ver. 14929.
Any ideas?
Posted: Fri Nov 04, 2011 16:31 Post subject: OpenVPN works unless SPI Firewall enabled
I have been working on this for years, always giving up trying to get OpenVPN working and never being successful. I know just enough to be dangerous, so I finally bought a used Asus 500gp v2 that supports the dd-wrt mega version and decided to try again. Good news is after 3 days I got it working via TCP and all was OK, then changed it to UDP and all was OK. THen as a final step, I switched my Spi Firelwall back "ON" and it now no longer works.
I have no idea what to look for here, nor what to make of the info I see from logging in the router at /var/log/messages. Any ideas? I hate to paste the long system log files here, consuming this sites resource space.
Notes:
*removed line iptables -I FORWARD 1 –source 192.168.158.0/24 -j ACCEPT which did not help
*router ip address is 192.168.158.1
Client config:
Code:
client
dev tun
proto udp
remote 192.168.0.160 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 4
Server config:
Code:
push "route 192.168.158.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
verb 5
management localhost 5001
Again, this setup works fine with the SPI firewall off. What would I do to debug to allow to turn the SPI firewall back on and continue to use OpenVPN?
I have my OpenVPN server running over tcp because udp is really unstable at my workplace but that shouldn't any issue in regards to your situation. My config is:
192.168.1.0 (Private Network I want to VPN to)
192.168.66.0 (OpenVPN Clients Network)
Code:
push "route 192.168.1.0 255.255.255.0"
server 192.168.66.0 255.255.255.0
Also with your firewall rules, make sure the dport and source bits have a double dash i.e -- before them (see my IPTABLES entry above). I noticed a few websites with tutorials regarding OpenVPN often turned the double dash into one dash (due to the CMS or a bad copy and paste job) which isn't the correct syntax.
Code:
Apart from that your server and config files look fine.
Posted: Sun Nov 06, 2011 18:13 Post subject: Re: OpenVPN works unless SPI Firewall enabled
donphillipe wrote:
I have been working on this for years, always giving up trying to get OpenVPN working and never being successful. I know just enough to be dangerous, so I finally bought a used Asus 500gp v2 that supports the dd-wrt mega version and decided to try again. Good news is after 3 days I got it working via TCP ...
Yes, this is always something to keep in mind (getting a 'bigger' router). I tended to find that the Linksys/broadcom with limited ram (4mb models) to be very unstable and sometimes run out of space when running ovpn (default location) - even when running a limited build.
I run a mega build on an Asus RT-N16 now, but I still put all OpenVPN files on jffs area even then. Pretty stable now. If you have limited nvram (especially if running something more than just OpenVPN) use /jffs. There is plenty of documentation on how to create jffs area and your router nvram will thank you.
Last edited by bmatthewshea on Mon Nov 07, 2011 14:04; edited 2 times in total
I run OpenVPN on a WNR3500L running the big build and have just over 3000 bytes of NVRAM left after all the certificates and such (via GUI) which isn't too bad.
I run OpenVPN on a WNR3500L running the big build and have just over 3000 bytes of NVRAM left after all the certificates and such (via GUI) which isn't too bad.
I should have noted I wasn't writing that directly at you but you brought up a good point (and yes you have plenty of breathing room re: nvram) .
My point was that even if you get firewall rules and ovpn configs correct, if you don't have enough nvram, ovpn will not work (or at very least router will be very unstable). Just something to keep in mind for all users of openvpn.