PPTP vs. OpenVPN + Config Problems

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
scottyd
DD-WRT Novice


Joined: 11 Apr 2012
Posts: 13

PostPosted: Sun Apr 22, 2012 23:07    Post subject: PPTP vs. OpenVPN + Config Problems Reply with quote
All I want to do is run a VPN on my E4200 so I can connect with my iPhone to my home network. I want to be able to tunnel traffic via my phone over 3G to access my home network.

I don't know too much about VPNs but I've read that PPTP isn't as secure as OpenVPN. I setup PPTP and it seemed to run fine on my phone.

Before I start to explain my OpenVPN problems I am wondering if it is even worth it to try and get OpenVPN to work for my needs. Do I really need all that security for a simple home network with 1 VPN client?

So here's what I'm doing with my OpenVPN configuration. My iPhone is jailbroken so I was able to install an OpenVPN client called GuizmoVPN. I read through tutorials and got the OpenVPN server up. As far as server mode it seems like "Router (TUN)" should be ok, correct?

The problem is when I enable the VPN and try to push all my traffic through it, my internet connection on my phone does not work anymore. "Redirect Default Gateway" is enabled on the server. Is there some other setting I need to change server side to get this work. Firewall setting? I thought it might be a DNS problem so I added the push "dhcp-option DNS 8.8.8.8" for Google's DNS servers.

Server settings are attached below.

Client config:

client
dev tun
proto udp
remote xx.xxx.xxx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert iphone.crt
key iphone.key
ns-cert-type server
cipher aes-128-cbc
comp-lzo
verb 3
auth sha256
tun-mtu 1500



vpn.jpg
 Description:
 Filesize:  108.52 KB
 Viewed:  12844 Time(s)

vpn.jpg


Sponsor
scottyd
DD-WRT Novice


Joined: 11 Apr 2012
Posts: 13

PostPosted: Fri Apr 27, 2012 19:34    Post subject: Reply with quote
bump. Would really like to get this working and not have to use PPTP.
aptitudeforums
DD-WRT Novice


Joined: 01 May 2012
Posts: 1

PostPosted: Tue May 01, 2012 16:43    Post subject: Redirect Gateway Reply with quote
Disable the Redirect Gateway option and that'll fix your internet issues. I had the same exact problem with my OpenVPN solution on my E4200.

Haven't figured out how to allow traffic to successfully redirect to gateway since it appears as though the DHCP server that gets assigned to the netmask is a DHCP server that doesn't exist...
scottyd
DD-WRT Novice


Joined: 11 Apr 2012
Posts: 13

PostPosted: Wed May 02, 2012 1:46    Post subject: Re: Redirect Gateway Reply with quote
aptitudeforums wrote:
Disable the Redirect Gateway option and that'll fix your internet issues. I had the same exact problem with my OpenVPN solution on my E4200.

Haven't figured out how to allow traffic to successfully redirect to gateway since it appears as though the DHCP server that gets assigned to the netmask is a DHCP server that doesn't exist...

Hmm I know there's a way to redirect the traffic.

Can you access your local network though?
scottyd
DD-WRT Novice


Joined: 11 Apr 2012
Posts: 13

PostPosted: Wed May 09, 2012 7:49    Post subject: Reply with quote
Bumping this again.
somms
DD-WRT User


Joined: 21 Mar 2008
Posts: 261

PostPosted: Wed May 09, 2012 8:30    Post subject: Reply with quote
Just use TAP > TUN much simplier!
_________________


Member of the Professional Aviation Safety Specialists Union!
scottyd
DD-WRT Novice


Joined: 11 Apr 2012
Posts: 13

PostPosted: Sat May 12, 2012 20:19    Post subject: Reply with quote
somms wrote:
Just use TAP > TUN much simplier!

Can you explain what settings I need for TAP mode to work with traffic forwarding?
rseiler
DD-WRT Guru


Joined: 01 Oct 2007
Posts: 622

PostPosted: Tue Jan 29, 2013 6:55    Post subject: Reply with quote
People have asked before, too:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=82611

But I haven't seen an answer, and I also don't know what "Just use TAP > TUN much simplier!" is supposed to mean, either.

Is there a way to tunnel all traffic through the VPN or not?

With redirect-gateway, I can get the gateway assigned, but the client can't even ping it....

Edit:

I thought having this in the firewall script surely would do the trick, but no (and "tun0" is what ifconfig shows that I have):

Code:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE


Update: I saw in this thread that it was the build I was using (18946) rather than anything else I was doing.
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=674844

This thread was another vote for 16773, so that's what I went with and now no more redirected gateway problem (LZO compression, as mentioned in the second thread, needs to be off for whatever reason):
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=672338

You don't even need any firewall rules, as that's taken care of for you, at least when using the GUI OpenVPN method.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum