[tigermatt]

I am trying to configure the OpenVPN client on DD-WRT to communicate with an OpenVPN Server on a remote Ubuntu Linux 11.10 server. DD-WRT is installed on a Linksys WRT54GL v1.1 and I am using v24-sp2 build 14896, but I have also tried the stable v24-sp1 build and the recommended v24-sp2 build for this particular model.

The VPN is operating in tunnel mode, not bridge mode.

The remote site with the Ubuntu Linux box is on 10.0.1.0/24. The local site is on 10.0.2.0/24. The VPN interfaces on the OpenVPN server and client are on 10.0.3.0/29.

The VPN comes up correctly. A route is configured to be pushed for the 10.0.1.0/24 network to the client, and this is added correctly when I examine the routing tables. From the WRT54GL I can ping the Ubuntu server's remote 10.0.1.6 IP address. I can also ping the IP address on its tunnel interface, 10.0.3.1.

From the Ubuntu box, I am unable to ping anything on the WRT54GL's side.

There is no firewall on the Ubuntu Server. I can confirm that connecting from my workstation with the OpenVPN client allows unrestricted communication between my machine and the remote subnet.

This led me to believe the firewall on the WRT54GL was at fault. Examining the route-up and route-down.sh scripts created in the webGUI, I discovered NAT is in use for traffic traversing the VPN.

I do not wish to use NAT at this stage. I would simply like to disable the NAT and have all clients on the WRT54GL able to communicate with the Ubuntu server on the far end (I do not care at this stage about other clients on the Ubuntu server's LAN).

I have spent considerable time searching the forum and the Wiki, and came close to resolving the firewall issue on several occasions. However, my Google and iptables fu is apparently not as good as required to resolve this problem. I took special interest in this section of the Wiki: http://www.dd-wrt.com/wiki/index.php/OpenVPN#GUI_Client_Mode_Disabling_NAT. I have tried all those options but to no avail.

How can I configure my DD-WRT's firewall to route with no restrictions (and no NAT) all traffic from the WRT54GL's LAN to tun0 and any traffic from tun0 to the local LAN?

Any support is greatly appreciated. Thanks!

[ofrxnz]

Hey, I'm working through the same problem at the moment. I am almost 100% of the way there.

Assuming your vpn device is tun0, try these firewall rules.

They should allow unfettered routed traffic between each side of the openvpn tunnel. They should allow you to exchange DNS with DDWRT, Ping DDWRT and SSH into DDWRT. There is also a rule for web-access to ddwrt, but its not quite right, when you call the HTTP(s) interface, the tunnel hiccups. Though, the web interface is still stable enough for remote management. The tunnel effectively crashes for 2-3 seconds when ever you make a web request. The good news is, the http requests always complete. The web management packets just get caught up in iptables for a few seconds.

All of these rules are "suggested" in the Wiki. However, its about as clear as mud. Hopefully if I can get the remote HTTP management smoothed out a bit more, i'll update the wiki.

P.S. Its a work in progress so they are fairly sloppy. Also, if you get a more polished product, please share.

Oh, another note, I did not use the web-configuration bit for OpenVPN on DDWRT. I made it a start up script. If you use the web interface, it seems to call severa "bonus" nat rules that just made my life harder.