infusion DD-WRT Guru
Joined: 30 Aug 2006 Posts: 506
|
Posted: Thu May 21, 2015 23:21 Post subject: R7000 and OVPN - Configuration was working in a WRT54GL |
|
Hello guys,
I'm writing in the hope to find out what is going wrong with my OVPN connection, since I recently updated my old WRT54GL for a R7000.
It was working fine in the WRT54GL, but in the R7000 I can connect, but I get no traffic at all.
First of all, I noticed that the OVPN Server configuration is a bit different from the R7000.
I explain:
Under the WRT54GL configuration, I had:
CA Cert
Public CLIENT Cert
Private CLIENT Key
DH-PEM
OPENVPN CONFIG
For the R7000:
CA Cert
Public SERVER Cert
Private SERVER Key
DH-PEM
OPENVPN CONFIG
I thought that it would be easy to have it working under R7000 since it was already working in WRT54GL, but it wasn't.
As you can see above, R7000 uses public server cert and private server key, while in WRT54GL uses public client cert and private client key.
So I had to use public SERVER Cert and Private SERVER
Key to fit R7000 FW needs.
Doing that way I can connect to the server, but I can't navigate or use it.
My Additional Config
===================================================
push "route 192.168.1.0 255.255.255.0"
server 192.168.2.0 255.255.255.0
push "dhcp-option DNS 208.67.222.222"
push "redirect-gateway def1"
dev tun0
proto udp
keepalive 10 120
verb 5
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
===================================================
I would appreciate any comments, suggestions that I may try to make it to work. Or maybe tell me what I may be doing wrong.
Start Type = WAN Up
Config As = Daemon
Firmware build 25974
Suggestions?
Thank you in advance for anyone that could shed some light into this! |
|
infusion DD-WRT Guru
Joined: 30 Aug 2006 Posts: 506
|
Posted: Fri May 22, 2015 20:17 Post subject: |
|
Searching the forum, I got information from this thread:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=282995
User states that since build 17000, there is a bug, which can be solved including the following command to the firewall:
#Enable NAT on the WAN port to correct a bug in builds over 17000
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
After that, VPN started to work. I can acess the internet and other machines in the network, BUT for some reason that I still could't identify, I can't access the router itself (192.168.1.1).
ideas? |
|