R7000 and OVPN - Configuration was working in a WRT54GL

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
infusion
DD-WRT Guru


Joined: 30 Aug 2006
Posts: 506
PostPosted: Thu May 21, 2015 23:21    Post subject: R7000 and OVPN - Configuration was working in a WRT54GL Reply with quote
Hello guys,
I'm writing in the hope to find out what is going wrong with my OVPN connection, since I recently updated my old WRT54GL for a R7000.
It was working fine in the WRT54GL, but in the R7000 I can connect, but I get no traffic at all.

First of all, I noticed that the OVPN Server configuration is a bit different from the R7000.
I explain:
Under the WRT54GL configuration, I had:

CA Cert
Public CLIENT Cert
Private CLIENT Key
DH-PEM
OPENVPN CONFIG

For the R7000:
CA Cert
Public SERVER Cert
Private SERVER Key
DH-PEM
OPENVPN CONFIG

I thought that it would be easy to have it working under R7000 since it was already working in WRT54GL, but it wasn't.
As you can see above, R7000 uses public server cert and private server key, while in WRT54GL uses public client cert and private client key.

So I had to use public SERVER Cert and Private SERVER
Key to fit R7000 FW needs.

Doing that way I can connect to the server, but I can't navigate or use it.

My Additional Config
===================================================
push "route 192.168.1.0 255.255.255.0"
server 192.168.2.0 255.255.255.0
push "dhcp-option DNS 208.67.222.222"
push "redirect-gateway def1"
dev tun0
proto udp
keepalive 10 120
verb 5
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
===================================================

I would appreciate any comments, suggestions that I may try to make it to work. Or maybe tell me what I may be doing wrong.

Start Type = WAN Up
Config As = Daemon
Firmware build 25974

Suggestions?
Thank you in advance for anyone that could shed some light into this!
Back to top View user's profile Send private message
Sponsor
infusion
DD-WRT Guru


Joined: 30 Aug 2006
Posts: 506
PostPosted: Fri May 22, 2015 20:17    Post subject: Reply with quote
Searching the forum, I got information from this thread:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=282995

User states that since build 17000, there is a bug, which can be solved including the following command to the firewall:

#Enable NAT on the WAN port to correct a bug in builds over 17000
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`


After that, VPN started to work. I can acess the internet and other machines in the network, BUT for some reason that I still could't identify, I can't access the router itself (192.168.1.1).

ideas?
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum