[IT_cog_MD]

Asus RT-N66U OpenVPN Server
Asus RT-AC66U OpenVPN client
Firmware: DD-WRT v3.0-r34886M giga

I have been trying to use an Asus RT-AC66U as an Open VPN Client but it does not seem to connect.

I have a Asus RT-N66U running dd-wrt acting as an openVPN server and when i take the files genetated from easy-rsa like ca.crt, client.crt, client.key and the .ovpn generated and use an OpenVPN software either on my phone, tablet or PC i connect and it works with 2 issues:
1) i cannot traverse internet anymore when connecting with my phone if i am connected. so i have to drop vpn to surf.
2) i cannot traverse network using names only IP. even though it appears to push the DNS directive of my DNS server on that end.

However, when i put all that information into the Asus RT-AC66U running dd-wrt as a client I can connect but cannot navigate to the connected server.

I have read a few articles regarding firewalls and routing tables and am confused and want some verification of such on what is really going on to check my understanding if possible. and I hope I use the right words and terminology.

My setup is this:
Server LAN is 192.168.1.x - everything in main location is on 1.x
whenever a client connects they are associated with 10.8.0.x
i have a client i am trying to connect and its LAN and everything on that network is 192.168.11.x

When i connect i see on the client router i have been given 10.8.0.3 and the server shows i am connected, but i get no activity

on my server side i have the following additional configs

[IT_cog_MD]

I think my issue between the server and the client is the fact
computer A(192.168.1.70) -> OpenVPN Server(192.168.1.64/10.8.0.1) -> OpenVPN Client(10.8.0.2/192.168.11.67) -> Computer B(192.168.11.70)

I cannot from Computer B ping Computer A nor can I ping the OpenVPN Router

However, I can telnet into the OpenVPN Client router and ping the server at 192.168.1.64, but i cannot ping beyond that.

From the OpenVPN Server router i can ping 10.8.0.2 but I cannot ping 192.168.11.67.

So I think it has something to do with routing. How do i tell Computer B that it needs to go to 192.168.11.67 -> 10.8.0.2 -> 10.8.0.1 -> 192.168.1.64 -> 192.168.1.70 in order to get to its destination

[IT_cog_MD]

That was my first assumption, but reading every How-To involves doing the iptables routing.

I took advice and erased all firewall rules in server and client

I am working off-site at client location. Going through the client router I cannot get passed server router. Only by using the OpenVPN application and importing the .ovpn file can I get into the network.

After turning off all firewall rules, I can now ping the router using the 192.168.1.64 from the Client Router but not from a PC.

When i connect to the server using the OpenVPN application, I used to be able to see beyond the server router and RDP to a computer there, now with the firewall rules removed, i can ping the server router from the PC but cannot go beyond that, so I can no longer RDP to the computer located at the server site.

I was trying to see how the following could help me but it didnt do much for me. I still was stuck
http://wadihzaatar.com/?p=11

[IT_cog_MD]

[IT_cog_MD]

I have never done a static route before. Is whati am looking for this? or do i have it backwards?

This is on the server side. 192.168.1.64 is my VPN server. I have these and the port forwarding setup.

The picture is wrong i fixed the netmask to 255.255.255.0 and boom I can now pass through again. in a more proper manner i am sure.

[IT_cog_MD]

Actually that has always been an issue for me. When i connect to the VPN i lose all internet activity. If i want to surf the internet when i am connected to the server, I have to disconnect. surf and reconnect.

and what you mean by routed? i have the router setup as a WAP and have it assigned as a router and not a gateway. When iset it as a gateway i couldn't seem to get the guest network to work.

[IT_cog_MD]

I dont want internet to go through VPN for this particular instance, I want them to always use local internet. I removed that directive and still unable to surf the internet. Is there something within the client? NAT still kind of confuses me. Should the client have NAT enabled?

[IT_cog_MD]

i want everyone connected to the client router to have VPN access to the server, however i also want none of them to pass the internet through the VPN, instead i want everyone connected to the router to just use their local internet.

Also, in order to get the DNS function working i opened up the DNSMasq to look on tun2 but reading other things, and was told to do the following

[IT_cog_MD]

I am now at the server location sitting on a computer and i am trying to ping the LAN side of the Client OpenVPN.

The following returns results expected

[IT_cog_MD]

Yeah i found out most of that with your help in getting me to understand what is actually needing to be done

I have done 2 things at start up
1) iroute
2) static ip - I dislike dhcp

[IT_cog_MD]

I am at a loss as to why i cannot ping the LAN side of the client router. I can ping the VPN side. Is there some additional config or something in eed on the client side to make it respond?

[IT_cog_MD]

from the VPN router i still cannot ping.

Also i looked at the routing table under Setting->Advanced Routing->Show Routing Table and it showed the route for 192.168.11.0 was 10.8.0.2 even though i had static'd that destination to 21.

So i changed it back to a static of 2. It still failed. so i added a third client, which i do have in the field. and it too was given a gateway of 2.

so now
Startup Script

[IT_cog_MD]

I thought the ifconfig-push was for static IP not routing persay.

[IT_cog_MD]

Sorry bout adding the static route I thought I made clear earlier. I thought > would append and >> overwrites. Did I have backwards

[IT_cog_MD]

that was the issue. I can now ping across. once i removed the static ip action it started to work again