Posted: Sun Mar 25, 2018 19:41 Post subject: [Solved] OpenVPN on server on same subnet as DD-WRT
I have started an OpenVPN server on a machine on my local network. I'm able to connect to it from both inside and outside of the network, but once connected I don't seem to see any other devices or out to the internet.
DD-WRT running on a Buffalo WZR-1750DHP (DD-WRT v3.0-r33555 std (10/20/17))
Router DHCP -> 192.168.1.0
Subnet of OpenVPN server -> 10.20.30.0 (IP from DD-WRT 192.168.1.23)
I can ping the server from the local network (192.168.1.0).
Server config is below (commented sections removed):
Code:
port 11940
proto tcp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/MiniServer.crt
key /usr/local/etc/openvpn/keys/MiniServer.key
dh /usr/local/etc/openvpn/keys/dh.pem
topology subnet
server 10.20.30.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 10.20.30.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
client-to-client
keepalive 10 120
cipher AES-256-GCM
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 5
remote-cert-tls client
Client config:
Code:
client
dev tun
proto tcp
remote myserver.website.com 11940
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-G GCM
comp-lzo
verb 3
I've also set up a static route and some firewall commands, but they do not seem to change the connection that the VPN has to the network.
Any suggestions would be much appreciated as I'm at a bit of a loss. It seems like an issue with the routing on the DD-WRT side of things, but the changes I'm making don't seem to be sticking.
Last edited by stevennic on Mon May 07, 2018 1:50; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Tue Mar 27, 2018 7:57 Post subject:
For what it is worth, I also use a non DDWRT openVPN server (QNAP pro NAS). The only thing needed is a port forwarding on my primary DDWRT router to that OpenVPN server and nothing else.
To get local access the firewall of my openVPN server has to be tweaked and a postnatting rule akin to the one from Per Yngve has to be in place on the OpenVPN server (there is no wan interface on the server so you need an snat to the lan)
I tried a few different firewall commands (to see if it was something related to that), but none seemed to pan out.
The original three and the new command provided by Per Yngve Berg.
Without the first three lines, with only the first and last line and altogether. Still the not being forwarded to the local network or to the internet.
Static route in place forwarding 10.20.30.0/24 subnet through 10.10.10.23 (server).
IPs were changed across the network to be from 10.10.10.0/24 instead of 192.168.1.0/24 (moreso to protect on the OpenVPN side of things than anything else).
Code:
push "redirect-gateway def1 bypass-dhcp"
on server config changed to
Code:
push "redirect-gateway autolocal"
at some point.
It works, I'm not going to change it.