Hi there, i seem to be having problems with setting up openvpn on my tomatousb router.
Not sure why, but the router is able to get internet access but anything connected to the router can't. All devices only connect to the vpn server's public ip's and urls. Dns seems to work fine.
I'd like all or select machines connected to my router to be able to connect to external vpn and use it as the gateway.
My local network has a different subnet than vpn server.
router runs on 192.168.1.0 range
vpn tunnel runs on 10.0.0.0 range
Once vpn link is established, on a machine connected to my home router (the vpn client) i can ping 10.0.0.1 and i can connect to all the ips on the vpn server's eth0 but i can't ping anything outside.
From router i can access and ping internet fine.
i've tried adding nat:
but seems to do nothing..
Checked the table ( iptables -n -L -v -t nat)
Router routing table:
On vpn server:
Nat:
Routes on server:
Openvpn config on server side:
And config on client side:
Also have ip v4 forwarding on both enabled.
Really don't know what's up on why it just won't work. Any help would be apreaciated. Been trying for a lil while but i don't know what to do next to be honest.
Not sure why, but the router is able to get internet access but anything connected to the router can't. All devices only connect to the vpn server's public ip's and urls. Dns seems to work fine.
I'd like all or select machines connected to my router to be able to connect to external vpn and use it as the gateway.
My local network has a different subnet than vpn server.
router runs on 192.168.1.0 range
vpn tunnel runs on 10.0.0.0 range
Once vpn link is established, on a machine connected to my home router (the vpn client) i can ping 10.0.0.1 and i can connect to all the ips on the vpn server's eth0 but i can't ping anything outside.
From router i can access and ping internet fine.
i've tried adding nat:
Quote:
|
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o tun11 -j MASQUERADE |
Checked the table ( iptables -n -L -v -t nat)
Quote:
|
Chain PREROUTING (policy ACCEPT 216 packets, 11025 bytes) pkts bytes target prot opt in out source destination 45 11925 DROP all -- vlan2 * 0.0.0.0/0 192.168.1.0/24 0 0 WANPREROUTING all -- * * 0.0.0.0/0 192.168.1.3 0 0 upnp all -- * * 0.0.0.0/0 192.168.1.3 Chain POSTROUTING (policy ACCEPT 5 packets, 1675 bytes) pkts bytes target prot opt in out source destination 27 1468 MASQUERADE all -- * tun11 192.168.1.0/24 0.0.0.0/0 547 30053 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0 1 40 SNAT all -- * br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1 Chain OUTPUT (policy ACCEPT 5 packets, 1675 bytes) pkts bytes target prot opt in out source destination Chain WANPREROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.1 Chain upnp (1 references) pkts bytes target prot opt in out source destination |
Quote:
|
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.5 * 255.255.255.255 UH 0 0 0 tun11 XX.XX.XX.202 192.168.1.2 255.255.255.255 UGH 0 0 0 vlan2 192.168.1.2 * 255.255.255.255 UH 0 0 0 vlan2 10.0.0.0 10.0.0.5 255.255.255.0 UG 0 0 0 tun11 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 10.0.0.5 128.0.0.0 UG 0 0 0 tun11 128.0.0.0 10.0.0.5 128.0.0.0 UG 0 0 0 tun11 default 192.168.1.2 0.0.0.0 UG 0 0 0 vlan2 |
Nat:
Quote:
|
Chain PREROUTING (policy ACCEPT 2317 packets, 124K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 336 packets, 24591 bytes) pkts bytes target prot opt in out source destination 439 29810 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 336 packets, 24591 bytes) pkts bytes target prot opt in out source destination Chain eth0_masq (1 references) pkts bytes target prot opt in out source destination 138 7545 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0 |
Quote:
|
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.2 * 255.255.255.255 UH 0 0 0 tun0 XX.XX.XX.200 * 255.255.255.248 U 0 0 0 eth0 10.0.0.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun0 default m201.intermanic 0.0.0.0 UG 0 0 0 eth0 |
Quote:
|
rport 3009 lport 4009 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.0.0.0 255.255.255.0 push "route 10.0.0.0 255.255.255.0" #tls-auth /etc/openvpn/ta.key 0 #ifconfig-pool-persist ipp.txt keepalive 10 120 push "redirect-gateway def1" comp-lzo no user nobody group users persist-key persist-tun cipher AES-256-CBC status openvpn-status.log verb 5 client-to-client |
Quote:
|
# Automatically generated configuration #daemon client dev tun11 proto udp remote XX.XX.XX.202 4009 lport 3009 resolv-retry 30 persist-key persist-tun comp-lzo no cipher AES-256-CBC redirect-gateway def1 verb 3 ca ca.crt cert client.crt key client.key status-version 2 status status # Custom Configuration #script-security 2 #(iptables stuff) up /jffs/openvpn/postup.sh |
Really don't know what's up on why it just won't work. Any help would be apreaciated. Been trying for a lil while but i don't know what to do next to be honest.