OpenWrt Forum Archive

Topic: OpenVPN client routing problems

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
knuddel
17 Nov 2012, 00:00

Hello,

I wanted to use my WR1043ND as a OpenVPN client so all my computer would be routed through the VPN connection. I setup OpenVPN and I can connect, however, none of my clients can connect to the internet anymore if I connect to the OpenVPN server. I used the wii guide here: http://wiki.openwrt.org/doc/howto/vpn.c … penvpn.tap

I guess it's something wrong with: iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx so what should I do? Of course I changed 10.xx.x.xx to the one tap device was using.

Post #2
jow
17 Nov 2012, 16:01

Use -I instead of -A.

Post #3
knuddel
18 Nov 2012, 01:43

Doesnt work too. The VPN is working fine from the router itself, but not from the clients behind the router. I dont think it is that hard, though I think the command is just wrong.

Do I have to change or add something else to the OpenVPN client config? The routing just doesnt work. My OpenWRTs ip is 10.0.0.202, clients are 10.0.0.1-10, the tap0 device gets the ip 10.8.1.48.

So I think theres something missing letting the OpenWRT route everything from the 10.0.0.x clients to the 10.8.1.x one, or should the single command

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to 10.8.1.48

already do this?

Btw heres my client config:

client
dev tap
proto tcp
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
script-security 2
ping 10
ping-restart 60
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.crt
key /etc/openvpn/keys/key.key
reneg-sec 0
ns-cert-type server
auth-user-pass /etc/openvpn/keys/user.auth
verb 3

Also heres my iptables config:

PunBB bbcode test

(Last edited by knuddel on 18 Nov 2012, 02:23)

Post #4
knuddel
18 Nov 2012, 09:12

Ok I figured it out, I had to add the rule: "iptables -A forwarding_rule -i br-lan -o tap+ -j ACCEPT". So it's working now with the two following lines, if theres something wrong about it, security wise, please tell me:

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to 10.8.1.48
iptables -A forwarding_rule -i tap+ -o br-lan -j ACCEPT

A problem I now have though is, OpenVPN wont reconnec if my pppoe connections has a DC, it just doesnt do anything. Someone maybe an idea how to solve this? I though the lines:

ping 10
ping-restart 60

would do that.

(Last edited by knuddel on 18 Nov 2012, 09:14)

The discussion might have continued from here.