First: (READ, install and configure, create certificates, transfer it to DD-WRT router)
http://www.howtogeek.com/64433.....rt-router/
Then:
Howto-configure-openvpn-on-your-dd-wrt-router
Does anybody know which iptables rule(s), if any, I need to
add/remove in order to allow my OpenVPN clients to use my LAN's local
DNS server as well?
Some key info:
-DD-WRT v24-sp2 (12/20/11) vpn-small (SVN revision 18024)
-Router: Linksys WRT160Nv3
-LAN: 192.168.7.0
-Local-Gateway / Local-DNS : 192.168.7.1
-OpenVPN-LAN: 192.168.77.0
-"No DNS Rebind" option is Disabled
-Redirect Gateway is enabled, so that all traffic is routed through the VPN.
-I did add push "dhcp-option DNS 192.168.7.1" on the OpenVPN server.
-Local DNS works fine on LAN
-I can ping from LAN to OpenVPN-LAN and viceversa. Yes, ping to local-DNS (192.168.7.1) also works.
I'm currently able to access the Internet over the VPN, but only if I
either use an external (public) DNS or use plane IP addresses (no DNS
at all). That is, the VPN clients fail to resolve with the local DNS. I
suspect either dns requests or dns replies are being dropped by iptables
(?)
Can anybody shed some light?
----------------------------------
OK, actually I found a solution for what I wanted. So I thought I'd post it here as a potential future reference for others...
Note: I won't write much details, I'll assume some technical
expertise... also, please do realize the previous post has all the key
info to follow this one.
1 Granting your OpenVPN clients Internet access:
you need to do NAT on the OpenVPN traffic properly with the following
iptables rule, just save it as Firewall under the Administration -
Commands tab.
iptables -t nat -A POSTROUTING -s 192.168.77.0/24 -o vlan2 -j SNAT --to-source $(nvram get wan_ipaddr)
2 Getting DNSMasq to resolve for your OpenVPN clients:
you need to tell DNSMasq to also listen on your virtual (OpenVPN) LAN by
adding this flag in "Additional DNSMasq Options" under your Services
- Services tab.
interface=tun0
----------------------------------
I recently happened to upgrade to a WRT160NL router [firmware: DD-WRT
v24-sp2 (07/20/12) std]. In this router the interfaces bear different
names. So, in order to maintain the same scenario as described above,
you need to update the instructions in my first post as follows:
In 1/: replace vlan2 by ethx, where ethx = your WAN interface (in my case: eth1), i.e. your public IP
In 2/: replace tun0 by tunx, where tunx = your local OpenVPN interface (in my case: tun2), i.e. 192.168.77.1/24
Subscribe to:
Post Comments (Atom)
1 comment:
Hi,
sorry to disturb you.
Is it possible to share your wrt160nl config file?
i just cant set the WAN port to work since i upgraded
the firmware. It gets an IP on gui page, but i cant access the internet using the other 4 ports..
And it never worked fine with v24 sp2 stable too.
any suggestion is welcome too.
thank you
Post a Comment