Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, November 7, 2012

Install and configure OpenVPN on your DD-WRT Router

First: (READ, install and configure, create certificates, transfer it to DD-WRT router)
http://www.howtogeek.com/64433.....rt-router/
Then:
Howto-configure-openvpn-on-your-dd-wrt-router
Does anybody know which iptables rule(s), if any, I need to add/remove in order to allow my OpenVPN clients to use my LAN's local DNS server as well?
Some key info:
-DD-WRT v24-sp2 (12/20/11) vpn-small (SVN revision 18024)
-Router: Linksys WRT160Nv3
-LAN: 192.168.7.0
-Local-Gateway / Local-DNS : 192.168.7.1
-OpenVPN-LAN: 192.168.77.0
-"No DNS Rebind" option is Disabled
-Redirect Gateway is enabled, so that all traffic is routed through the VPN.
-I did add push "dhcp-option DNS 192.168.7.1" on the OpenVPN server.
-Local DNS works fine on LAN
-I can ping from LAN to OpenVPN-LAN and viceversa. Yes, ping to local-DNS (192.168.7.1) also works.
I'm currently able to access the Internet over the VPN, but only if I either use an external (public) DNS or use plane IP addresses (no DNS at all). That is, the VPN clients fail to resolve with the local DNS. I suspect either dns requests or dns replies are being dropped by iptables (?)
Can anybody shed some light?

----------------------------------
OK, actually I found a solution for what I wanted. So I thought I'd post it here as a potential future reference for others...
Note: I won't write much details, I'll assume some technical expertise... also, please do realize the previous post has all the key info to follow this one.
1  Granting your OpenVPN clients Internet access:
you need to do NAT on the OpenVPN traffic properly with the following iptables rule, just save it as Firewall under the Administration - Commands tab.
iptables -t nat -A POSTROUTING -s 192.168.77.0/24 -o vlan2 -j SNAT --to-source $(nvram get wan_ipaddr)
2 Getting DNSMasq to resolve for your OpenVPN clients:
you need to tell DNSMasq to also listen on your virtual (OpenVPN) LAN by adding this flag in "Additional DNSMasq Options" under your Services - Services tab.
interface=tun0
----------------------------------
I recently happened to upgrade to a WRT160NL router [firmware: DD-WRT v24-sp2 (07/20/12) std]. In this router the interfaces bear different names. So, in order to maintain the same scenario as described above, you need to update the instructions in my first post as follows:
In 1/: replace vlan2 by ethx, where ethx = your WAN interface (in my case: eth1), i.e. your public IP
In 2/: replace tun0 by tunx, where tunx = your local OpenVPN interface (in my case: tun2), i.e. 192.168.77.1/24
Posted by at
Labels: , ,

1 comment:

Tomás said...

Hi,

sorry to disturb you.
Is it possible to share your wrt160nl config file?

i just cant set the WAN port to work since i upgraded
the firmware. It gets an IP on gui page, but i cant access the internet using the other 4 ports..
And it never worked fine with v24 sp2 stable too.

any suggestion is welcome too.

thank you

30 December, 2012

Post a Comment

Subscribe to: Post Comments (Atom)