Problems with openvpn client router with different subnet, no internet for lan

carlos · Dec 15, 2012

Hi there, i seem to be having problems with setting up openvpn on my tomatousb router.

Not sure why, but the router is able to get internet access but anything connected to the router can't. All devices only connect to the vpn server's public ip's and urls. Dns seems to work fine.

I'd like all or select machines connected to my router to be able to connect to external vpn and use it as the gateway.

My local network has a different subnet than vpn server.
router runs on 192.168.1.0 range
vpn tunnel runs on 10.0.0.0 range

Once vpn link is established, on a machine connected to my home router (the vpn client) i can ping 10.0.0.1 and i can connect to all the ips on the vpn server's eth0 but i can't ping anything outside.

From router i can access and ping internet fine.

i've tried adding nat:

iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o tun11 -j MASQUERADE

but seems to do nothing..

Checked the table ( iptables -n -L -v -t nat)

Chain PREROUTING (policy ACCEPT 216 packets, 11025 bytes)
pkts bytes target prot opt in out source destination
45 11925 DROP all -- vlan2 * 0.0.0.0/0 192.168.1.0/24
0 0 WANPREROUTING all -- * * 0.0.0.0/0 192.168.1.3
0 0 upnp all -- * * 0.0.0.0/0 192.168.1.3

Chain POSTROUTING (policy ACCEPT 5 packets, 1675 bytes)
pkts bytes target prot opt in out source destination
27 1468 MASQUERADE all -- * tun11 192.168.1.0/24 0.0.0.0/0
547 30053 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0
1 40 SNAT all -- * br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1

Chain OUTPUT (policy ACCEPT 5 packets, 1675 bytes)
pkts bytes target prot opt in out source destination

Chain WANPREROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.1

Chain upnp (1 references)
pkts bytes target prot opt in out source destination

Router routing table:

Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.5 * 255.255.255.255 UH 0 0 0 tun11
XX.XX.XX.202 192.168.1.2 255.255.255.255 UGH 0 0 0 vlan2
192.168.1.2 * 255.255.255.255 UH 0 0 0 vlan2
10.0.0.0 10.0.0.5 255.255.255.0 UG 0 0 0 tun11
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.0.0.5 128.0.0.0 UG 0 0 0 tun11
128.0.0.0 10.0.0.5 128.0.0.0 UG 0 0 0 tun11
default 192.168.1.2 0.0.0.0 UG 0 0 0 vlan2

On vpn server:

Nat:

Chain PREROUTING (policy ACCEPT 2317 packets, 124K bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 336 packets, 24591 bytes)
pkts bytes target prot opt in out source destination
439 29810 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 336 packets, 24591 bytes)
pkts bytes target prot opt in out source destination

Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
138 7545 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0

Routes on server:

Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.2 * 255.255.255.255 UH 0 0 0 tun0
XX.XX.XX.200 * 255.255.255.248 U 0 0 0 eth0
10.0.0.0 10.0.0.2 255.255.255.0 UG 0 0 0 tun0
default m201.intermanic 0.0.0.0 UG 0 0 0 eth0

Openvpn config on server side:

rport 3009
lport 4009
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.0.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
#tls-auth /etc/openvpn/ta.key 0
#ifconfig-pool-persist ipp.txt
keepalive 10 120
push "redirect-gateway def1"
comp-lzo no
user nobody
group users
persist-key
persist-tun
cipher AES-256-CBC
status openvpn-status.log
verb 5
client-to-client

And config on client side:

# Automatically generated configuration
#daemon
client
dev tun11
proto udp
remote XX.XX.XX.202 4009
lport 3009
resolv-retry 30
persist-key
persist-tun
comp-lzo no
cipher AES-256-CBC
redirect-gateway def1
verb 3
ca ca.crt
cert client.crt
key client.key
status-version 2
status status

# Custom Configuration
#script-security 2
#(iptables stuff) up /jffs/openvpn/postup.sh

Also have ip v4 forwarding on both enabled.

Really don't know what's up on why it just won't work. Any help would be apreaciated. Been trying for a lil while but i don't know what to do next to be honest.

Thread starter	Title	Forum	Replies	Date
C	OpenVPN advice for multiple simultaneous clients on same host	VPN	3	Jul 11, 2024
L	Client to client disabled when using static IP on OpenVPN ASUS RT-AC3200	VPN	31	Jun 21, 2024
N	Mikrotik as OpenVPN client, lan behind mikrotik?	VPN	2	Jun 17, 2024
M	Asus OpenVpn Server behind behind another router (Google Mesh).	VPN	1	Jun 14, 2024
O	TV with OpenVPN client	VPN	16	Feb 29, 2024
M	Help Me Understand OpenVPN	VPN	5	Jan 25, 2024
S	Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site?	VPN	2	Jan 12, 2024
K	Help with Wireguard Client set up, access local LAN & provider DNS	VPN	1	Jun 14, 2024
	Pulse Secure Desktop Client Failing	VPN	8	Jan 23, 2024
S	How to start client VPN from the CLI on tomato firmware	VPN	0	Dec 19, 2023

Search

Search

Problems with openvpn client router with different subnet, no internet for lan

carlos

New Around Here

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online