Use topology subnet and redirect-gateway local def1.
The rest should be fine.
- Does the traffic from the LAN client even go down the VPN tunnel in the first place?
from the clients it does not get to the VPN Tunnel (checked both on OpenWRT tun0 and VPS tun0)
- Does any return traffic get generated?
Not (see above)
- Does the DO VPS have a return route from itself back to your LAN clients?
I'm not at that stage yet. Traffic is not seen even on OpwnWRT tun0
While traffic from OpenWRT (not originated from the clients), make it successfully through the tun0 tunnel.
Something I noticed when snooping, is that it clearly does stops at OpenWRT
root@OpenWrt:~# tcpdump -i br-lan -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
19:10:11.082820 IP 192.168.0.102 > 8.8.8.8: ICMP echo request, id 1, seq 1229, length 40
19:10:11.564383 IP 192.168.0.172 > 192.168.0.1: ICMP echo request, id 17152, seq 0, length 64
19:10:11.564520 IP 192.168.0.1 > 192.168.0.172: ICMP echo reply, id 17152, seq 0, length 64
19:10:11.564897 IP 192.168.0.172 > 192.168.0.1: ICMP echo request, id 17152, seq 0, length 64
19:10:11.565042 IP 192.168.0.1 > 192.168.0.172: ICMP echo reply, id 17152, seq 0, length 64
19:10:11.565406 IP 192.168.0.172 > 192.168.0.1: ICMP echo request, id 17152, seq 0, length 64
19:10:11.565523 IP 192.168.0.1 > 192.168.0.172: ICMP echo reply, id 17152, seq 0, length 64
19:10:11.565898 IP 192.168.0.172 > 192.168.0.1: ICMP echo request, id 17152, seq 0, length 64
19:10:11.566032 IP 192.168.0.1 > 192.168.0.172: ICMP echo reply, id 17152, seq 0, length 64
19:10:11.566373 IP 192.168.0.172 > 192.168.0.1: ICMP echo request, id 17152, seq 0, length 64
19:10:11.566517 IP 192.168.0.1 > 192.168.0.172: ICMP echo reply, id 17152, seq 0, length 64
Worth noticing that OpenWRT belongs to a subnet of a router that is connected to Internet via PPPOE. Still OpenWRT can access the tunnel, so I don't understand why the clients cannot ...
Post the output:
iptables-save
You connect to the Internet via PPPoE, but your WAN IP address is 192.168.1.4? Does your ISP implement carrier-grade NAT?
I connect via PPPoE as well, but I have a real, public IP address, not an RFC 1918 one.
WAN IP is given by the main router, that connects to the internet
Ah, double-NAT. Fun! Always entertaining to troubleshoot!
Okay, so pinging a public IP address doesn't get a response.
Now break it down. Ping each successive next hop until you no longer get a response. Then troubleshoot why.
Looks like your LAN host is 192.168.0.102. So, from 192.168.0.102, ping 192.168.0.1. Do you get a reply? What does tcpdump show?
Then, from 192.168.0.102, ping the local OpenVPN endpoint IP address. From your previously-posted output, it looks like that might be 10.8.0.6. Do you get a reply? What does tcpdump show?
Then, from 192.168.0.102, ping the remote OpenVPN endpoint IP address. From your previously-posted output, it looks like that might be 10.8.0.5. Do you get a reply? What does tcpdump show, on both br-lan and tun0?
This is bizarre ... did not do anything but sleeping and this morning it worked.
I suspect there may have been issues on the DHCP side (on OpenWRT), otherwise I cannot explain.
These are the final routes
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.0.5 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
VPNSERVERIP 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0.2
192.168.0.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0.2
root@OpenWrt:~#
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.