OpenWrt Forum Archive

Topic: VPN as remote gateway

The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
lamero
11 Sep 2016, 17:24

Hi, I'd like to use Openvpn server on Openwrt that acts as a remote gateway, but when the client connects to it, internet stop working.

## server.conf ##

port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key
server 10.6.3.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#cipher AES-256-CBC
#auth SHA512
tun-mtu 1500
cipher none
auth none
mssfix 0
fragment 0
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
keepalive 10 30
comp-lzo
persist-key
persist-tun
down-pre
verb  3

## client.conf ##

client
dev tun
proto tcp
remote myip.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
;cipher AES-256-CBC
;auth SHA512
cipher none
auth none
comp-lzo
tun-mtu 1500
fragment 0
mssfix 0
verb 3
script-security 2
up "/etc/openvpn/up.sh"
down " /etc/openvpn/down.sh"

<ca>
...

## /etc/config/firewall on the server ##

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'VPN'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option dest 'wan'
        option src 'vpn'

What's wrong?

(Last edited by lamero on 11 Sep 2016, 17:26)

Post #2
nawazshahid
19 Oct 2016, 11:47

I want to make openwrt router 14.07 as a client, and to route all its traffic to vpn server ubuntu .. Server and client are connected successfully

this is my routing table
Destination     Gateway         Genmask                                         Flags       Metric     Ref         Use Iface
0.0.0.0         192.168.1.1     0.0.0.0                                                UG    0      0        0               eth0
10.8.0.1        10.8.0.5        255.255.255.255                                 UGH 0       0       0                tun0
10.8.0.5        0.0.0.0         255.255.255.255                                  UH    0      0        0               tun0
192.168.1.0     0.0.0.0         255.255.255.0                                   U     0       0      0                br-lan

when i traceroute 'google' i get the following result

traceroute to google.com 30 hops max, 38 byte packets
1  192.168.1.1 (192.168.1.1)  1.938 ms  1.288 ms  1.120 ms
2  *  *  *
3  10.0.1.2 (10.0.1.2)  32.262 ms  30.939 ms  48.762 ms
4  UKLI.rwp44.pie.net.pk (202.125.151.106)  41.319 ms  32.086 ms  36.240 ms
5  static-khi275-P02-pie.net.pk (221.120.254.6)  61.871 ms  60.470 ms  61.220 ms
6  static.khi77.pie.net.pk (202.125.128.150)  65.115 ms  65.808 ms  69.477 ms
7  *  72.14.209.137 (72.14.209.137)  574.425 ms  734.882 ms
8  108.170.240.173 (108.170.240.173)  139.261 ms  108.170.240.236 (108.170.240.236)  140.550 ms  108.170.242.66 (108.170.242.66)  140.832 ms
 

Please tell me how to give zones permissions to get it working,  or any other configurations which need to be done

Post #3
nawazshahid
19 Oct 2016, 12:14

Hop 1 must be my Routers gateway and hop2 must be my vpn server' s IP but this is not the case here , I checked with a local client ubuntu and it works, It did not work with openwrt vpn client, Any help is grateful

The discussion might have continued from here.