I'm running openvpn on openwrt white russian RC3 on a WRT54G linksys
router. When I go to a wireless café with my SuSE 10 notebook, I
cannot ping my Windows desktop machine at 10.169.1.8. However, I can
ssh to my router at 10.169.1.2 using openwrt in route mode.
Where can I read about the documentation for the syntax for the
firewall.user file? What distro was openwrt derived from?
Is this syntax with the slashes legal in openwrt's firewall.user?
iptables -A FORWARD -i tun0 -s 10.8.1.0/24 -d 10.66.4.0/24 -j ACCEPT
This (following) FAQ fragment seems to describe me! Bridging mode works fine.
openvpn FAQ>I've successfully set up OpenVPN and can ping between both OpenVPN
openvpn FAQ>peers, however I cannot reach any of the other machines on the remote
openvpn FAQ>subnet. What's the problem?
openvpn FAQ>
openvpn FAQ>Make sure that the firewall is not filtering the TUN/TAP interface.
How do I do that? 10.169.1.8 is the desktop
machine I cannot ping. I tried adding these lines but they did not fix the problem:
iptables -A FORWARD -i tun0 -s 10.169.6.8 -d 10.169.1.8 -j ACCEPT
# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
openvpn FAQ>
openvpn FAQ>Make sure you have IP forwarding enabled on the server.
Yeah, I checked that with "cat /proc/sys/net/ipv4/ip_forward". It produces a 1.
openvpn FAQ>
openvpn FAQ>If you are using routing (not ethernet bridging), make sure the
openvpn FAQ>clients (or LAN gateway) have a route back to the server for the
openvpn FAQ>packets coming in over the tunnel.
openvpn FAQ>This can be done by: adding a route
openvpn FAQ>in your default gateway for the VPN network IP subnet pointing to the
openvpn FAQ>OpenVPN machine,
Ah hah! This is probably the solution to my problem. What might this
look like? What if the gateway is the VPN server? What do they mean by
"openVPN" machine? Is that my linksys router running openvpn?
openvpn FAQ>adding a route to every client,
What might this look like? Would this be the "add route" command?
openvpn FAQ>or NATing all VPN
openvpn FAQ>traffic to the local address of the OpenVPN machine for network
openvpn FAQ>traffic which leaves the OpenVPN machine for the local net.
What might this look like? I think this would be some iptables
commands in the firewall.user?
openvpn FAQ>
openvpn FAQ>If you are still stumped, use tcpdump, ethereal, or WinDump to
openvpn FAQ>determine where packets are being dropped.
openvpn FAQ>