DD-WRT Router mit OpenVPN

[derdigge]

AW: DD-WRT Router mit OpenVPN

Das mit der push route ist komisch gelöst.
Wenn das keinen tieferen Sinn für dich hatte oder nur ein "hab ich mal so gesehen" ding ist ändere es mal so in der Server config.

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

ggf. Poste mal server, wie client config hier.

 

[skapi]

AW: DD-WRT Router mit OpenVPN

Hab mir gedacht ich geb den Gateway einfach Numerisch vor....
Wegen den DNS, hab mir gedacht er soll auf die im Router eingetragenen DNS zugreifen....
Firewall Regeln hab ich bis jetzt keine eingetragen, ist das vl. dass Problem?

Hier die config vom Ovpn Server am Router

Spoiler

OpenVPN: Enable
Start Type: System
Config as: Server
Server mode: Router (TUN)
Network: 10.8.0.0
Netmask: 255.255.255.0
Port: 443
Tunnel Protocol: TCP
Encryption Cipher:Blowfish CBC
Hash Algorithm: SHA1
TLS Cipher: None
LZO Compression: Adaptive
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Disable
Tunnel MTU setting: 1500
Tunnel UDP MSS-Fix: Disable


Additional Config:
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

Server log

Spoiler

Serverlog
20141207 12:10:36 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013 20141207 12:10:36 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
20141207 12:10:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20141207 12:10:38 Diffie-Hellman initialized with 2016 bit key
20141207 12:10:38 Socket Buffers: R=[87380->131072] S=[16384->131072]
20141207 12:10:38 I TUN/TAP device tun2 opened
20141207 12:10:38 TUN/TAP TX queue length set to 100
20141207 12:10:38 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20141207 12:10:38 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
20141207 12:10:38 I Listening for incoming TCP connection on [undef]
20141207 12:10:38 Socket flags: TCP_NODELAY=1 succeeded
20141207 12:10:38 I TCPv4_SERVER link local (bound): [undef]
20141207 12:10:38 I TCPv4_SERVER link remote: [undef]
20141207 12:10:38 MULTI: multi_init called r=256 v=256
20141207 12:10:38 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0
20141207 12:10:38 I ifconfig_pool_read() in='Michael 10.8.0.2' TODO: IPv6
20141207 12:10:38 I succeeded -> ifconfig_pool_set()
20141207 12:10:38 IFCONFIG POOL LIST
20141207 12:10:38 Michael 10.8.0.2
20141207 12:10:38 MULTI: TCP INIT maxclients=1024 maxevents=1028
20141207 12:10:38 I Initialization Sequence Completed
20141207 12:10:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:10:44 D MANAGEMENT: CMD 'state'
20141207 12:10:44 MANAGEMENT: Client disconnected
20141207 12:10:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:10:44 D MANAGEMENT: CMD 'state'
20141207 12:10:44 MANAGEMENT: Client disconnected
20141207 12:10:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:10:44 D MANAGEMENT: CMD 'state'
20141207 12:10:44 MANAGEMENT: Client disconnected
20141207 12:10:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:10:44 D MANAGEMENT: CMD 'status 2'
20141207 12:10:44 MANAGEMENT: Client disconnected
20141207 12:10:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:10:44 D MANAGEMENT: CMD 'log 500'
20141207 12:10:44 MANAGEMENT: Client disconnected
20141207 12:13:30 I TCP connection established with [AF_INET]xxx:42248
20141207 12:13:30 Socket flags: TCP_NODELAY=1 succeeded
20141207 12:13:30 xxx:42248 TLS: Initial packet from [AF_INET]xxx:42248 sid=05d4f1e7 809cb0b4
20141207 12:13:33 xxx:42248 VERIFY OK: depth=1 C=xx ST=xx L=xx O=no OU=no CN=OpenVPN_CA emailAddress=no@no.com
20141207 12:13:33 xxx:42248 VERIFY OK: depth=0 C=xx ST=xx L=xx O=no OU=no CN=Michael emailAddress=no@no.com
20141207 12:13:34 xxx:42248 NOTE: --mute triggered...
20141207 12:13:34 xxx:42248 5 variation(s) on previous 3 message(s) suppressed by --mute
20141207 12:13:34 I xxx:42248 [Michael] Peer Connection Initiated with [AF_INET] xxx:42248
20141207 12:13:34 I Michael/xxx:42248 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20141207 12:13:34 Michael/xxx:42248 MULTI: Learn: 10.8.0.2 -> Michael/xxx:42248
20141207 12:13:34 Michael/xxx:42248 MULTI: primary virtual IP for Michael/xxx:42248: 10.8.0.2
20141207 12:13:37 Michael/xxx:42248 PUSH: Received control message: 'PUSH_REQUEST'
20141207 12:13:37 I Michael/xxx:42248 send_push_reply(): safe_cap=940
20141207 12:13:37 Michael/xxx:42248 SENT CONTROL [Michael]: 'PUSH_REPLY redirect-gateway def1 redirect-gateway def1 dhcp-option DNS 8.8.8.8 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 socket-flags TCP_NODELAY ifconfig 10.8.0.2 255.255.255.0' (status=1)
20141207 12:13:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:13:51 D MANAGEMENT: CMD 'state'
20141207 12:13:51 MANAGEMENT: Client disconnected
20141207 12:13:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:13:51 D MANAGEMENT: CMD 'state'
20141207 12:13:51 MANAGEMENT: Client disconnected
20141207 12:13:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:13:51 D MANAGEMENT: CMD 'state'
20141207 12:13:51 MANAGEMENT: Client disconnected
20141207 12:13:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:13:51 D MANAGEMENT: CMD 'status 2'
20141207 12:13:51 MANAGEMENT: Client disconnected
20141207 12:13:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:13:51 D MANAGEMENT: CMD 'log 500'
20141207 12:13:51 MANAGEMENT: Client disconnected
20141207 12:21:11 N Michael/xxx:42248 Connection reset restarting [0]
20141207 12:21:11 Michael/xxx:42248 SIGUSR1[soft connection-reset] received client-instance restarting
20141207 12:26:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:26:17 D MANAGEMENT: CMD 'state'
20141207 12:26:17 MANAGEMENT: Client disconnected
20141207 12:26:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:26:17 D MANAGEMENT: CMD 'state'
20141207 12:26:17 MANAGEMENT: Client disconnected
20141207 12:26:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:26:17 D MANAGEMENT: CMD 'state'
20141207 12:26:17 MANAGEMENT: Client disconnected
20141207 12:26:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:26:18 D MANAGEMENT: CMD 'status 2'
20141207 12:26:18 MANAGEMENT: Client disconnected
20141207 12:26:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20141207 12:26:18 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Client Config

Spoiler

client
dev tun
proto tcp
remote xxx 443
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca OpenVPN_CA.crt
cert Michael.crt
key Michael.pem
ns-cert-type server
comp-lzo
verb 3

//EDIT

Lösung -> unter "Commands" hab ich folgendes eingetragen und unter "Save Firewall" gespeichert

Spoiler

iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -t nat -I POSTROUTING -o tun2 -j MASQUERADE

Redict to default Gateway muss auf "Enable" sein

 

[derdigge]

AW: DD-WRT Router mit OpenVPN

Ändere mal die Firewall Regeln. Du hast das alles da doppelt gemoppelt.

[FONT=Helvetica]iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT[/FONT]
[FONT=Helvetica]iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE[/FONT]
[FONT=Helvetica]iptables -I FORWARD -i br0 -o tun+ -j ACCEPT[/FONT]
[FONT=Helvetica]iptables -I FORWARD -i tun+ -o br0 -j ACCEPT[/FONT]