1
I want to allow users to connect to my home network through my DD-WRT router using a VPN tunnel.
I want the users to be able to access a specific IP on my local network freely (10.10.10.5). I dont want clients to be able to browse internet through the VPN tunnel.
Anyone know how to set this up?
1
Configure your firewall to only allow the VPN the access they need. The device is likely tun0. DD-WRT should be using an iptables based firewall. Depending on memory you could look at installing shorewall or shorewall-lite.
In your case you likely want a REJECT policy for the device and rules to accept
If you only push a route to your network from the VPN users Internet access should be via their existing connection and you won't need to allow them access. However, this may allow access to your services via a proxy on the connecting servers. It is up to you to assess the risk.
BillThor
Posted 2012-04-20T20:28:51.230
Reputation: 9 384
0
Okay, if you configure the VPN within the dd-wrt, as long as you know the username and password, I believe by default all things on your internal network are now accessible to you.
The server is no longer directly facing the internet, and it's inherently more secure. Once the tunnel is established, IF dd-wrt access restrictions work correctly you basically have this:
JohnThePro
Posted 2012-04-20T20:28:51.230
Reputation: 211
I have a win2008 server that I want to access, I have currently exposed the rdp port to the internet so I can access it from anywhere. But I want to change that so I have to be on the VPN to access the server through RDP (the less interfaces exposed the better and all that). – None – 2012-04-20T20:44:23.770
0
I ended up not using DD-WRT to accomplish this.
There seems to be a problem/bug with doing this in the dd-wrt build I have. Firmware: DD-WRT v24-sp2 (08/07/10) std
Not sure what the problem is but after two days of trying I could not get it to accept connections. There are also a few threads where people have seemingly configured it correctly without getting it to work http://www.dd-wrt.com/phpBB2/viewtopic.php?p=651839 (cant post more links or I would)
I instead solved this by setting up a dedicated VPN server running on my Hyper-V machine.
I used this guide to set it up under Windows server 2008 http://www.buchatech.com/2010/06/how-to-setup-vpn-access-on-server-2008/
Got it to work right away, forwarded TCP port 1723 from DD-wrt to the server.
As a side note: My DHCP router uses 192.168.1.50-100 and my VPN users get addresses from 192.168.1.200-210. This allows the VPN users access to the network without any NAT translation on the server and by not having any NAT translation they are also blocked from the internet :)
As a side note, I blocked internet traffic for all connected users by simply not setting up any NAT translation on the server, – None – 2012-04-22T13:47:11.327
What are you shooting for here? What is on your home network that you want outside people to connect to? A computer? A file server? A media server? – JohnThePro – 2012-04-20T20:30:51.997
I want to expose a remote desktop and a NAS to a few select people. I could expose all of them directly to the internet but would prefer to go through a VPN tunnel first. But at the same time I dont want these people to be able to "hide" behind my internet through the VPN. – None – 2012-04-20T20:47:13.843