Allow access to internet with DD-WRT OpenVPN in bridging mode

1

I am having issues with my OpenVPN configuration on DD-WRT. All traffic has to be routed through the tunnel. The DD-WRT device is not directly exposed to the internet, so the firewall is disabled.

My server configuration file:

mode server
proto udp 
port 1194 
dev tap0 
server-bridge 192.168.0.2 255.255.255.0 192.168.0.20 192.168.0.29 
# Gateway (VPN Server)   Subnetmask   Start-IP   End-IP 
push "dhcp-option DNS 195.130.130.4"
push "dhcp-option DNS 195.130.131.4"
push "redirect-gateway"
keepalive 10 120 
daemon 
verb 5 
client-to-client 
dh /tmp/openvpn/dh.pem 
ca /tmp/openvpn/ca.crt 
cert /tmp/openvpn/cert.pem 
key /tmp/openvpn/key.pem

My client configuration file:

remote xxxx.no-ip.org 1194

client 
dev tap0 
proto udp 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
float 
verb 5 

ca ca.crt 
cert client1.crt 
key client1.key 

ns-cert-type server

My network looks like this:

                                                             ------------
DD-WRT Device (functions as a switch) ----- Router ----------| Internet |
192.168.0.2                                 192.168.0.1      ------------

When I push the setting "default-gateway def1" the routing table on the client looks like this (netstat -rn):

IPv4 routing table
===========================================================================
Active routes:
Network Address    Netmask            Gateway        Interface       Metric
          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.57     25
          0.0.0.0        128.0.0.0      192.168.0.2     192.168.0.20     30
    84.197.216.14  255.255.255.255     192.168.43.1    192.168.43.57     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0      192.168.0.2     192.168.0.20     30
      192.168.0.0    255.255.255.0         On-link      192.168.0.20    286
     192.168.0.20  255.255.255.255         On-link      192.168.0.20    286
    192.168.0.255  255.255.255.255         On-link      192.168.0.20    286
     192.168.43.0    255.255.255.0         On-link     192.168.43.57    281
    192.168.43.57  255.255.255.255         On-link     192.168.43.57    281
   192.168.43.255  255.255.255.255         On-link     192.168.43.57    281
    192.168.221.0    255.255.255.0         On-link     192.168.221.1    276
    192.168.221.1  255.255.255.255         On-link     192.168.221.1    276
  192.168.221.255  255.255.255.255         On-link     192.168.221.1    276
    192.168.233.0    255.255.255.0         On-link     192.168.233.1    276
    192.168.233.1  255.255.255.255         On-link     192.168.233.1    276
  192.168.233.255  255.255.255.255         On-link     192.168.233.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.20    286
        224.0.0.0        240.0.0.0         On-link     192.168.43.57    281
        224.0.0.0        240.0.0.0         On-link     192.168.221.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.233.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.20    286
  255.255.255.255  255.255.255.255         On-link     192.168.43.57    281
  255.255.255.255  255.255.255.255         On-link     192.168.221.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.233.1    276
===========================================================================

As you can see, the desired route still gets overridden (the other, unsecure, route has a lower metric).

However, when I push just "default-gateway" instead (without the "def1"), my routing table looks as follows:

IPv4 routing table
===========================================================================
Active routes:
Network Address    Netmask            Gateway        Interface       Metric
          0.0.0.0          0.0.0.0      192.168.0.2     192.168.0.20     30
    84.197.216.14  255.255.255.255     192.168.43.1    192.168.43.57     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.20    286
     192.168.0.20  255.255.255.255         On-link      192.168.0.20    286
    192.168.0.255  255.255.255.255         On-link      192.168.0.20    286
     192.168.43.0    255.255.255.0         On-link     192.168.43.57    281
    192.168.43.57  255.255.255.255         On-link     192.168.43.57    281
   192.168.43.255  255.255.255.255         On-link     192.168.43.57    281
    192.168.221.0    255.255.255.0         On-link     192.168.221.1    276
    192.168.221.1  255.255.255.255         On-link     192.168.221.1    276
  192.168.221.255  255.255.255.255         On-link     192.168.221.1    276
    192.168.233.0    255.255.255.0         On-link     192.168.233.1    276
    192.168.233.1  255.255.255.255         On-link     192.168.233.1    276
  192.168.233.255  255.255.255.255         On-link     192.168.233.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.20    286
        224.0.0.0        240.0.0.0         On-link     192.168.43.57    281
        224.0.0.0        240.0.0.0         On-link     192.168.221.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.233.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.20    286
  255.255.255.255  255.255.255.255         On-link     192.168.43.57    281
  255.255.255.255  255.255.255.255         On-link     192.168.221.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.233.1    276
===========================================================================

Which is, I think, correct.

But I'm still not able to connect to the internet and not even a call to an internal address works anymore....

Any help is greatly appreciated!

Nathan

Posted 2012-12-27T15:45:05.980

Reputation: 11

No answers

Asked: 2012-12-27T15:45:05.980

Viewed: 1 156 times

Active: 2012-12-29T07:26:45.380