1
I am having issues with my OpenVPN configuration on DD-WRT. All traffic has to be routed through the tunnel. The DD-WRT device is not directly exposed to the internet, so the firewall is disabled.
My server configuration file:
mode server
proto udp
port 1194
dev tap0
server-bridge 192.168.0.2 255.255.255.0 192.168.0.20 192.168.0.29
# Gateway (VPN Server) Subnetmask Start-IP End-IP
push "dhcp-option DNS 195.130.130.4"
push "dhcp-option DNS 195.130.131.4"
push "redirect-gateway"
keepalive 10 120
daemon
verb 5
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
My client configuration file:
remote xxxx.no-ip.org 1194
client
dev tap0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float
verb 5
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
My network looks like this:
------------
DD-WRT Device (functions as a switch) ----- Router ----------| Internet |
192.168.0.2 192.168.0.1 ------------
When I push the setting "default-gateway def1" the routing table on the client looks like this (netstat -rn):
IPv4 routing table
===========================================================================
Active routes:
Network Address Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.57 25
0.0.0.0 128.0.0.0 192.168.0.2 192.168.0.20 30
84.197.216.14 255.255.255.255 192.168.43.1 192.168.43.57 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 192.168.0.2 192.168.0.20 30
192.168.0.0 255.255.255.0 On-link 192.168.0.20 286
192.168.0.20 255.255.255.255 On-link 192.168.0.20 286
192.168.0.255 255.255.255.255 On-link 192.168.0.20 286
192.168.43.0 255.255.255.0 On-link 192.168.43.57 281
192.168.43.57 255.255.255.255 On-link 192.168.43.57 281
192.168.43.255 255.255.255.255 On-link 192.168.43.57 281
192.168.221.0 255.255.255.0 On-link 192.168.221.1 276
192.168.221.1 255.255.255.255 On-link 192.168.221.1 276
192.168.221.255 255.255.255.255 On-link 192.168.221.1 276
192.168.233.0 255.255.255.0 On-link 192.168.233.1 276
192.168.233.1 255.255.255.255 On-link 192.168.233.1 276
192.168.233.255 255.255.255.255 On-link 192.168.233.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.20 286
224.0.0.0 240.0.0.0 On-link 192.168.43.57 281
224.0.0.0 240.0.0.0 On-link 192.168.221.1 276
224.0.0.0 240.0.0.0 On-link 192.168.233.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.20 286
255.255.255.255 255.255.255.255 On-link 192.168.43.57 281
255.255.255.255 255.255.255.255 On-link 192.168.221.1 276
255.255.255.255 255.255.255.255 On-link 192.168.233.1 276
===========================================================================
As you can see, the desired route still gets overridden (the other, unsecure, route has a lower metric).
However, when I push just "default-gateway" instead (without the "def1"), my routing table looks as follows:
IPv4 routing table
===========================================================================
Active routes:
Network Address Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.20 30
84.197.216.14 255.255.255.255 192.168.43.1 192.168.43.57 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.20 286
192.168.0.20 255.255.255.255 On-link 192.168.0.20 286
192.168.0.255 255.255.255.255 On-link 192.168.0.20 286
192.168.43.0 255.255.255.0 On-link 192.168.43.57 281
192.168.43.57 255.255.255.255 On-link 192.168.43.57 281
192.168.43.255 255.255.255.255 On-link 192.168.43.57 281
192.168.221.0 255.255.255.0 On-link 192.168.221.1 276
192.168.221.1 255.255.255.255 On-link 192.168.221.1 276
192.168.221.255 255.255.255.255 On-link 192.168.221.1 276
192.168.233.0 255.255.255.0 On-link 192.168.233.1 276
192.168.233.1 255.255.255.255 On-link 192.168.233.1 276
192.168.233.255 255.255.255.255 On-link 192.168.233.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.20 286
224.0.0.0 240.0.0.0 On-link 192.168.43.57 281
224.0.0.0 240.0.0.0 On-link 192.168.221.1 276
224.0.0.0 240.0.0.0 On-link 192.168.233.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.20 286
255.255.255.255 255.255.255.255 On-link 192.168.43.57 281
255.255.255.255 255.255.255.255 On-link 192.168.221.1 276
255.255.255.255 255.255.255.255 On-link 192.168.233.1 276
===========================================================================
Which is, I think, correct.
But I'm still not able to connect to the internet and not even a call to an internal address works anymore....
Any help is greatly appreciated!