3

I've OpenWRT router with Backfire 10.03.1-rc3 (arch:brcm 2.6 kernel)

I've set up an OpenVPN client connecting my router with workplace lan, and it works nicely, I can connect from router to networks (several) in workplace.

My OpenVPN client uci-config looks like:

config 'openvpn' 'stream_client'
    option 'nobind' '1'
    option 'float' '1'
    option 'client' '1'
    option 'reneg_sec' '0'
    option 'management' '127.0.0.1 31194'
    option 'explicit_exit_notify' '1'
    option 'verb' '3'
    option 'persist_tun' '1'
    option 'persist_key' '1'
    list 'remote' 'remote.address.cutted'
    option 'ca' '/lib/uci/upload/cbid.openvpn.stream_client.ca'
    option 'key' '/lib/uci/upload/cbid.openvpn.stream_client.key'
    option 'cert' '/lib/uci/upload/cbid.openvpn.stream_client.cert'
    option 'enable' '1'
    option 'dev' 'tun1'

I've set the 'STREAM_VPN' Zone to allow in/out traffic, and I've added rules for zone-to-zone lan<->vpn and vpn<->lan

config 'zone'
    option 'name' 'stream_vpn'
    option 'network' 'stream_vpn'
    option 'input' 'ACCEPT'
    option 'output' 'ACCEPT'
    option 'forward' 'REJECT'

config 'forwarding'
    option 'src' 'lan'
    option 'dest' 'stream_vpn'

config 'forwarding'
    option 'src' 'stream_vpn'
    option 'dest' 'lan'

And interface config:

config 'interface' 'stream_vpn'
    option 'proto' 'none'
    option 'ifname' 'tun1'
    option 'defaultroute' '0'
    option 'peerdns' '0'

Now, from my router everything works nicely, the problem is that I cannot connect from computer inside a lan to hosts in networks provided by vpn connection :/

What I've missed, or what I'm doing wrong?

And how can I force using specified DNS when connected to vpn? (I know that sever should use PUSH DNS option, but is PUSHes only routes)

canni
  • 133
  • 1
  • 1
  • 4

4 Answers4

2

You most likely don't have the openvpn client side routing set up. http://openvpn.net/index.php/open-source/documentation/howto.html#scope section "Including multiple machines on the client side when using a routed VPN (dev tun)" should address this exact scenario.

lkraav
  • 786
  • 1
  • 8
  • 22
  • I'm not sure that I understand that section right, it seems that steps provided in that section involves OpenVPN Server reconfiguration (In my workplace) witch I do not have access :/ Is it the only one solution ? – canni Feb 26 '11 at 22:02
  • Yep, I highly doubt I'm mistaken when I claim that you need extra configuration on OpenVPN server to make this happen. – lkraav Feb 26 '11 at 23:10
  • 1
    Please do report back when you get it working. – lkraav Feb 27 '11 at 19:47
1

Add option masq '1' in the config 'zone'

option 'name' 'stream_vpn'
option 'network' 'stream_vpn'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option masq '1' # IMPORTANT!!!
John Smith
  • 301
  • 1
  • 5
0

I don't know if your answer helped @canni, but it helped me.

iroute must be used in a per user basis.

Then both kernel and OpenVPN will know the routes and every host in both LANs can comunicate through the VPN.

473183469
  • 1,360
  • 1
  • 12
  • 23
Francisco
  • 1
0

You can try several config settings.
But just adding this one at server settings do the magic trick:

client-to-client
Luiz Vaz
  • 131
  • 4