OpenVPN on Asus RT-N66U not routing internet traffic

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
wickywick
DD-WRT Novice


Joined: 09 Sep 2012
Posts: 3

PostPosted: Mon Apr 21, 2014 12:19    Post subject: OpenVPN on Asus RT-N66U not routing internet traffic Reply with quote
I am running an Asus RT-N66U with DD-WRT successfully installed. Here is relevant info:

Router CPU: Broadcom BCM5300 chip rev 1
dd-wrt: dd-wrt.v24-23919_NEWD-2_K3.x_mega_RT-N66U.trx

The big reason I want DD-WRT running is so I can operate OpenVPN on the router, and not on my Win7 machine (that is behind the router) as I have previously been doing with success.

I am able to get OpenVPN running on DD-WRT. I can connect to it from outside the network using an android phone as the client. Previous to running DD-WRT, I was able to successfully use the android phone to connect to OpenVPN running on the Win7 machine, so I know the system works.

Info about OpenVPN setup (logs and such to follow):
OpenVPN network: 10.8.0.0
LAN on the router: 192.168.40.0
Win7 machine running on the LAN: 192.168.40.2

When connected to the OpenVPN, the android client can ping 192.168.40.2 and other LAN clients. The only problem is the android client cannot reach the internet. Example: it cannot ping 8.8.8.8.

Following are the server and client setups, server and client logs, firewall mod to the DD-WRT server, results from server iptables, and results from client netstat command. Note on the server config: DD-WRT output lumps it all in one big paragraph. I tried to break it up into what I believe are the correct lines, though I may not have gotten it perfect. All the info is there, though.

Server config:
Code:
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet script-security 2
port 1194
proto udp
cipher bf-cbc
auth sha1
client-config-dir /tmp/openvpn/ccd
comp-lzo yes
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
push "redirect-gateway def1"
fast-io
tun-mtu 1500
mtu-disc yes
server 10.8.0.0 255.255.255.0
dev tun2 tun-ipv6
tls-auth /tmp/openvpn/ta.key 0
push "route 192.168.40.0 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
Clientlog


Client config:
Code:
# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
setenv IV_GUI_VER "de.blinkt.openvpn 0.6.11"
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote mynetwork.dnsdynamic.com 1194 udp
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
comp-lzo
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
nobind
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These Options were found in the config file do not map to config settings:
ns-cert-type server
resolv-retry infinite


Server firewall commands saved:
Code:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT


Server log:
Code:

20140420 06:57:11 70.210.134.109:3675 TLS: Initial packet from [AF_INET]70.210.134.109:3675 sid=6959f5b2 a16c2402
20140420 06:57:13 70.210.134.109:3675 VERIFY OK: depth=1 C=US ST=ST L=city O=mynetwork CN=name name=name emailAddress=email@gmail.com
20140420 06:57:13 70.210.134.109:3675 VERIFY OK: depth=0 C=US ST=ST L=city O=mynetwork OU=changeme CN=client name=name emailAddress=email@gmail.com
20140420 06:57:13 70.210.134.109:3675 NOTE: --mute triggered...
20140420 06:57:14 70.210.134.109:3675 5 variation(s) on previous 3 message(s) suppressed by --mute
20140420 06:57:14 I 70.210.134.109:3675 [client] Peer Connection Initiated with [AF_INET]70.210.134.109:3675
20140420 06:57:14 I client/70.210.134.109:3675 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20140420 06:57:14 client/70.210.134.109:3675 MULTI: Learn: 10.8.0.2 -> client/70.210.134.109:3675
20140420 06:57:14 client/70.210.134.109:3675 MULTI: primary virtual IP for client/70.210.134.109:3675: 10.8.0.2
20140420 06:57:16 client/70.210.134.109:3675 PUSH: Received control message: 'PUSH_REQUEST'
20140420 06:57:16 I client/70.210.134.109:3675 send_push_reply(): safe_cap=940
20140420 06:57:16 client/70.210.134.109:3675 SENT CONTROL [client]: 'PUSH_REPLY redirect-gateway def1 route 192.168.40.0 255.255.255.0 dhcp-option DNS 208.67.222.222 dhcp-option DNS 208.67.220.220 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0' (status=1)
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'status 2'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'log 500'


Client log:
Code:

2014-04-20 06:57:11 Running on XT894 (maserati) verizon, Android API 18, version 0.6.11, official build
2014-04-20 06:57:22 Building configuration…
2014-04-20 06:57:24 started Socket Thread
2014-04-20 06:57:24 P:Initializing Google Breakpad!
2014-04-20 06:57:24 Current Parameter Settings:
2014-04-20 06:57:24   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-04-20 06:57:24   mode = 0
2014-04-20 06:57:24   show_ciphers = DISABLED
2014-04-20 06:57:24   show_digests = DISABLED
2014-04-20 06:57:24   show_engines = DISABLED
2014-04-20 06:57:24   genkey = DISABLED
2014-04-20 06:57:24   key_pass_file = '[UNDEF]'
2014-04-20 06:57:24   show_tls_ciphers = DISABLED
2014-04-20 06:57:24   connect_retry_max = 5
2014-04-20 06:57:24 Connection profiles [0]:
2014-04-20 06:57:24   proto = udp
2014-04-20 06:57:24   local = '[UNDEF]'
2014-04-20 06:57:24   local_port = '[UNDEF]'
2014-04-20 06:57:24   remote = 'mynetwork.dnsdynamic.com'
2014-04-20 06:57:24   remote_port = '1194'
2014-04-20 06:57:24   remote_float = DISABLED
2014-04-20 06:57:24   bind_defined = DISABLED
2014-04-20 06:57:24   bind_local = DISABLED
2014-04-20 06:57:24   bind_ipv6_only = DISABLED
2014-04-20 06:57:24   connect_retry_seconds = 5
2014-04-20 06:57:24   connect_timeout = 10
2014-04-20 06:57:24   socks_proxy_server = '[UNDEF]'
2014-04-20 06:57:24   socks_proxy_port = '[UNDEF]'
2014-04-20 06:57:24   socks_proxy_retry = DISABLED
2014-04-20 06:57:24   tun_mtu = 1500
2014-04-20 06:57:24   tun_mtu_defined = ENABLED
2014-04-20 06:57:24   link_mtu = 1500
2014-04-20 06:57:24   link_mtu_defined = DISABLED
2014-04-20 06:57:24   tun_mtu_extra = 0
2014-04-20 06:57:24   tun_mtu_extra_defined = DISABLED
2014-04-20 06:57:24   mtu_discover_type = -1
2014-04-20 06:57:24   fragment = 0
2014-04-20 06:57:24   mssfix = 1450
2014-04-20 06:57:24   explicit_exit_notification = 0
2014-04-20 06:57:24 Connection profiles END
2014-04-20 06:57:24   remote_random = DISABLED
2014-04-20 06:57:24   ipchange = '[UNDEF]'
2014-04-20 06:57:24   dev = 'tun'
2014-04-20 06:57:24   dev_type = '[UNDEF]'
2014-04-20 06:57:24   dev_node = '[UNDEF]'
2014-04-20 06:57:24   lladdr = '[UNDEF]'
2014-04-20 06:57:24   topology = 1
2014-04-20 06:57:24   tun_ipv6 = DISABLED
2014-04-20 06:57:24   ifconfig_local = '[UNDEF]'
2014-04-20 06:57:24   ifconfig_remote_netmask = '[UNDEF]'
2014-04-20 06:57:24   ifconfig_noexec = DISABLED
2014-04-20 06:57:24   ifconfig_nowarn = DISABLED
2014-04-20 06:57:24   ifconfig_ipv6_local = '[UNDEF]'
2014-04-20 06:57:24   ifconfig_ipv6_netbits = 0
2014-04-20 06:57:24   ifconfig_ipv6_remote = '[UNDEF]'
2014-04-20 06:57:24   shaper = 0
2014-04-20 06:57:24   mtu_test = 0
2014-04-20 06:57:24   mlock = DISABLED
2014-04-20 06:57:24   keepalive_ping = 0
2014-04-20 06:57:24   keepalive_timeout = 0
2014-04-20 06:57:24   inactivity_timeout = 0
2014-04-20 06:57:24   ping_send_timeout = 0
2014-04-20 06:57:24   ping_rec_timeout = 0
2014-04-20 06:57:24   ping_rec_timeout_action = 0
2014-04-20 06:57:24   ping_timer_remote = DISABLED
2014-04-20 06:57:24   remap_sigusr1 = 0
2014-04-20 06:57:24   persist_tun = ENABLED
2014-04-20 06:57:24   persist_local_ip = DISABLED
2014-04-20 06:57:24   persist_remote_ip = DISABLED
2014-04-20 06:57:24   persist_key = DISABLED
2014-04-20 06:57:24   passtos = DISABLED
2014-04-20 06:57:24   resolve_retry_seconds = 1000000000
2014-04-20 06:57:24   resolve_in_advance = ENABLED
2014-04-20 06:57:24   username = '[UNDEF]'
2014-04-20 06:57:24   groupname = '[UNDEF]'
2014-04-20 06:57:24   chroot_dir = '[UNDEF]'
2014-04-20 06:57:24   cd_dir = '[UNDEF]'
2014-04-20 06:57:24   up_restart = DISABLED
2014-04-20 06:57:24   up_delay = DISABLED
2014-04-20 06:57:24   daemon = DISABLED
2014-04-20 06:57:24   inetd = 0
2014-04-20 06:57:24   log = DISABLED
2014-04-20 06:57:24   suppress_timestamps = DISABLED
2014-04-20 06:57:24   machine_readable_output = ENABLED
2014-04-20 06:57:24   nice = 0
2014-04-20 06:57:24   verbosity = 4
2014-04-20 06:57:24   mute = 0
2014-04-20 06:57:24   gremlin = 0
2014-04-20 06:57:24   status_file = '[UNDEF]'
2014-04-20 06:57:24   status_file_version = 1
2014-04-20 06:57:24   status_file_update_freq = 60
2014-04-20 06:57:24   occ = ENABLED
2014-04-20 06:57:24   rcvbuf = 65536
2014-04-20 06:57:24   sndbuf = 65536
2014-04-20 06:57:24   sockflags = 0
2014-04-20 06:57:24   fast_io = DISABLED
2014-04-20 06:57:24   comp.alg = 2
2014-04-20 06:57:24   comp.flags = 1
2014-04-20 06:57:24   route_script = '[UNDEF]'
2014-04-20 06:57:24   route_default_gateway = '[UNDEF]'
2014-04-20 06:57:24   route_default_metric = 0
2014-04-20 06:57:24   route_noexec = DISABLED
2014-04-20 06:57:24   route_delay = 0
2014-04-20 06:57:24   route_delay_window = 30
2014-04-20 06:57:24   route_delay_defined = DISABLED
2014-04-20 06:57:24   route_nopull = DISABLED
2014-04-20 06:57:24   route_gateway_via_dhcp = DISABLED
2014-04-20 06:57:24   allow_pull_fqdn = DISABLED
2014-04-20 06:57:24   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-04-20 06:57:24   management_port = 'unix'
2014-04-20 06:57:24   management_user_pass = '[UNDEF]'
2014-04-20 06:57:24   management_log_history_cache = 250
2014-04-20 06:57:24   management_echo_buffer_size = 100
2014-04-20 06:57:24   management_write_peer_info_file = '[UNDEF]'
2014-04-20 06:57:24   management_client_user = '[UNDEF]'
2014-04-20 06:57:24   management_client_group = '[UNDEF]'
2014-04-20 06:57:24   management_flags = 4390
2014-04-20 06:57:24   shared_secret_file = '[UNDEF]'
2014-04-20 06:57:24   key_direction = 2
2014-04-20 06:57:24   ciphername_defined = ENABLED
2014-04-20 06:57:24   ciphername = 'BF-CBC'
2014-04-20 06:57:24   authname_defined = ENABLED
2014-04-20 06:57:24   authname = 'SHA1'
2014-04-20 06:57:24   prng_hash = 'SHA1'
2014-04-20 06:57:24   prng_nonce_secret_len = 16
2014-04-20 06:57:24   keysize = 0
2014-04-20 06:57:24   engine = DISABLED
2014-04-20 06:57:24   replay = ENABLED
2014-04-20 06:57:24   mute_replay_warnings = DISABLED
2014-04-20 06:57:24   replay_window = 64
2014-04-20 06:57:24   replay_time = 15
2014-04-20 06:57:24   packet_id_file = '[UNDEF]'
2014-04-20 06:57:25   use_iv = ENABLED
2014-04-20 06:57:25   test_crypto = DISABLED
2014-04-20 06:57:25   tls_server = DISABLED
2014-04-20 06:57:25   tls_client = ENABLED
2014-04-20 06:57:25   key_method = 2
2014-04-20 06:57:25   ca_file = '[[INLINE]]'
2014-04-20 06:57:25   ca_path = '[UNDEF]'
2014-04-20 06:57:25   dh_file = '[UNDEF]'
2014-04-20 06:57:25   cert_file = '[[INLINE]]'
2014-04-20 06:57:25   priv_key_file = '[[INLINE]]'
2014-04-20 06:57:25   pkcs12_file = '[UNDEF]'
2014-04-20 06:57:25   cipher_list = '[UNDEF]'
2014-04-20 06:57:25   tls_verify = '[UNDEF]'
2014-04-20 06:57:25   tls_export_cert = '[UNDEF]'
2014-04-20 06:57:25   verify_x509_type = 0
2014-04-20 06:57:25   verify_x509_name = '[UNDEF]'
2014-04-20 06:57:25   crl_file = '[UNDEF]'
2014-04-20 06:57:25   ns_cert_type = 1
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_ku[i] = 0
2014-04-20 06:57:25   remote_cert_eku = '[UNDEF]'
2014-04-20 06:57:25   ssl_flags = 0
2014-04-20 06:57:25   tls_timeout = 2
2014-04-20 06:57:25   renegotiate_bytes = 0
2014-04-20 06:57:25   renegotiate_packets = 0
2014-04-20 06:57:25   renegotiate_seconds = 3600
2014-04-20 06:57:25   handshake_window = 60
2014-04-20 06:57:25   transition_window = 3600
2014-04-20 06:57:25   single_session = DISABLED
2014-04-20 06:57:25   push_peer_info = DISABLED
2014-04-20 06:57:25   tls_exit = DISABLED
2014-04-20 06:57:25   tls_auth_file = '[[INLINE]]'
2014-04-20 06:57:25   client = ENABLED
2014-04-20 06:57:25   pull = ENABLED
2014-04-20 06:57:25   auth_user_pass_file = '[UNDEF]'
2014-04-20 06:57:25 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 12 2014
2014-04-20 06:57:25 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-04-20 06:57:25 MANAGEMENT: CMD 'hold release'
2014-04-20 06:57:26 MANAGEMENT: CMD 'bytecount 2'
2014-04-20 06:57:26 MANAGEMENT: CMD 'state on'
2014-04-20 06:57:26 Network Status: CONNECTED CDMA - eHRPD to mobile VZWINTERNET
2014-04-20 06:57:26 MANAGEMENT: CMD 'proxy NONE'
2014-04-20 06:57:27 MANAGEMENT: CMD 'password [...]'
2014-04-20 06:57:27 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-04-20 06:57:27 Control Channel Authentication: tls-auth using INLINE static key file
2014-04-20 06:57:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:27 LZO compression initializing
2014-04-20 06:57:27 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-04-20 06:57:27 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-04-20 06:57:27 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2014-04-20 06:57:27 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2014-04-20 06:57:27 Local Options hash (VER=V4): '504e774e'
2014-04-20 06:57:27 Expected Remote Options hash (VER=V4): '14168603'
2014-04-20 06:57:27 TCP/UDP: Preserving recently used remote address: [AF_INET]76.121.147.160:1194
2014-04-20 06:57:27 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-04-20 06:57:27 Protecting socket fd 4
2014-04-20 06:57:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-04-20 06:57:27 UDP link local: (not bound)
2014-04-20 06:57:27 UDP link remote: [AF_INET]76.121.147.160:1194
2014-04-20 06:57:27 MANAGEMENT: >STATE:1398002247,WAIT,,,
2014-04-20 06:57:27 MANAGEMENT: >STATE:1398002247,AUTH,,,
2014-04-20 06:57:27 TLS: Initial packet from [AF_INET]76.121.147.160:1194, sid=a5a1680d 31e1b270
2014-04-20 06:57:27 PID_ERR replay-window backtrack occurred [1] [TLS_AUTH-0] [0_0000] 1397977031:6 1397977031:5 t=1398002247[0] r=[0,64,15,1,1] sl=[58,6,64,272]
2014-04-20 06:57:28 VERIFY OK: depth=1, C=US, ST=ST, L=city, O=mynetwork, CN=name, name=name, emailAddress=email@gmail.com
2014-04-20 06:57:28 VERIFY OK: nsCertType=SERVER
2014-04-20 06:57:28 VERIFY OK: depth=0, C=US, ST=ST, L=city, O=name, OU=changeme, CN=server, name=name, emailAddress=email@gmail.com
2014-04-20 06:57:29 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-04-20 06:57:29 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:29 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-04-20 06:57:29 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:29 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-04-20 06:57:29 [server] Peer Connection Initiated with [AF_INET]76.121.147.160:1194
2014-04-20 06:57:30 MANAGEMENT: >STATE:1398002250,GET_CONFIG,,,
2014-04-20 06:57:31 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2014-04-20 06:57:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 192.168.40.0 255.255.255.0,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
2014-04-20 06:57:32 OPTIONS IMPORT: timers and/or timeouts modified
2014-04-20 06:57:32 OPTIONS IMPORT: --ifconfig/up options modified
2014-04-20 06:57:32 OPTIONS IMPORT: route options modified
2014-04-20 06:57:32 OPTIONS IMPORT: route-related options modified
2014-04-20 06:57:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2014-04-20 06:57:32 ROUTE_GATEWAY 10.173.117.69
2014-04-20 06:57:32 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,ASSIGN_IP,,10.8.0.2,
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,ADD_ROUTES,,,
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2014-04-20 06:57:32 Opening tun interface:
2014-04-20 06:57:32 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2014-04-20 06:57:32 DNS Server: 208.67.222.222, 208.67.220.220, Domain: null
2014-04-20 06:57:32 Routes: 0.0.0.0/1, 128.0.0.0/1, 192.168.40.0/24
2014-04-20 06:57:32 Routes excluded: 
2014-04-20 06:57:32 VpnService routes installed: 0.0.0.0/1, 128.0.0.0/1, 192.168.40.0/24
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2014-04-20 06:57:32 Initialization Sequence Completed
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,CONNECTED,SUCCESS,10.8.0.2,76.121.147.160


Server iptables: (command issued was "iptables -L -t -nat"
Code:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       icmp --  anywhere             c-76-121-147-160.hsd1.wa.comcast.net to:192.168.40.1
TRIGGER    0    --  anywhere             c-76-121-147-160.hsd1.wa.comcast.net TRIGGER type:dnat match:0 relate:0
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       0    --  192.168.40.0/24      anywhere            to:76.121.147.160
MASQUERADE  0    --  anywhere             anywhere            mark match 0x80000000/0x80000000


Result of client command "netstat -nr":
Code:

u0_a16@cdma_maserati:/ $ netstat -nr
Proto Recv-Q Send-Q Local Address          Foreign Address        State
tcp       0      0 192.168.157.1:45827    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45813    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45821    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45826    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45822    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45816    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45812    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45818    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45820    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45817    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45814    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45819    192.168.157.2:3265     ESTABLISHED
tcp       0      0 192.168.157.1:45815    192.168.157.2:3265     ESTABLISHED
udp       0      0 0.0.0.0:56195          0.0.0.0:*              CLOSE
tcp6       0      0 ::ffff:10.173.117.70:51740 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6       0      0 2600:100f:b127:83a3::103:40400 2607:f8b0:400e:c04::bc:5228 ESTABLISHED
tcp6       0      0 ::ffff:10.173.117.70:51743 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6       0      0 ::ffff:10.173.117.70:51739 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6       0      0 ::ffff:10.173.117.70:51742 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6       0      0 ::ffff:10.173.117.70:51745 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6       0      0 ::ffff:10.173.117.70:51744 ::ffff:66.147.244.79:993 ESTABLISHED
Sponsor
wickywick
DD-WRT Novice


Joined: 09 Sep 2012
Posts: 3

PostPosted: Tue Apr 22, 2014 12:39    Post subject: Reply with quote
rizla7, I don't understand your first statement about lost in translation. Please help me understand what you mean. For background, I am not a programmer, so there is a lot I don't know.

Regarding the second statement about pointing to the internal DNS or router, I have successfully used the command in the past, so I would expect what I did to work. However I can certainly try it and see.
wickywick
DD-WRT Novice


Joined: 09 Sep 2012
Posts: 3

PostPosted: Wed Apr 23, 2014 13:40    Post subject: Reply with quote
So I changed
Code:

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

to
Code:

push "redirect-gateway def1"
push "dhcp-option DNS 192.168.40.1"


and the OpenVPN client still cannot ping 8.8.8.8. I also tried it with 10.8.0.1 in place of the 192.168.40.1 with the same result.

I also tried it without the
Code:

push "redirect-gateway def1"

and I cannot ping 8.8.8.8 from the OpenVPN client. This was done with both 192.168.40.1 and with 10.8.0.1 as the DNS server. Any ideas?
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Thu Apr 24, 2014 20:54    Post subject: Reply with quote
wiki: openvpn
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum