378.53 Build - No internet acces for policy based tunneling clients

Espen Tjonneland · May 6, 2015

After having setup OpenVPN on the server end of the VPN setup, and verified that I am able to connect to it from another country via the OpenVPN client (both running on the AP with the same formware) I am not able to connect to the internet via the tunnel when enabling policy based routing.

Here are the basics:
VPN server with TUN
Subnet: 10.168.1.0/255.255.255.0

Client VPNsetting:
Firewall: Automatic
Redirect Internet traffic: Policy rules
Rules:
Source IP: 192.168.20.21
Destination IP: 0.0.0.0

When tracerouting, the traffic on the client with IP 192.168.20.21 (on the external network) routes the traffic through the tunnel to the VPNserver, but the server then blocks the traffic from accessing the internet.
Here is a log line from the server side:

Code:

May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=16459 DPT=53 LEN=48
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=71 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=43666 DPT=53 LEN=51
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=41440 DPT=53 LEN=48
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=65474 DPT=53 LEN=43
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=52979 DPT=53 LEN=54
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=4744 DPT=53 LEN=43
May  6 14:37:24 kernel: DROP  <4>DROP IN=tun21 OUT=eth0 <1>SRC=10.168.1.6 DST=8.8.8.8 <1>LEN=96 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP <1>SPT=6973 DPT=53 LEN=76

As you see for this case DNS traffic to 8.8.8.8 (Google DNS) is dropped. Any other traffic is also dropped that goes to the internet.

Does anyone know what I need to do to get my server side to allow traffic through?

Thread starter	Title	Forum	Replies	Date
	[ 3004.388.7 alpha 2 Build(s) ] Testing available build(s)	Asuswrt-Merlin	85	Apr 13, 2024
	[ 3004.388.7 alpha 1 Build(s) ] Testing available build(s)	Asuswrt-Merlin	175	Mar 16, 2024
	[ 386.13 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	46	Mar 11, 2024
	[ 3004.388.6 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	189	Dec 20, 2023
	[ 3004.388.5 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	161	Nov 2, 2023
A	RT-AX82U asuswrt-merlin.ng - build kernel module	Asuswrt-Merlin	2	Oct 20, 2023
	[ 386.12 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	90	Aug 1, 2023
	[ 3004_388.4_beta Build(s) ] Testing available build(s)	Asuswrt-Merlin	3	Jul 26, 2023
	[ 388.4 alpha Build(s) ] Testing available build(s)	Asuswrt-Merlin	141	Jul 7, 2023
	Wireless MAC filter: not actually rejecting devices, and saving changes takes down Wi-Fi interface. Build 388.2_2.	Asuswrt-Merlin	0	Jun 29, 2023

Search

Search

378.53 Build - No internet acces for policy based tunneling clients

Espen Tjonneland

New Around Here

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online