Hi all,
I'm rather new to VPN configuration on Linux systems and am stuck with the setup of an ASUS RT-N66U as a VPN gateway.
My current setup is as follows:
- router to ISP
- ASUS RT-N66U
- wired clients in the LAN
The ISP-router is the default-gateway on the clients and has static routes to the ASUS router to the networks which should be reached through the VPN tunnel.
The ASUS router is connected to one of the LAN ports, the WAN port is disconnected.
The setup of the OpenVPN client on the ASUS-router seems to work. The tunnel (tun11) is up, and ping works from the router to destinations behind the tunnel.
Clients in the LAN aren't able to reach networks behind the tunnel, though. A tracert from on of the clients shows, that the routing is ok - the first hop is the internet router the second the ASUS-router and then I'm stuck.
Since there is no possibility to add routes back into the local LAN on the far end of the tunnel, I need to use NAT on the tunnel. Therefore I added the following entry to the iptables:
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
but this does't seem to work.
I already spent hours of researching but wasn't able to find information on how to properly debug the NAT rules on the ASUS router. Any setup hint points me to the above result.
Any help is highly appreciated.
Cheers, Martin
I'm rather new to VPN configuration on Linux systems and am stuck with the setup of an ASUS RT-N66U as a VPN gateway.
My current setup is as follows:
- router to ISP
- ASUS RT-N66U
- wired clients in the LAN
The ISP-router is the default-gateway on the clients and has static routes to the ASUS router to the networks which should be reached through the VPN tunnel.
The ASUS router is connected to one of the LAN ports, the WAN port is disconnected.
The setup of the OpenVPN client on the ASUS-router seems to work. The tunnel (tun11) is up, and ping works from the router to destinations behind the tunnel.
Clients in the LAN aren't able to reach networks behind the tunnel, though. A tracert from on of the clients shows, that the routing is ok - the first hop is the internet router the second the ASUS-router and then I'm stuck.
Since there is no possibility to add routes back into the local LAN on the far end of the tunnel, I need to use NAT on the tunnel. Therefore I added the following entry to the iptables:
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
but this does't seem to work.
I already spent hours of researching but wasn't able to find information on how to properly debug the NAT rules on the ASUS router. Any setup hint points me to the above result.
Any help is highly appreciated.
Cheers, Martin