mrjayviper
New Around Here
I got port forwarding working on my DD-WRT router. But whenever OpenVPN client is active, the port forwards doesn't work anymore. I tested it using my Macbook connected to my iPhone (on 4G) via hotspot.
sample port forward: My work PC trying to SSH (using ISP-provided static IP) into my home UNIX box (using 192.168.1.x IP) via port 22. This works if OpenVPN is not active.
ssh myacct@ISP-provided-static-IP
I can't even ping the static IP provided by my ISP. But I can ping the IP provided by the VPN provider. I've setup DDNS on the router and it's getting the IP from the VPN provider instead of the one given by my ISP.
Any ideas on how this can be fix?
Important info:
Router firewall is off.
My OpenVPN config runs the default router-up.sh that's created by dd-wrt automatically. I didn't make any changes to this script.
(these DNS servers are from Comodo and OpenDNS)
I also used some script I found on the net so certain IPs can bypass the VPN. This script is part of my startup script (rc_startup). I need this so I can play this specific game on my tablets.
sample port forward: My work PC trying to SSH (using ISP-provided static IP) into my home UNIX box (using 192.168.1.x IP) via port 22. This works if OpenVPN is not active.
ssh myacct@ISP-provided-static-IP
I can't even ping the static IP provided by my ISP. But I can ping the IP provided by the VPN provider. I've setup DDNS on the router and it's getting the IP from the VPN provider instead of the one given by my ISP.
Any ideas on how this can be fix?
Important info:
Router firewall is off.
Code:
root@myrouter:~# ip route list
0.0.0.0/1 via 10.208.185.5 dev tun1
default via my-wan-gateway-ip-here dev ppp0
my-wan-gateway-ip-here dev ppp0 proto kernel scope link src my-real-ip-here
10.208.0.1 via 10.208.185.5 dev tun1
10.208.185.5 dev tun1 proto kernel scope link src 10.208.185.6
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.208.185.5 dev tun1
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
my-vpn-ip via my-wan-gateway-ip-here dev ppp0
My OpenVPN config runs the default router-up.sh that's created by dd-wrt automatically. I didn't make any changes to this script.
Code:
root@myrouter:/tmp# cat /tmp/openvpncl/route-up.sh
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
Code:
root@myrouter:/tmp# cat resolv.dnsmasq
nameserver 8.26.56.26
nameserver 8.20.247.20
nameserver 208.67.222.222
I also used some script I found on the net so certain IPs can bypass the VPN. This script is part of my startup script (rc_startup). I need this so I can play this specific game on my tablets.
Code:
#!/bin/sh
sleep 30
NO_VPN_LST="192.168.1.11 192.168.1.2"
[ -z "$NO_VPN_LST" ] && exit 0
WAN_GWAY="0.0.0.0"
while [ $WAN_GWAY == "0.0.0.0" ]; do
sleep 3
WAN_GWAY=`nvram get wan_gateway`
done
ip route add default via $WAN_GWAY table 10
for ipa in $NO_VPN_LST; do
ip rule add from $ipa table 10
done
ip route flush cache
exit 0
Last edited: