Quick question concerning Padavan FW and openvpn client

[t_moore]

Greetings all.. I have been scouring Google for the last 2 hrs to no avail, so I am posting at your mercy. I have updated my Asus rt-n56u to the latest Padavan firmware, so that I may create an "always on" vpn connection from my router to my vpn service (airvpn).

I have all the configuration right and I can see in the logs that the connection is created successfully. I can even ping from within the router to the vpn remote gateway with success.

I cannot however connect to anywhere on the internet from any LAN clients (i.e. my machines are on the 192.168.1.0/24). I have gotten DNS to work for those clients (i.e. they properly lookup hostnames), but obviously any TCP connections don't get passed through the tunnel.

So my question is, is there some sort of iptables/masquerade settings I have to run after the fact to "forward" all packets from the 192.168.1.0/24 subnet through the VPN tunnel created by the router? I was under the impression that once you had everything configured via the GUI that was it, but from searching the net it seems that there are iptables rules I may/may not have to set up.

I have actually tried these but running a "iptables -L" after the fact shows no changes in the iptables configurations, almost like it's just ignoring the iptables commands.

Thanks in advance!

 

[L&LD]

I don't use VPN or know anything about iptables except:

Did you try putting your command before or after the other iptable commands?

The position you insert it can make a difference.

 

[t_moore]

I don't use VPN or know anything about iptables except:

Did you try putting your command before or after the other iptable commands?

The position you insert it can make a difference.

Honestly, after I enabled the VPN tunnel, I was running the iptables commands by hand on the commandline in the router, while doing port tests from my client linux machine.

Seems strange all the articles I read on tomato/dd-wrt/merlin as openvpn "clients" never mention anything about having to add iptables lines. Not sure why the Padavan firmware would be different (unless I've found some sort of bug). I'm inclined to think it's just user error

 

[t_moore]

I'm closer.. added this to run after firewall rules restart and i can intermittently get to the internet with a different IP

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

 

[L&LD]

Hey! Did I get you on the right track?

(Still looks all greek to me).

 

[t_moore]

Honestly, after I enabled the VPN tunnel, I was running the iptables commands by hand on the commandline in the router, while doing port tests from my client linux machine.

Seems strange all the articles I read on tomato/dd-wrt/merlin as openvpn "clients" never mention anything about having to add iptables lines. Not sure why the Padavan firmware would be different (unless I've found some sort of bug). I'm inclined to think it's just user error

Hey! Did I get you on the right track?

(Still looks all greek to me).

Sorry not exactly. Still digging. I think one of those iptables is blocking DNS lookups now.

 

[t_moore]

Sorry not exactly. Still digging. I think one of those iptables is blocking DNS lookups now.

Ok.. for what it's worth, taking this line out causes it to work.

iptables -I INPUT -i tun1 -j REJECT

However, I believe this line is designed to block clients from being able to access the internet if the VPN is down.

 

[t_moore]

Did this as well for the ports I needed to forward, and all seems well.

https://airvpn.org/topic/9270-how-t...ables/?hl=+iptables++prerouting++tun11+--dpor