RT-N66U OpenVPN DHCP problem

[vpn-dane]

Hi there


My network:

Router A

RT-N66U/Merlin firmware, Lan IP 10.0.0.1, OpenVPN Server(tap+udp), DHCP 10.0.05 – 10.0.0.50 /gateway 10.0.0.1

Router B

RT-N66U/Merlin firmware, Lan IP 10.0.0.2, OpenVPN client, DHCP 10.0.0.51 – 10.0.0.70 / gateway 10.0.0.1

Router C

RT-N66U/Merlin firmware, Lan IP 10.0.0.3, OpenVPN client, DHCP 10.0.0.71 – 10.0.0.80 / gateway 10.0.0.1

I want all my internet traffic from router B and C to pass through router A, why 10.0.0.1 figures as gateway.



Problem: The problem is DHCP. If I connect a device to LAN on router A, I sometimes notice that the IP adress comes from router B or C. Forinstans I could get 10.0.0.65 even though I'm on router A's LAN.

Q1: I tried to make the DHCP queries go to router A by disable DHCP server on router B and C, with the result that the device will recieve an IP adress from router A, but no info about gateway (even though I have specified 10.0.0.1 in gateway in the DHCP table on router A) Any idea how to obtain DHCP from only router A and have DHCP disabled on router B and C?

Q2: I read a thread in here about changing a string in a firewall script, that would not allow DHCP queries to pass through WAN. That could solve my problem and router A, B and C would not interrupt eachothers network. The string should look like this:

#!/bin/sh

ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
a

Can someone tell me if this will solve my problem. Is the string correct? And secondly, how to change the string and where to do it? Do I need some kind of program/special software to change the string in the router or can I just do it in my browser?

 

[yorgi]

Hi there


My network:

Router A

RT-N66U/Merlin firmware, Lan IP 10.0.0.1, OpenVPN Server(tap+udp), DHCP 10.0.05 – 10.0.0.50 /gateway 10.0.0.1

Router B

RT-N66U/Merlin firmware, Lan IP 10.0.0.2, OpenVPN client, DHCP 10.0.0.51 – 10.0.0.70 / gateway 10.0.0.1

Router C

RT-N66U/Merlin firmware, Lan IP 10.0.0.3, OpenVPN client, DHCP 10.0.0.71 – 10.0.0.80 / gateway 10.0.0.1

I want all my internet traffic from router B and C to pass through router A, why 10.0.0.1 figures as gateway.



Problem: The problem is DHCP. If I connect a device to LAN on router A, I sometimes notice that the IP adress comes from router B or C. Forinstans I could get 10.0.0.65 even though I'm on router A's LAN.

Q1: I tried to make the DHCP queries go to router A by disable DHCP server on router B and C, with the result that the device will recieve an IP adress from router A, but no info about gateway (even though I have specified 10.0.0.1 in gateway in the DHCP table on router A) Any idea how to obtain DHCP from only router A and have DHCP disabled on router B and C?

Q2: I read a thread in here about changing a string in a firewall script, that would not allow DHCP queries to pass through WAN. That could solve my problem and router A, B and C would not interrupt eachothers network. The string should look like this:

#!/bin/sh

ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
a

Can someone tell me if this will solve my problem. Is the string correct? And secondly, how to change the string and where to do it? Do I need some kind of program/special software to change the string in the router or can I just do it in my browser?

First of all you cannot have DHCP enabled in all 3 routers. Only one router can do DHCP. otherwise you will have problems.
You need to go to DHCP on router one and on IP Pool Starting Address put it at 192.168.1.100 and IP Pool ending Address 192.168.1.254

I would change your IP addresses to Router A 192.168.1.1 router B 192.168.1.2 Router C 192.168.1.3
When any device connects to the Router it will automatically get an IP address from Router A because the other routers DHCP are disabled.
And because you setup the Start and finish to being over 100-254 you will get IP addresses that are in the same subnet.

Make sure Server and Client are in TAP protocol
On the VPN server end in Allocate from DHCP enable to yes
on Client VPN Server is on the same subnet
Redirect Internet traffic all traffic and Gateway 192.168.1.1
stay away from those 10.0.0.1 because VPN server uses that subnet and it maybe causing a conflict because of that.
I think you should be in business and you won't need to create any firewall scripts.