0

I have a Linux router and OpenVPN client at home (running dd-wrt) which is connected to my office network via OpenVPN. From the router itself, I can access my office LAN and its hosts. However, from my home LAN, I can access the internet via my dd-wrt router, but not the Office LAN.

My setup goes like this:

.--------------.       .--------.          .----------------.
| Home network |------>| dd-wrt |---vpn--->| Office network |
'--------------'       '--------'          '----------------'
 172.18.20.0/24        172.18.20.1           172.18.11.0/24             
     
      \                       `-----works--------´  /
       \                                           /
        `--------doesn't work---------------------´
 
[email protected]:~# ping 172.18.11.1
PING 172.18.11.1 (172.18.11.1): 56 data bytes
64 bytes from 172.18.11.1: seq=0 ttl=64 time=63.372 ms
 
[email protected]:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 br0
172.16.0.0      172.18.11.9     255.255.0.0     UG    0      0        0 tun1
172.18.11.0     172.18.11.9     255.255.255.0   UG    0      0        0 tun1
172.18.11.9     0.0.0.0         255.255.255.255 UH    0      0        0 tun1
172.18.20.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
 
[email protected]:~# cat /tmp/openvpncl/route-up.sh
#!/bin/sh
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D FORWARD -i tun1 -j ACCEPT
iptables -D FORWARD -o tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -j ACCEPT
iptables -I FORWARD -o tun1 -j ACCEPT
 
[email protected]:~# ip a|grep tun1
9: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
    inet 172.18.11.10 peer 172.18.11.9/32 scope global tun1
 
[email protected]:~# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
DROP       udp  --  anywhere             anywhere            udp dpt:route
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     tcp  --  anywhere             ix1                 tcp dpt:www
logbrute   tcp  --  anywhere             ix1                 tcp dpt:telnet
ACCEPT     tcp  --  anywhere             ix1                 tcp dpt:telnet
DROP       icmp --  anywhere             anywhere
DROP       igmp --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state NEW
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere
ACCEPT     gre  --  172.18.20.0/24       anywhere
ACCEPT     tcp  --  172.18.20.0/24       anywhere            tcp dpt:1723
lan2wan    0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain advgrp_1 (0 references)
target     prot opt source               destination
 
Chain advgrp_10 (0 references)
target     prot opt source               destination
 
Chain advgrp_2 (0 references)
target     prot opt source               destination
 
Chain advgrp_3 (0 references)
target     prot opt source               destination
 
Chain advgrp_4 (0 references)
target     prot opt source               destination
 
Chain advgrp_5 (0 references)
target     prot opt source               destination
 
Chain advgrp_6 (0 references)
target     prot opt source               destination
 
Chain advgrp_7 (0 references)
target     prot opt source               destination
 
Chain advgrp_8 (0 references)
target     prot opt source               destination
 
Chain advgrp_9 (0 references)
target     prot opt source               destination
 
Chain grp_1 (1 references)
target     prot opt source               destination
 
Chain grp_10 (0 references)
target     prot opt source               destination
 
Chain grp_2 (0 references)
target     prot opt source               destination
 
Chain grp_3 (0 references)
target     prot opt source               destination
 
Chain grp_4 (0 references)
target     prot opt source               destination
 
Chain grp_5 (0 references)
target     prot opt source               destination
 
Chain grp_6 (0 references)
target     prot opt source               destination
 
Chain grp_7 (0 references)
target     prot opt source               destination
 
Chain grp_8 (0 references)
target     prot opt source               destination
 
Chain grp_9 (0 references)
target     prot opt source               destination
 
Chain lan2wan (1 references)
target     prot opt source               destination
grp_1      0    --  anywhere             anywhere
 
Chain logaccept (0 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
 
Chain logbrute (1 references)
target     prot opt source               destination
           0    --  anywhere             anywhere            recent: SET name: BRUTEFORCE side: source
RETURN     0    --  anywhere             anywhere            !recent: UPDATE seconds: 60 hit_count: 4 name: BRUTEFORCE side: source
RETURN     0    --  anywhere             anywhere            limit: avg 1/min burst 1
DROP       0    --  anywhere             anywhere
 
Chain logdrop (0 references)
target     prot opt source               destination
DROP       0    --  anywhere             anywhere
 
Chain logreject (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
 
Chain trigger_out (1 references)
target     prot opt source               destination

Browse other questions tagged or ask your own question.