Hello Buffalo Experts,
I have purchased the BUFFALO AirStation N300 Open Source DD-WRT (WHR-300HP2D).
The Version I am running is 22750.
I got the PPTP VPN running and no issues. Now I started to try the openVPN.
I tried now for weeks to get openVPN running but I only can connect my phone or my laptop via mobile hotspot, but I cannot reach my router or the internet.
The router is behind another router, connected via LAN - WAN. DMZ is activated for his IP.
The static WAN IP is 192.168.1.90. The internal IP is 192.168.11.1.
The VPN Server IP is 192.168.66.0.
The VPN Server is running as Server.
Here some configurations and I hope somebody has tried to setup this router with openVPN.
Open VPN Config:
push "route 192.168.11.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.66.1"
server 192.168.66.0 255.255.255.0
dev tun2
proto udp
keepalive 10 120
dh tmp/openvpn/dh.pem
cert tmp/openvpn/cert.pem
ca tmp/openvpn/ca.crt
key tmp/openvpn/key.pem
Firewall config:
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
I have attached the iptables (iptables -L -v -n) with and without Firewall. Connectivity to the Internet or router is the same: 0.
without firewall:
DD-WRT v24-sp2 std (c) 2013 NewMedia-NET GmbH
Release: 11/05/13 (SVN revision: 22750)
DD-WRT login: root
Password:
==========================================================
____ ___ __ ______ _____ ____ _ _
| _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || |
|| | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_
||_| ||_||_____\ V V / | _ < | | \ V / / __/|__ _|
|___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_|
DD-WRT v24-sp2
http://www.dd-wrt.com==========================================================
BusyBox v1.21.1 (2013-11-05 20:13:20 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
root@DD-WRT:~# iptables -L -v -n --line-numbers
Chain INPUT (policy ACCEPT 73 packets, 7514 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
2 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
3 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
5 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:69
6 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
7 0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 0 -- tun2 br0 0.0.0.0/0 0.0.0.0/0
2 0 0 ACCEPT 0 -- br0 tun2 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT 0 -- * * 192.168.66.0/24 0.0.0.0/0
4 37 8391 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5 15 5074 lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
6 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
7 0 0 REJECT tcp -- br0 vlan2 0.0.0.0/0 0.0.0.0/0 WEBSTR match content 15 reject-with tcp-reset
8 0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
9 0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
10 15 5074 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
11 15 5074 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
Chain OUTPUT (policy ACCEPT 48 packets, 6174 bytes)
num pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
num pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
num pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain trigger_out (1 references)
num pkts bytes target prot opt in out source destination
root@DD-WRT:~#
with firewall enabled:
DD-WRT v24-sp2 std (c) 2013 NewMedia-NET GmbH
Release: 11/05/13 (SVN revision: 22750)
DD-WRT login: root
Password:
==========================================================
____ ___ __ ______ _____ ____ _ _
| _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || |
|| | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_
||_| ||_||_____\ V V / | _ < | | \ V / / __/|__ _|
|___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_|
DD-WRT v24-sp2
http://www.dd-wrt.com==========================================================
BusyBox v1.21.1 (2013-11-05 20:13:20 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
root@DD-WRT:~# iptables -L -v -n --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
2 45 3539 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
4 0 0 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
5 0 0 DROP udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
6 0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
7 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
8 0 0 DROP icmp -- vlan2 * 0.0.0.0/0 0.0.0.0/0
9 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
11 12 1056 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
12 8 673 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 0 -- tun2 br0 0.0.0.0/0 0.0.0.0/0
2 0 0 ACCEPT 0 -- br0 tun2 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT 0 -- * * 192.168.66.0/24 0.0.0.0/0
4 0 0 ACCEPT 47 -- * vlan2 192.168.11.0/24 0.0.0.0/0
5 0 0 ACCEPT tcp -- * vlan2 192.168.11.0/24 0.0.0.0/0 tcp dpt:1723
6 0 0 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT 0 -- * tun2 0.0.0.0/0 0.0.0.0/0
8 71 21551 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 9 448 lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
10 2 104 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
11 0 0 REJECT tcp -- br0 vlan2 0.0.0.0/0 0.0.0.0/0 WEBSTR match content 15 reject-with tcp-reset
12 0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
13 0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
14 9 448 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
15 4 248 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
16 5 200 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 42 packets, 4572 bytes)
num pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
num pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
num pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
num pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
num pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain trigger_out (1 references)
num pkts bytes target prot opt in out source destination
root@DD-WRT:~#
My question is why I cannot reach the internet? What might be wrong with my connection?
What is blocking the Router to have a connecting with him or the Internet?
Thanks for your help.
Regards
Wickiman