Hi everyone,
First I apologize if this is not the right forum.
I need help configuring my routers' route, firewall, etc, to allow establishing connections from my OpenVPN TUN clients to other subnets.
Current Layout
Here is the current layout of my network (just routers).
1) Main router running Tomato 1.28 Shibby v110-EN
External IP: Assigned by ISP
Internal IP: 10.0.0.1 | Network: 10.0.0.0/24
DHCP: 10.0.0.101-150 | STP: Enabled | DNS: OpenDNS
Firewall: Default settings
Static Routes (Dest/Gate/Subnet/Interface):
- 10.0.1.0/10.0.0.10/24/LAN
- 10.0.5.0/10.0.0.251/24/LAN
OpenVPN Server1 TAP IP range 10.0.0.241-250
OpenVPN Server2 TUN Sub/Mask 10.0.3.0/24
Firewall Script:
- iptables -I FORWARD -s 10.0.1.0/24 -j ACCEPT (not sure if required)
- iptables -I FORWARD -s 10.0.5.0/24 -j ACCEPT (not sure if required)
2) Additional router working as a wireless repeater for main router running 1.28 Shibby v110-EN
External IP: None
Internal IP: 10.0.0.2 | Network: 10.0.0.0/24
DHCP: Disabled | STP: Enabled | DNS: 10.0.0.1
3) Additional router working as a Gateway hosting another subnet connected to the main router by cable running 1.28 Shibby v110-EN
External IP: 10.0.0.10
Internal IP: 10.0.1.1 | Network: 10.0.1.0/24
DHCP: 10.0.1.101-150 | STP: Enabled | DNS: 10.0.0.1
Firewall: Default settings
Static Routes (Dest/Gate/Subnet/Interface):
- 10.0.5.0/10.0.0.1/24/WAN (see router 1' definitions)
- I added the route despite traffic going through router 1 since this router connects to a VPN privacy service provider and that provider uses the redirect-gateway command. This way connections going to 10.0.5.0/24 won't go through the VPN
OpenVPN Client1 TUN IP Assigned by VPN provider
(using VPN services of companies such as PIA/HMA/etc)
Firewall Script:
- iptables -I FORWARD -s 10.0.0.0/24 -j ACCEPT
4) Additional router (DDWRT) working as Gateway at remote location connected via OpenVPN to the main router via TAP connection.
External IP: Assigned by ISP
Internal IP: 10.0.5.1 | Network: 10.0.5.0/24
DHCP: 10.0.5.101-150 | STP: Enabled | DNS: OpenDNS
Firewall: Default settings
Static Routes (Dest/Gate/Subnet/Interface):
- 10.0.1.0/10.0.0.1/24/TAP1
- I added the route since the OpenVPN connections won't enforce the redirect-gateway directive. This way connections going to 10.0.1.0/24 will go through the OpenVPN network 10.0.0.0/24
OpenVPN Client connected to router 1: IP: 10.0.0.251
Firewall Script:
- iptables -I FORWARD -s 10.0.0.0/24 -j ACCEPT
Current Status
Connections between all three subnets works perfectly. A client in network 10.0.x.0 (10.0.0.0, 10.0.1.0, and 10.0.5.0) can reach any of the other networks and viceversa.
The problem
On the main router I created a second OpenVPN server for TUN connections hosting subnet 10.0.3.0/24. The issue is that clients that connect to this server are not able to reach the other subnetworks.
For example: I connect my laptop through TUN and I get assigned IP 10.0.3.6. Through this connection I am able to reach the main router (10.0.0.1), the secondary router (10.0.0.2), and all other PCs and IP cameras connected in this network (10.0.0.0/24). However, I am not able to reach the router hosting network 10.0.1.0/24 and the router hosting network 10.0.5.0/24, nor any of the devices connected to these two routers.
Personally, I believe the problem is firewall related but I have not been able to find the firewall rule to add to the scripts. I've tried adding the following line on all routers with no success at all.
iptables -I FORWARD -s 10.0.3.0/24 -j ACCEPT
For the OpenVPN server running in TUN mode I have enabled the following:
Push LAN to clients
Allow Client <-> Client
Direct clients to redirect internet traffic
Respond and Advertise DNS to clients
And I have also tried to push routes to the other networks (even though it should not be necessary since all traffic is already going through the VPN) and I have confirmed it by surfing the network and checking my IP.
Any help will be appreciated.
Regards
