VPN Router behind Primary Router Help

General networking problems and issues. Questions about cabling, switches, hubs etc. can go here.
Post Reply
d12welve
Newbie
Newbie
Posts: 2
Joined: Tue Dec 08, 2015 12:49 am

VPN Router behind Primary Router Help

Post by d12welve » Tue Dec 08, 2015 12:57 am

I'm attempting to setup a network containing two routers, a primary giving me local internet access, and a secondary router that has a persistent VPN connection to a service (i.e. vpnunlimited).

My primary router is configured with ip Address 192.168.1.1, Subnet 255.255.255.0. It acts also as DHCP that release 192.168.1.x address class.

The new router with DD-WRT is configured with ip address 192.168.2.1. Then i configure VPN as described here: https://www.vpnunlimitedapp.com/ddwrtsetup.

I am able to connect to the internet using the new router with VPN OFF but as soon as I turn on VPN I can no longer connect to the internet. I can ping the primary router and other devices on the network.

When viewing the status tab of the OpenVPN on the DD-WRT router, it show that it is connected as a client and gives an ip address but not one for the Remote Address.

What am i missing ?

Here are some of the troubleshooting tests I've done so far to try and identify the problem... but I've had no luck so far. If you can help I'd appreciate it!

VPN STATE
Code:
Client: CONNECTED SUCCESS

Local Address: 10.208.29.206
Remote Address:

STATUS
VPN Client Stats
TUN/TAP read bytes 27412
TUN/TAP write bytes 252
TCP/UDP read bytes 6513
TCP/UDP write bytes 42963
Auth read bytes 700
pre-compress bytes 6389
post-compress bytes 6410
pre-decompress bytes 0
post-decompress bytes 0


LOG
Code:
Clientlog:
20151207 15:13:52 I OpenVPN 2.3.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 1 2014
20151207 15:13:52 I library versions: OpenSSL 1.0.1h 5 Jun 2014 LZO 2.08
20151207 15:13:52 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20151207 15:13:52 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20151207 15:13:52 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20151207 15:13:52 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20151207 15:13:52 Socket Buffers: R=[180224->131072] S=[180224->131072]
20151207 15:13:55 I UDPv4 link local: [undef]
20151207 15:13:55 I UDPv4 link remote: [AF_INET]199.115.117.73:443
20151207 15:13:55 TLS: Initial packet from [AF_INET]199.115.117.73:443 sid=8806d159 424e5be7
20151207 15:13:55 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20151207 15:13:55 VERIFY OK: depth=1 C=US ST=NY L=New York O=Simplex Solutions Inc. OU=Vpn Unlimited CN=server.vpnunlimitedapp.com name=server.vpnunlimitedapp.com emailAddress=support@simplexsolutionsinc.com
20151207 15:13:55 VERIFY OK: nsCertType=SERVER
20151207 15:13:55 VERIFY OK: depth=0 C=US ST=NY L=New York O=Simplex Solutions Inc. OU=Vpn Unlimited CN=openvpn.vpnunlimitedapp.com name=openvpn.vpnunlimitedapp.com emailAddress=support@simplexsolutionsinc.com
20151207 15:13:55 NOTE: --mute triggered...
20151207 15:13:55 5 variation(s) on previous 3 message(s) suppressed by --mute
20151207 15:13:55 I [openvpn.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]199.115.117.73:443
20151207 15:13:58 SENT CONTROL [openvpn.vpnunlimitedapp.com]: 'PUSH_REQUEST' (status=1)
20151207 15:13:58 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.208.0.1 reneg-sec 0 rcvbuf 262144 sndbuf 262144 ping 5 ping-exit 30 route 10.208.0.1 topology net30 ifconfig 10.208.29.206 10.208.29.205'
20151207 15:13:58 N Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS])
20151207 15:13:58 OPTIONS IMPORT: timers and/or timeouts modified
20151207 15:13:58 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
20151207 15:13:58 Socket Buffers: R=[131072->360448] S=[131072->360448]
20151207 15:13:58 OPTIONS IMPORT: --ifconfig/up options modified
20151207 15:13:58 OPTIONS IMPORT: route options modified
20151207 15:13:58 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
20151207 15:13:58 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth1 HWADDR=e4:f4:c6:0f:b3:e5
20151207 15:13:58 I TUN/TAP device tun0 opened
20151207 15:13:58 TUN/TAP TX queue length set to 100
20151207 15:13:58 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20151207 15:13:58 I /sbin/ifconfig tun0 10.208.29.206 pointopoint 10.208.29.205 mtu 1500
20151207 15:13:58 I /tmp/openvpn-up.sh tun0 1500 1542 10.208.29.206 10.208.29.205 init
20151207 15:13:58 /sbin/route add -net 199.115.117.73 netmask 255.255.255.255 gw 192.168.1.1
20151207 15:13:58 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.208.29.205
20151207 15:13:58 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.208.29.205
20151207 15:13:58 /sbin/route add -net 10.208.0.1 netmask 255.255.255.255 metric 1 gw 10.208.29.205
20151207 15:13:58 I Initialization Sequence Completed
20151207 15:16:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151207 15:16:32 D MANAGEMENT: CMD 'state'
20151207 15:16:32 MANAGEMENT: Client disconnected
20151207 15:16:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151207 15:16:32 D MANAGEMENT: CMD 'state'
20151207 15:16:32 MANAGEMENT: Client disconnected
20151207 15:16:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151207 15:16:32 D MANAGEMENT: CMD 'state'
20151207 15:16:32 MANAGEMENT: Client disconnected
20151207 15:16:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151207 15:16:32 D MANAGEMENT: CMD 'status 2'
20151207 15:16:32 MANAGEMENT: Client disconnected
20151207 15:16:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20151207 15:16:32 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher bf-cbc auth sha1 auth-user-pass /tmp/openvpncl/credentials remote us.vpnunlimitedapp.com 22 comp-lzo adaptive tls-client tun-mtu 1500 mtu-disc yes fast-io tun-ipv6 tls-cipher TLS-RSA-WITH-AES-128-CBC-SHA client dev tun reneg-sec 0 persist-tun persist-key ping 5 ping-exit 30 nobind comp-lzo adaptive remote-random ns-cert-type server route-metric 1 up /tmp/openvpn-up.sh down /tmp/openvpn-down.sh remote us.vpnunlimitedapp.com 443 udp remote us.vpnunlimitedapp.com 22 udp remote us.vpnunlimitedapp.com 80 tcp-client



Kernel IP routing table
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.208.19.169 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
10.208.0.1 10.208.19.169 255.255.255.255 UGH 1 0 0 tun0
10.208.19.169 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.208.19.169 128.0.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
207.244.66.209 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1




PING 8.8.8.8 (8.8.8.Cool: 56 data bytes
Code:
64 bytes from 8.8.8.8: seq=0 ttl=58 time=49.242 ms
64 bytes from 8.8.8.8: seq=1 ttl=58 time=39.549 ms
64 bytes from 8.8.8.8: seq=2 ttl=58 time=42.831 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 39.549/43.874/49.242 ms


root@DD-WRT:~# ping 192.168.1.1
Code:
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=1.226 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=3.125 ms
64 bytes from 192.168.1.1: seq=2 ttl=64 time=2.761 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.226/2.370/3.125 ms



root@DD-WRT:~# ifconfig
Code:
br0 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E3
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6044 errors:0 dropped:0 overruns:0 frame:0
TX packets:6594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:451280 (440.7 KiB) TX bytes:3709168 (3.5 MiB)

br0:0 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E3
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6037 errors:0 dropped:0 overruns:0 frame:0
TX packets:6719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:583618 (569.9 KiB) TX bytes:3753355 (3.5 MiB)
Interrupt:179 Base address:0x4000

eth1 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E5
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1332 errors:0 dropped:1 overruns:0 frame:12684
TX packets:1564 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:295921 (288.9 KiB) TX bytes:193529 (188.9 KiB)
Interrupt:163

eth2 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:61
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:18311 (17.8 KiB)
Interrupt:169

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1452 (1.4 KiB) TX bytes:1452 (1.4 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.204.5.46 P-t-P:10.204.5.45 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vlan1 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6037 errors:0 dropped:0 overruns:0 frame:0
TX packets:6594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:450804 (440.2 KiB) TX bytes:3709168 (3.5 MiB)

vlan2 Link encap:Ethernet HWaddr E4:F4:C6:0F:B3:E3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:17311 (16.9 KiB)

wl0.1 Link encap:Ethernet HWaddr E6:F4:C6:0F:B3:E6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:12684
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

and just to clarify...

I have two routers: Router A and Router B. Router A is my "primary" router (it serves my internet connection directly). I want Router B as a secondary router of A, but the catch is, I want it to be dedicated to a VPN connection; I want everything connected to Router B to flow through a VPN.
noucamp13
Newbie
Newbie
Posts: 1
Joined: Fri Dec 11, 2015 11:39 am

Re: VPN Router behind Primary Router Help

Post by noucamp13 » Fri Dec 11, 2015 11:47 am

Hello d12welve,

I was wondering if you have had any luck resolving your problem. I have the exact same need as you (with slightly different problem): I want to connect my second router as a wireless bridge to my primary router with a VPN tunnel to my VPN service provider.

I noticed on the screen print of your VPN service provider that they use DD-WRT mega. My second router (WRT54G) does not have enough memory for mega and I do not get all the options to configure the VPN in the mini or VPN versions. I tried with a script but it did not work either.

I posted on another forum a week ago and have gotten no response either.
d12welve
Newbie
Newbie
Posts: 2
Joined: Tue Dec 08, 2015 12:49 am

Re: VPN Router behind Primary Router Help

Post by d12welve » Tue Dec 15, 2015 4:33 pm

Hey noucamp13, I was able to solve some of my issues, one of them being that I too was trying to use the second router as a wireless bridge to my primary router and also have the second router be the VPN. I was told that it is NOT possible to use the second router as a wireless bridge and VPN router. So I started over making the second router just a VPN router and I was able to get it to work as such. I believe I setup the second router as a Wireless AP and it handed out DHCP on a subnet different then the primary router. I'll double check my configuration and post if you are still trying to solve your issue.
Post Reply