I have successfully configured OpenVPN client on my router running ddwrt and I have also set it up to enable OpenVPN on startup.
home network => ddwrt router with OpenVPN client => web
I can see the router web interface and ssh into any of my home unix boxes if the OpenVPN client is not running. So I'm wondering how can I do the same if the OpenVPN client is running.
I am sure my home net connection is active because I am typing this right now on my Macbook that is connected to my router via wifi and my other Macbook is connected to the net via iPhone personal hotspot. I'm doing testing on the 2nd Macbook.
Important info:
Router firewall is off.
IP routing info
root@myrouter:~# ip route list
0.0.0.0/1 via 10.208.185.5 dev tun1
default via my-wan-gateway-ip-here dev ppp0
my-wan-gateway-ip-here dev ppp0 proto kernel scope link src my-real-ip-here
10.208.0.1 via 10.208.185.5 dev tun1
10.208.185.5 dev tun1 proto kernel scope link src 10.208.185.6
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.208.185.5 dev tun1
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
my-vpn-ip via my-wan-gateway-ip-here dev ppp0
My OpenVPN config runs the default router-up.sh that's created by dd-wrt automatically. I didn't make any changes to this script.
root@myrouter:/tmp# cat /tmp/openvpncl/route-up.sh
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
My DNS servers (using Comodo and OpenDNS)
root@myrouter:/tmp# cat resolv.dnsmasq
nameserver 8.26.56.26
nameserver 8.20.247.20
nameserver 208.67.222.222
I also used some script I found on the net so certain IPs can bypass the VPN. This script is part of my startup script (rc_startup). I need this so I can play this specific game on my tablets.
#!/bin/sh
sleep 30
NO_VPN_LST="192.168.1.11 192.168.1.2"
[ -z "$NO_VPN_LST" ] && exit 0
WAN_GWAY="0.0.0.0"
while [ $WAN_GWAY == "0.0.0.0" ]; do
sleep 3
WAN_GWAY=`nvram get wan_gateway`
done
ip route add default via $WAN_GWAY table 10
for ipa in $NO_VPN_LST; do
ip rule add from $ipa table 10
done
ip route flush cache
exit 0