Connect Two Routers - One with OpenVPN - One Without

[johntodd1973 2]

Hello,

First of all I'm a newbie with network command but can understand the basic of routing.

My main goal is having my home network connecting with 2 routers and still access files from each computer all accross the network whatever router client is connecting to. As for internet connection, one router would be without OpenVPN and the other router with OpenVPN.

Router 1 : Dlink with oem firmware : 192.168.0.1 : has the internet access

Router 2 : Linksys E4200 with DD-WRT build Mega 18777 : 192.168.0.2 : OpenVPN installed

I managed to create the wireless access point using http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

So now, I can access files all over the network from any client. I even have separate wireless access working from the 2 routers.

Then here what went not so good! Configuring OpenVPN on router 2. I can connect thru windows client OpenVPN but not on router.

I followed everything mentionned in https://airvpn.org/ddwrt/ except the part mentionning to add AirVPN DNS for the server I want to connect ie. 10.4.0.1. I can't write this server on router 2 since I desactivated dhcp for wy wireless access point. I think that's where the error is... Also can't save lzo compression to yes but adaptive works.

Here is the openvpn log :

Serverlog Clientlog 19700101 00:32:00 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

19700101 00:32:00 I Re-using SSL/TLS context

19700101 00:32:00 I LZO compression initialized

19700101 00:32:00 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

19700101 00:32:00 Socket Buffers: R=[114688->131072] S=[114688->131072]

19700101 00:32:00 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

19700101 00:32:00 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

19700101 00:32:00 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

19700101 00:32:00 Local Options hash (VER=V4): '22188c5b'

19700101 00:32:00 Expected Remote Options hash (VER=V4): 'a8f55717'

19700101 00:32:00 I UDPv4 link local: [undef]

19700101 00:32:00 I UDPv4 link remote: 46.19.137.114:443

19700101 00:32:00 TLS: Initial packet from 46.19.137.114:443 sid=35ec88e2 5e18ab58

19700101 00:32:01 N VERIFY ERROR: depth=1 error=certificate is not yet valid: /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

19700101 00:32:01 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)

19700101 00:32:01 N TLS Error: TLS object -> incoming plaintext read error

19700101 00:32:01 N TLS Error: TLS handshake failed

19700101 00:32:01 TCP/UDP: Closing socket

19700101 00:32:01 I SIGUSR1[soft tls-error] received process restarting

19700101 00:32:01 Restart pause 2 second(s)

19700101 00:32:03 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

19700101 00:32:03 I Re-using SSL/TLS context

19700101 00:32:03 I LZO compression initialized

19700101 00:32:03 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

19700101 00:32:03 Socket Buffers: R=[114688->131072] S=[114688->131072]

19700101 00:32:03 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

19700101 00:32:03 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

19700101 00:32:03 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

19700101 00:32:03 Local Options hash (VER=V4): '22188c5b'

19700101 00:32:03 Expected Remote Options hash (VER=V4): 'a8f55717'

19700101 00:32:03 I UDPv4 link local: [undef]

19700101 00:32:03 I UDPv4 link remote: 46.19.137.114:443

19700101 00:32:03 N TLS Error: Unroutable control packet received from 46.19.137.114:443 (si=3 op=P_ACK_V1)

19700101 00:32:04 N TLS Error: Unroutable control packet received from 46.19.137.114:443 (si=3 op=P_CONTROL_V1)

19700101 00:32:04 N TLS Error: Unroutable control packet received from 46.19.137.114:443 (si=3 op=P_CONTROL_V1)

19700101 00:32:04 N TLS Error: Unroutable control packet received from 46.19.137.114:443 (si=3 op=P_CONTROL_V1)

19700101 00:32:05 N TLS Error: Unroutable control packet received from 46.19.137.114:443 (si=3 op=P_CONTROL_V1)

19700101 00:32:07 NOTE: --mute triggered...

19700101 00:32:59 20 variation(s) on previous 5 message(s) suppressed by --mute

19700101 00:32:59 MANAGEMENT: Client connected from 127.0.0.1:5001

19700101 00:32:59 D MANAGEMENT: CMD 'state'

19700101 00:32:59 MANAGEMENT: Client disconnected

19700101 00:32:59 MANAGEMENT: Client connected from 127.0.0.1:5001

19700101 00:32:59 D MANAGEMENT: CMD 'state'

19700101 00:32:59 MANAGEMENT: Client disconnected

19700101 00:32:59 MANAGEMENT: Client connected from 127.0.0.1:5001

19700101 00:32:59 D MANAGEMENT: CMD 'state'

19700101 00:32:59 MANAGEMENT: Client disconnected

19700101 00:32:59 MANAGEMENT: Client connected from 127.0.0.1:5001

19700101 00:32:59 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Thanks all for your help.

John

[johntodd1973 2]

If it can help, here are some printscreens of my dd-wrt router. Cheers.

ddwrtconfig.doc

[Staff 9750]

Hello,

19700101 00:32:01 N TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)

19700101 00:32:01 N TLS Error: TLS object -> incoming plaintext read error

Hello!

Please set correctly the date and time of your DD-WRT router. In 1970 the certificates were not valid.

Unfortunately, while the above needs to be fixed (otherwise TLS negotiation will always fail), it does not seem to be the real root of your problem. If the problem persists, you have a bugged firmware, please see here:

http://svn.dd-wrt.com/ticket/2536

Kind regards

[johntodd1973 2]

Thank you, I got further! I had to put an exact ip address for ntp instead of server name. Now It said connected but does not seems to work at the end of the status. Is it related to not being able to put 10.4.0.1 somewhere in dd-wrt? According to other E4200 users, this firmware build is supposed to be ok with openvpn...

Thanks!

here is the status :

Log

Serverlog Clientlog 20130104 01:48:53 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] built on Mar 19 2012

20130104 01:48:53 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20130104 01:48:53 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20130104 01:48:53 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20130104 01:48:53 I LZO compression initialized

20130104 01:48:53 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20130104 01:48:53 Socket Buffers: R=[114688->131072] S=[114688->131072]

20130104 01:48:53 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20130104 01:48:53 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20130104 01:48:53 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20130104 01:48:53 Local Options hash (VER=V4): '22188c5b'

20130104 01:48:53 Expected Remote Options hash (VER=V4): 'a8f55717'

20130104 01:48:53 I UDPv4 link local: [undef]

20130104 01:48:53 I UDPv4 link remote: 46.19.137.114:443

20130104 01:48:53 TLS: Initial packet from 46.19.137.114:443 sid=58d5ca72 8df958b9

20130104 01:48:54 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20130104 01:48:54 VERIFY OK: nsCertType=SERVER

20130104 01:48:54 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20130104 01:48:56 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

20130104 01:48:56 NOTE: --mute triggered...

20130104 01:48:56 4 variation(s) on previous 5 message(s) suppressed by --mute

20130104 01:48:56 I [server] Peer Connection Initiated with 46.19.137.114:443

20130104 01:48:58 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

20130104 01:48:58 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.4.0.1 comp-lzo no route 10.4.0.1 topology net30 ping 10 ping-restart 60 ifconfig 10.4.14.130 10.4.14.129'

20130104 01:48:58 OPTIONS IMPORT: timers and/or timeouts modified

20130104 01:48:58 OPTIONS IMPORT: LZO parms modified

20130104 01:48:58 OPTIONS IMPORT: --ifconfig/up options modified

20130104 01:48:58 NOTE: --mute triggered...

20130104 01:48:58 2 variation(s) on previous 5 message(s) suppressed by --mute

20130104 01:48:58 I TUN/TAP device tun1 opened

20130104 01:48:58 TUN/TAP TX queue length set to 100

20130104 01:48:58 I /sbin/ifconfig tun1 10.4.14.130 pointopoint 10.4.14.129 mtu 1500

20130104 01:48:58 /sbin/route add -net 46.19.137.114 netmask 255.255.255.255 gw 192.168.0.1

20130104 01:48:58 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.14.129

20130104 01:48:58 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.14.129

20130104 01:48:58 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.14.129

20130104 01:48:58 I Initialization Sequence Completed

20130104 01:50:20 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 01:50:20 D MANAGEMENT: CMD 'state'

20130104 01:50:20 MANAGEMENT: Client disconnected

20130104 01:50:20 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 01:50:20 D MANAGEMENT: CMD 'state'

20130104 01:50:20 MANAGEMENT: Client disconnected

20130104 01:50:20 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 01:50:20 D MANAGEMENT: CMD 'state'

20130104 01:50:20 MANAGEMENT: Client disconnected

20130104 01:50:20 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 01:50:20 D MANAGEMENT: CMD 'log 500'

[Staff 9750]

Hello!

Despite the reports you cite, perhaps your firmware version is bugged.

The following version has been reported as working for Linksys E4200:

dd-wrt.v24-18774_NEWD-2_K2.6_openvpn.bin

Before re-flashing, please make sure that your second router is working in bridge mode (only if the DD-WRT router is behind your second router and the second router connects to your ISP).

Kind regards

[johntodd1973 2]

Hello,

I flashed the router with 18774 as mentionned above and here is the log from openvpn, router plugged direclty in internet no more 2 routers setup. Shortly after this openvpv would not even try to open even if enable in dd-wrt.

LogServerlog Clientlog 20130104 11:27:12 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] built on Mar 19 2012

20130104 11:27:12 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20130104 11:27:12 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20130104 11:27:12 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20130104 11:27:12 I LZO compression initialized

20130104 11:27:12 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20130104 11:27:12 Socket Buffers: R=[114688->131072] S=[114688->131072]

20130104 11:27:12 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20130104 11:27:12 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20130104 11:27:12 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20130104 11:27:12 Local Options hash (VER=V4): '22188c5b'

20130104 11:27:12 Expected Remote Options hash (VER=V4): 'a8f55717'

20130104 11:27:12 I UDPv4 link local: [undef]

20130104 11:27:12 I UDPv4 link remote: 46.19.137.114:443

20130104 11:27:12 TLS: Initial packet from 46.19.137.114:443 sid=7fd63565 9134217f

20130104 11:27:29 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:27:29 D MANAGEMENT: CMD 'state'

20130104 11:27:29 MANAGEMENT: Client disconnected

20130104 11:27:29 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:27:29 D MANAGEMENT: CMD 'state'

20130104 11:27:29 MANAGEMENT: Client disconnected

20130104 11:27:29 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:27:29 D MANAGEMENT: CMD 'state'

20130104 11:27:29 MANAGEMENT: Client disconnected

20130104 11:27:30 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:27:30 D MANAGEMENT: CMD 'log 500'

20130104 11:27:30 MANAGEMENT: Client disconnected

20130104 11:28:00 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:28:00 D MANAGEMENT: CMD 'state'

20130104 11:28:00 MANAGEMENT: Client disconnected

20130104 11:28:00 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:28:00 D MANAGEMENT: CMD 'state'

20130104 11:28:00 MANAGEMENT: Client disconnected

20130104 11:28:00 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:28:00 D MANAGEMENT: CMD 'state'

20130104 11:28:00 MANAGEMENT: Client disconnected

20130104 11:28:00 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 11:28:00 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Then, I flashed again with 18777 build mega and got similar log (1 router setup) :

LogServerlog Clientlog 20130104 17:16:01 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] built on Mar 19 2012

20130104 17:16:01 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20130104 17:16:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20130104 17:16:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20130104 17:16:01 I LZO compression initialized

20130104 17:16:01 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20130104 17:16:01 Socket Buffers: R=[114688->131072] S=[114688->131072]

20130104 17:16:01 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20130104 17:16:01 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20130104 17:16:01 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20130104 17:16:01 Local Options hash (VER=V4): '22188c5b'

20130104 17:16:01 Expected Remote Options hash (VER=V4): 'a8f55717'

20130104 17:16:01 I UDPv4 link local: [undef]

20130104 17:16:01 I UDPv4 link remote: 46.19.137.114:443

20130104 17:16:02 TLS: Initial packet from 46.19.137.114:443 sid=50ce2f2c a0e561d5

20130104 17:16:02 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 17:16:02 D MANAGEMENT: CMD 'state'

20130104 17:16:02 MANAGEMENT: Client disconnected

20130104 17:16:02 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 17:16:02 D MANAGEMENT: CMD 'state'

20130104 17:16:02 MANAGEMENT: Client disconnected

20130104 17:16:02 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 17:16:02 D MANAGEMENT: CMD 'state'

20130104 17:16:02 MANAGEMENT: Client disconnected

20130104 17:16:02 MANAGEMENT: Client connected from 127.0.0.1:5001

20130104 17:16:02 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Thanks!

[johntodd1973 2]

Ok got it working with one router connected with build 18777 mega. I had to give a little bit of time to make connection...

But now back to square one, how can I connect both routers so they can access my local network. And for internet connection, one would be w/o vpn and the other with vpn.

Thanks again!

[Baxter 3]

Hello,

not sure if it helps, but I am using a similar setup on my homenetwork, so perhaps I can give you some points in the right direction.

What I use is like this:

Internet <--> ISP Modem at my home for Internet Connection <--> DD-WRT Router as WLAN AP <--> WLAN client (PC)

First of all, i would suggest to connect and configure the dd-wrt box using telnet or ssh session. With it, you can also directly check generated logfiles.

Second, you should make sure to have the NTP Client in your dd-wrt Config enabled and use one of your countries NTP Pool servers

(Check the site http://www.pool.ntp.org ... I use de.pool.ntp.org for germany, as an example)

Third, setup the DHCP on your DD-WRT, so that the Clients connecting to this router will receive this routers (local) IP as a Gateway, which in turn will be

the entry to the openvpn tunnel.

Fourth, from what I read you are now able to successfully connect using openvpn on the dd-wrt box ? If so, issue the command 'ifconfig' and double

check on the device name the openvpn client created. The name usually starts with 'tun' or 'tap' (as per your setup) followed by a single digit, i.e. tun1

With this info (for me it was tun1) check these firewall rules:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE

What this does is basically rederecting all traffic from device br0 (which is usually connect for wlan clients) to the tunnel device and vice-versa.

Hence, with these rules all wireless connections should be forwarded to the tunnel entry.

With this checked (correct time using NTP, DHCP up and running on the WLAN AP and the correct firewall forwarding rules)

you should be able to use the tunnel with every wireless client connected to your local network.

Hope to help,

Baxter

[johntodd1973 2]

Thanks for your answer.

Do you have 2 routers? Or you use one only?

Right now, I'm testing one router and all clients acces the openvpn tunnel and still acces my local lan. And I added some firewall scripts making sure internet got disconnected as soon as openvpn connection has been lost.

The idea I had was having one router without vpn so speed and real country location will be good. Then plugging another router into that network with openvpn. So a client can decide to either connect to the firts router or the second. But either way, client could still access local lan.

The problem I had with the 2 routers setup was clients from second router could not acces lan.

I'm starting to understand slowly the way commands are done within dd-wrt but far from being a novice... But I like learning that stuff.

Thank you.

John

[johntodd1973 2]

With the winter coming, I am starting to play with it again. Let me know if you guys have any idea. I am reading about virtual interface (VAP) instead of having 2 physical routers.

 

The idea is the same. Having 1 windows network than every cpu can access all together and having 2 internet access. One with vpn and the other without.

 

Thanks!

[johntodd1973 2]

Ok I did my homework and read a lot of stuff for 1 week. And I'm 95% done. The only missing part is dropping my internet connection if VPN failed to connect or dropped.

 

Here are my physical connections

 

ISP --> Router 1 DD-WRT --> Router 2 DD-WRT with OpenVPN.  The connection between router 1 and 2, is from Ethernet from router 1 lan to router 2 wan.

 

Router 1 setting

IP 192.168.0.1

Subnet 255.255.255.0

DHCP from 192.168.0.1XX

Static routing : 192.168.1.0 255.255.255.0 to gateway 192.168.0.145 Interface : Any.  Gateaway 192.168.0.145 is my router 2 WAN IP.

Router firewall enable

No VPN connection on router 1

 

Router 2 setting

WAN : automatic dhcp : 192.168.0.145

IP 192.168.1.1

subnet 255.255.255.0

DHCP server from 192.168.1.1XX

Service OpenVPN: connected to VPN success

Firewall enabled

Firewall specific rules :

iptables -I FORWARD -s 192.168.0.0/24 -j ACCEPT

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

 

See attached my routing table.

 

Here are what I can do ;

Can go on internet w/o VPN when connected either wired or wireless to Router 1

Can go on internet with VPN when connected either wired or wireless to Router 2

Can access my NAS attached to Router1 and using connection from Router 2

 

The only thing I miss is a little bit of security. Even using the firewall rules I found here and from a youtube video, if my VPN is not connected on Router 2 I can still access internet.

 

I tried removing my first rule but it changes nothing.

 

Any ideas?

 

Thanks 1000X

 

 

Routing table.txt

[johntodd1973 2]

ok one step forward and one backward...

 

I added this line to my firewall rules :

 

iptables -I FORWARD -i br0 -o eth1 ij DROP

 

The way I understad it, it means everyting goes directly from br0 to eth1 is dropped.

 

By doing so I lost internet connection when my VPN is not active (tun1). But also, all the time when I try to acces my network, my connection is dropped. So I can't acces my network anymore.

 

Thanks for your help, I'm pretty new to this iptables.

[JamesDean 10]

Ok, this is timely. I also would like to get a second wireless router working as a VPN. My main router, connected to the cable modem, is set as the gateway for the lan. It is 192.168.1.1/255.255.255.0. It is doing DHCP for all clients. It's an Asus RT-N66U. I ran a Cat5 cable from from that router, to a Buffalo WZR-HP-G450H. That router comes from the factory with DD-WRT. I set that router up as an access point, since I already have a gateway. This router has an IP of 192.168.1.10. DHCP is enabled on this too, handing out 5 IP's from 192.168.1.90-95. I followed the tutorial, and it actually connects to the VPN by looking at the Administration/VPN Status pages. I just can't get any client that I connect to that router with, to go out through the VPN...they all go back out through the Asus, with my regular IP??? I didn't do any static routing - I don't know how. I also messed with the DNS Masq options and "Authoritative" box...still can't figure it out.

[johntodd1973 2]

Welcome in our club!

 

There is a really good video from youtube, author JimmyTS100.

 

I can't copy and paste but you can search for : "connect two routers on one network, one router is running VPN and DD-WRT"

 

It's really well explained how to connect both routers together and he explained all the GUI settings. So you have VPN network and non VPN network. At the same time you can access your home network from both routers.

 

The problem with this, I can't apply a rule to shutdown internet connection when router 2 vpn dropped/failed and also having access to my network.

 

We just need someone with a good iptables knowledge.

 

Cheers!

[JamesDean 10]

Thanks my friend, worked perfectly! Air should do a tutorial for this. The one problem I can see though, is if I leave the house without bringing down the VPN on the router...I won't be able to log in to the VPN from the road. I really wish Air would allow at least 2 connections per account.

 

How would I set up access to the VPN router from abroad? Forward 443, through router 1, to router 2 (192.168.2.1)? Or the LAN IP router 1 gave router 2?