No se puede acceder a Internet ni al servidor DNS local usando OpenVPN en el enrutador DD-WRT

tag-icon tag-icon openvpn dnsmasq dd-wrt
No se puede acceder a Internet ni al servidor DNS local usando OpenVPN en el enrutador DD-WRT

Intenté configurar el servidor Dnsmasq y OpenVPN en mi enrutador DD-WRT.

Mi objetivo es conectarme a mi enrutador dd-wrt (v24-sp2 (25/03/13) mega) a través de openvpn y:

  1. utilizar mis recursos locales,
  2. diríjase a ellos usando los nombres DNS que ingresé en la configuración de dnsmasq
  3. encaminar todo mi tráfico de Internet a través de casa.

Hice algunas configuraciones del servidor OpenVPN y dnsmasq y ahora la opción uno está funcionando.

Pero no tengo idea de cómo hacer que funcionen las opciones dos y tres. ¿Puede alguien ayudarme?

Configuración del cliente (OpenVPN v2.3.4):

client
dev tun
proto udp
remote some.server.net 11193
redirect-gateway

cipher AES-128-CBC
auth MD5

ca ca.crt
cert client.crt
key client.key

nobind
comp-lzo
persist-key
persist-tun
verb 3
float

#resolv-retry infinite

Configuración del servidor OpenVPN (usé el modo GUI): Configuración del servidor OpenVPN

Comandos de configuración del firewall en el enrutador:

iptables -I INPUT 1 -p udp --dport 11193 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.144.128/25 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX

Configuración de DNSMasq: Configuración de DNSMasq

La configuración de mi área local (si es importante): Configuración de DHCP

Lo que muestra ipconfig /all cuando vpn está conectado (perdón por la consola que no está en inglés): ipconfig /all en el cliente W8

¿Qué muestra ifconfig -ael comando?

br0       Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:C9  
          inet addr:192.168.144.126  Bcast:192.168.144.127  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1314791 errors:0 dropped:0 overruns:0 frame:0
          TX packets:520087 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1212860286 (1.1 GiB)  TX bytes:35424179 (33.7 MiB)
br0:0     Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:C9  
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0      Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:C9  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2132892 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1772722 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1428506146 (1.3 GiB)  TX bytes:1357054830 (1.2 GiB)
          Interrupt:4 Base address:0x2000 
eth1      Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:CB  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20244 errors:0 dropped:0 overruns:0 frame:24589427
          TX packets:116648 errors:47 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1931745 (1.8 MiB)  TX bytes:41642341 (39.7 MiB)
          Interrupt:3 Base address:0x1000 
eth2      Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:CC  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:28 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:6 Base address:0x8000 
etherip0  Link encap:Ethernet  HWaddr 4E:A6:FB:D5:97:10  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:612 errors:0 dropped:0 overruns:0 frame:0
          TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:127026 (124.0 KiB)  TX bytes:127026 (124.0 KiB)
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:XX.XX.XX.XX  P-t-P:YY.YY.YY.YY  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:328586 errors:0 dropped:0 overruns:0 frame:0
          TX packets:564238 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:40074316 (38.2 MiB)  TX bytes:674767309 (643.5 MiB)
teql0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
tun2      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.144.129  P-t-P:192.168.144.129  Mask:255.255.255.128
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:3195 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3725 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:251990 (246.0 KiB)  TX bytes:2682328 (2.5 MiB)
tunl0     Link encap:UNSPEC  HWaddr 00-00-00-00-FF-80-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
vlan0     Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:C9  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
vlan1     Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:C9  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1034054 errors:0 dropped:0 overruns:0 frame:0
          TX packets:508091 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1174793178 (1.0 GiB)  TX bytes:37167391 (35.4 MiB)
vlan2     Link encap:Ethernet  HWaddr C0:C1:C0:D1:0F:CA  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1098545 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1264631 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:215018185 (205.0 MiB)  TX bytes:1319887439 (1.2 GiB)

ACTUALIZACIÓN1:

Usando una pista deAndrás Kornencontró una solución para la opción dos (enlace). Agregué register-dnslíneas pullen la configuración de vpn del cliente y interface=tun2alineé en el campo de opciones de dnsmasq adicionales.

Y agregué la tercera línea a los comandos de configuración del firewall.

Supongo que algunos de mis comandos de iptables son incorrectos porque utilicé interfaces incorrectas (vlanX o ethX).

ACTUALIZACIÓN2:

información adicional

¿Qué muestra route printel comando antes de activar VPN?

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric 
          0.0.0.0          0.0.0.0  192.168.192.254  192.168.192.147     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
    192.168.192.0    255.255.255.0         On-link   192.168.192.147    281
  192.168.192.147  255.255.255.255         On-link   192.168.192.147    281
  192.168.192.255  255.255.255.255         On-link   192.168.192.147    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link   192.168.192.147    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link   192.168.192.147    281
===========================================================================
Persistent Routes:
  None

Qué muestra route printel comando después de activar la VPN (rutas posiblemente relacionadas con la VPN marcadas con el signo menos)

Network Destination        Netmask          Gateway       Interface  Metric 
          0.0.0.0          0.0.0.0  192.168.192.254  192.168.192.147     25
          0.0.0.0        128.0.0.0  192.168.144.129  192.168.144.131     20 ----
      XX.XX.XX.XX  255.255.255.255  192.168.192.254  192.168.192.147     25 ---- To my DD-WRT router (XX.XX.XX.XX = WAN IP)
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0  192.168.144.129  192.168.144.131     20 ----
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
  192.168.144.128  255.255.255.128         On-link   192.168.144.131    276 ----
  192.168.144.131  255.255.255.255         On-link   192.168.144.131    276 ---- Probably routes to my VPN subnet
  192.168.144.255  255.255.255.255         On-link   192.168.144.131    276 ----
    192.168.192.0    255.255.255.0         On-link   192.168.192.147    281
  192.168.192.147  255.255.255.255         On-link   192.168.192.147    281
  192.168.192.255  255.255.255.255         On-link   192.168.192.147    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link   192.168.192.147    281
        224.0.0.0        240.0.0.0         On-link   192.168.144.131    276 ----
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link   192.168.192.147    281
  255.255.255.255  255.255.255.255         On-link   192.168.144.131    276 ----
===========================================================================
Persistent Routes:
  None

Lo que muestra tracert google.comel comando:

Tracing route to google.com [188.35.142.42]
over a maximum of 30 hops:

  1    10 ms     7 ms     9 ms  192.168.144.129
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  ................................................

Respuesta1

Bien, con respecto a la parte de tu pregunta sobre el acceso a Internet, creo que tu

iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX

Está Mal. vlan2debería ser ppp0(porque ppp0 es su interfaz orientada a Internet).

Una regla más simple como

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

También debería funcionar.

Respuesta2

Andras: ¿Sería vlan2 en mi caso? ¡Gracias!

br0       Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          inet addr:192.168.11.1  Bcast:192.168.11.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:424601 errors:0 dropped:21377 overruns:0 frame:0
          TX packets:475454 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:70115596 (66.8 MiB)  TX bytes:585654624 (558.5 MiB)

br0:0     Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5196488 errors:0 dropped:0 overruns:0 frame:0
          TX packets:848653 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:969250040 (924.3 MiB)  TX bytes:639674339 (610.0 MiB)
          Interrupt:5

imq0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:71971 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71958 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:30
          RX bytes:58870852 (56.1 MiB)  TX bytes:58851352 (56.1 MiB)

imq1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:16000  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:11000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:90 errors:0 dropped:0 overruns:0 frame:0
          TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8027 (7.8 KiB)  TX bytes:8027 (7.8 KiB)

ra0       Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10826 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2261013 (2.1 MiB)  TX bytes:10971684 (10.4 MiB)
          Interrupt:6

tun2      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.12.1  P-t-P:192.168.12.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:1203 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:84990 (82.9 KiB)  TX bytes:1936057 (1.8 MiB)

vlan1     Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:415650 errors:0 dropped:0 overruns:0 frame:0
          TX packets:465320 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:68193995 (65.0 MiB)  TX bytes:574645820 (548.0 MiB)

vlan2     Link encap:Ethernet  HWaddr CC:E1:D5:3A:B2:80
          inet addr:72.196.156.81  Bcast:72.196.159.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4775595 errors:0 dropped:24901 overruns:0 frame:0
          TX packets:382762 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:807307551 (769.9 MiB)  TX bytes:60986467 (58.1 MiB)

información relacionada