My home topology:
router1 (192.168.1.1) – D-Link dsl2540u server with static IP available from Internet (ADSL via ppoe). 4 LAN ports.
router2 (192.168.1.2) – D-Link DIR-300 with OpenWRT. Plays role of WiFi access point. 4 LAN ports + WAN port.
Home PC (connects to router1 via DHCP) | internet ------ router1----- | router2 (OpenVPN server on OpenWRT)
On router1 I set up NAT Virtual Servers and can connect to my router via SSH or OpenVPN (tcp on 443 port)
OpenVPN server works fine and all traffic goes via tun interface after connection.
OpenVPN server config (if matter):
--script-security 2 mode server dev tun port 443 proto tcp server 10.0.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 192.168.1.1" # Change this to your router's LAN IP Address push "route 192.168.1.0 255.255.255.0" # Change this to your network client-config-dir ccd client-to-client tls-server dh /etc/openvpn/dh2048.pem ca /etc/openvpn/CA_cert.pem cert /etc/openvpn/certs/server.pem key /etc/openvpn/keys/server.pem crl-verify /etc/openvpn/crl/crl.pem tls-auth /etc/openvpn/ta.key 0 #comp-lzo keepalive 10 120 tun-mtu 1500 mssfix 1450 persist-key persist-tun verb 3 log /var/log/openvpn.log
My goal is OpenVPN tunnel with Internet from my home router1. At now I can connect to OpenVPN server but all traffic that goes via tunnel does not reach Internet.
Firewall rules on router2 (OpenWRT):
iptables -t nat -A prerouting_wan -p tcp --dport 443 -j ACCEPT iptables -A input_wan -p tcp --dport 443 -j ACCEPT iptables -t nat -A prerouting_lan -p tcp --dport 443 -j ACCEPT iptables -A input_lan -p tcp --dport 443 -j ACCEPT iptables -I INPUT -i tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -I OUTPUT -o tun+ -j ACCEPT iptables -I FORWARD -o tun+ -j ACCEPT
It's definitely a problem with routing but I have no enough knowledges to solve it.
Best Answer
You have to add 10.0.0.0/24 network routed to gateway 192.168.1.2 as a static route on router1. It's not about NAT.