1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato VPN tunnel IP mismatch ???

Discussion in 'Tomato Firmware' started by ejevs, Oct 16, 2009.

  1. ejevs

    ejevs Addicted to LI Member

    I've just installed Tomato on two WRT54GL last week (up from DD-WRT), so far I'm very happy with it.

    BUT, my VPN tunnel (with keys) only work one way (client to server), and even if I need to do something more to get it to work there seem to be an error in the automatic configurated routes of the Tomato (the server have a wrong client IP in routing but right in VPN status), I've been looking for days for somebody on the forum with the same problem, but now I'll ask for help..

    Configuration as follows (I.ve tried to include evrythin remotely connected to this problem, sorry for the long post), just for the problem read the text in bold:

    SERVER VPN TUNNELING:
    BASIC- Interface Type:TUN. Protocol:UDP, Port:1194, Firewall:auto, Authorization Mode:TLS, Extra HMAC authorization:DISABLED, VPN subnet/netmask:10.8.0.0/255.255.255.0
    ADVANCED- Push LAN to clients:YES, Allow Client<->Client:YES
    STATUS- client-r01 1.56.0.169:2052 10.8.0.6 87172 27545 Fri Oct 16 16:18:15 2009
    10.8.0.6 client-r01 1.56.0.169:2052 Fri Oct 16 16:20:09 2009
    SERVER ADVANCED ROUTING:
    10.8.0.2 * 255.255.255.255 0 tun21
    10.8.0.0 10.8.0.2 255.255.255.0 0 tun21
    192.168.12.0 10.8.0.2 255.255.255.0 0 tun21
    192.168.11.0 * 255.255.255.0 0 br0 (LAN)
    1.107.30.0 * 255.255.255.0 0 vlan1 (WAN)
    127.0.0.0 * 255.0.0.0 0 lo
    default 1.107.30.1 0.0.0.0 0 vlan1 (WAN)​

    CLIENT VPN TUNNELING:
    BASIC- Start with Router:YES, Interface Type:TUN, Protocol:UDP, Server Address/Port:1.107.30.58 1194, Firewall:AUTO, Authorization Mode:TLS, Extra HMAC authorization:DISABLED, Create NAT on tunnel:YES
    ADVANCED- Redirect Internet traffic:NO, Accept DNS configuration:DISABLED
    STATUS- TUN/TAP read bytes 110579,TUN/TAP write bytes 16079, TCP/UDP read bytes 20721, TCP/UDP write bytes 80229, Auth read bytes 16159, pre-compress bytes 108775, post-compress bytes 69383, pre-decompress bytes 8850, post-decompress bytes 12151 ​
    CLIENT ADVANCED ROUTING:
    10.8.0.5 * 255.255.255.255 0 tun11
    10.8.0.0 10.8.0.5 255.255.255.0 0 tun11
    192.168.12.0 * 255.255.255.0 0 br0 (LAN)
    1.56.0.0 * 255.255.255.0 0 vlan1 (WAN)
    192.168.11.0 10.8.0.5 255.255.255.0 0 tun11
    127.0.0.0 * 255.0.0.0 0 lo
    default 1.56.0.1 0.0.0.0 0 vlan1 (WAN)​

    Please somebody explain to me why the router have a different IP for the client in the VPN status screen and in the advanced routing screen ???
    Or just give me some ideas to go from here.

    PS. I am a linux-router noop
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    This isn't a problem. The ip address that the client uses and the address that the client routes to are not the same. That's just the way it works.

    To get your tunnel bidirectional, fill in the Client Specific Options table on the server and uncheck NAT on the client.
     
  3. ejevs

    ejevs Addicted to LI Member

    Ups. sorry for being ignorent...
    Ill try what you are suggesting (will have to google for the "Client Specific Options" ??? whatever that is), the NAT is straight forward.
    :smile: Thanks for responding

    ps. Il post the result in a coupple of days, if somebody feels like guiding me reg. the "Client Specific Options", I would very much appreciate it.
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    No, not at all. The differing IP addresses is very counter-intuitive, but ultimately correct.
    It's a check-box on the server VPN configuration. Once selected, a table will appear that you need to fill in with the CommonName and subnet information for the client. This is so OpenVPN will know what traffic it should sent to that client (the computers on its LAN).
     

Share This Page