TomatoVPN and multiple wan ip problem

Discussion in 'Tomato Firmware' started by Avery Pierce, Feb 28, 2012.

  1. Avery Pierce

    Avery Pierce Networkin' Nut Member

    I've set up a site-to-site vpn with 2 wrt54gl routers running TomatoVPN v1.27vpn3.6 and most of it works. The computers that go out the default WAN IP can connect to the remote location just fine but the computers using the WAN IP's that I scripted can't communicate with the remote network.

    I have the following in Administration > Scripts > Firewall:

    /usr/sbin/ip addr add wanip1/29 dev vlan1
    /usr/sbin/ip addr add wanip2/29 dev vlan1
    /usr/sbin/iptables -t nat -I PREROUTING -d ip1 -j DNAT --to-destination localip1
    /usr/sbin/iptables -t nat -I PREROUTING -d ip2 -j DNAT --to-destination localip2
    /usr/sbin/iptables -I FORWARD -p tcp -d localip1 --dport 3389 -j ACCEPT
    /usr/sbin/iptables -I FORWARD -p tcp -d localip2 --dport 3389 -j ACCEPT
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s localip1 -j SNAT --to wanip1
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s localip2 -j SNAT --to wanip2

    wanip1, wanip2, localip1, localip2 are reall ip addresses of course.

    Anybody know how I can get this working? Thanks.
  2. skyanvi1

    skyanvi1 Addicted to LI Member

    I am not as familiar with using iptables as the primary routing mechanism using vpn nor using site-to-site. I typically push options to the client's routing table using the Custom Configuration under Advanced:
    push "dhcp-option DOMAIN yourserverside.localdomain"
    push "dhcp-option DNS"

    Push LAN: to clients checked,
    Respond to DNS: checked,
    redirect internet: unchecked

    Advanced, DHCP/DNS : Prevent DNS rebind attacks may need to be unchecked, depending on your network.
    If there is a DNS server at the remote site that is not the router I place the following in the DHCP/DNS Custom configuration:
    where x.x.x.x is the ip of your DNS server

    Also ssh into the router and perform an: ip route show
    for some further insight.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice