1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TomatoVPN problem

Discussion in 'Tomato Firmware' started by balforth, Jan 23, 2011.

  1. balforth

    balforth Networkin' Nut Member

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    By "network traffic", do you mean Internet traffic? If so, do you have "Redirect Internet Traffic" checked?
     
  3. balforth

    balforth Networkin' Nut Member

    Yes, I do mean internet traffic. The guide doesn't say to have redirect internet traffic checked, but I've tried both ways and still nothing.

    I guess I should add that I have DSL and VoIP through o2 in Germany and I have to use their router -- it's 192.168.1.1. I turned off wireless on that router and I use my high power Buffalo router as my WAP -- 192.168.1.10. It has a default route to 192.168.1.1. Could that be messing me up?
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    If the LAN devices that are not sending their traffic over the tunnel are not connected through the VPN client router, then, yes, that's your problem.

    The LAN devices will contact their default gateway (192.168.1.1, I assume), and that gateway has no idea about the VPN client, so it sends the traffic over the Internet without knowing you want it sent to the VPN client.

    Now, it is possible to get that topology to work as you want it, but it would involve adding iptables NAT entries to your o2 router. I don't know what kind of control you have over its configuration...
     
  5. rlpumphrey

    rlpumphrey Networkin' Nut Member

    So I found to force all traffic thru the VPN pipe by setting it in My openvpn config file. My file looks like this.

    remote me.dyndns.net
    port 1195
    dev tap
    secret static.key
    proto udp
    comp-lzo
    verb 3
    # Settings to force all traffic thru VPN
    route-gateway 172.X.X.1 (Internal IPAddess for router)
    redirect-gateway def1
    float
    route-method exe
    route-delay 2

    Hope it helps.
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I don't think your advice applies because I'm pretty sure the OP is a) setting up a client on the router, not a server and b) using TLS, not static key.
     
  7. rlpumphrey

    rlpumphrey Networkin' Nut Member

    Sorry
    a) Is My bad.
    b) Is just moot.

    But what is the right answer?
     
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Well, obviously, I think the "right answer" is the one I gave before your reply... :wink:
     

Share This Page