1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN Tunnel,Br0 has access,Br1 not ? Shibby Mod build 102

Discussion in 'Tomato Firmware' started by Golden, Nov 13, 2012.

  1. Golden

    Golden Serious Server Member

    OpenVPN Client of tunnel mode with checking the box "Redirect Internet traffic" and "Create NAT on Tunnel" and selecting "Firewall" auto.
    VPN server is on the Internet and my router Asus RT-N12B (Max Firmware,not mini or IPv6) connects to the Internet by PPPoE.
    I set an wireless interface of AP mode assigned to Br1 and create an vlan.See the pics below.
    I started the Client and found it worked fine.But all wireless devices,iOS and Android and so on,had no access to the virtual private network set up on Server,meanwhile the devices ,for example my desktop, assigned to br0 could.I checked the routing tables and couldn't found any fault.If any,Br0 also would have had no access.I started to traceroute on the device assigned to br1 and the resualt was that all except the first hop( sent no reply,no doubt all fine on br0.
    Just why ?
    How to let br1 connects to the tunnel ?
    Thanks for your help.

    PS : With no VPN tunnel starting,both br0 and br1 have access to the Intenet working fine.
  2. bmupton

    bmupton Serious Server Member

    By default, bridges other than br0 are not routed through the VPN tunnel. This page describes a way to selectively route clients through the VPN, which may help you in your case.

    You may also try "Custom" for firewall instead of Automatic, and build appropriate rules that way, but I've no idea how that works.
  3. Golden

    Golden Serious Server Member

    Much useful.Thanks.
  4. bmupton

    bmupton Serious Server Member

    iptables -I FORWARD -i br1 -o tun11 -j ACCEPT
    iptables -I FORWARD -i tun11 -o br1 -j ACCEPT
    iptables -I INPUT -i tun11 -j REJECT
    iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
    Try adding that to the firewall script as well... That should forward the traffic between the interfaces. If you add another bridge interface repeat the first two lines.

    If you use vpn client 2 replace tun11 with tun12.


Share This Page