Help OpenVPN routing

Discussion in 'Tomato Firmware' started by riddler652, Sep 10, 2012.

  1. riddler652

    riddler652 Serious Server Member

    I am hoping someone can help me out with my OpenVPN setup. I am running tomato 1.28 shibby on my linksys e4200 with WLAN disabled and a static gateway to my main (non tomato) router running on (I have DNS pointed to my ISP DNS in order to get the router time to resolve which I found to be required to validate the openVPN certificates). My LAN has DHCP disabled (so clients receive addresses from my main router on and the tomato router is running on This setup uses the tomato router as a wireless AP located at the other end of my house where it is connected to the main network via ethernet (in a LAN port) and serves wireless clients that I would like to access the internet via the VPN.

    I have an OpenVPN client setup and after connecting it shows an ip route of:

    ip route: dev tun11 proto kernel scope link src via dev tun11
    XXX.XXX.XXX.XXX via dev br0 dev br0 proto kernel scope link src via dev tun11 dev br1 proto kernel scope link src dev lo scope link via dev tun11 via dev tun11 default via dev br0

    XXX.XXX.XXX.XXX is the ip of my openvpn server.

    The issue I am having is the VPN connection is totally ignore by clients connected to the tomato router - they don't go through it. Also, I can't trace anything with the VPN tunnel up - the tools/trace just hangs or times out. I have tried every combination of redirect internet, and create NAT on tunnel, but nothing seems to work. Also, line: dev br1 proto kernel scope link src
    is a result of a lan bridge that I setup and then deleted, but it's still hanging around in the routing tables, I would like to get rid of it.

    I am a noob when it comes this stuff, so I am hoping someone can help out there... One last thing I should mention is that my openVPN server works great with the windows client...

  2. apnar

    apnar Network Guru Member

    If I understand what your setup is you have your wireless clients getting IPs via DHCP from your main router. I assume you also have them getting their default gateway via DHCP which is likely your issue. Your tomato box is acting as a Access Point being a layer-2 bridge between wifi and your wired LAN segment. In that configuration it doesn't matter at all what your routing is on tomato. Look at one of your clients, I'm guessing they have a default route of so the packets will pass through your tomato box via the bridge to your WAN router. If you want them to route packets to the tomato box you need to set their default route to The packets will then go to tomato box to be routed. You may need to do more tweaking on the tomato box to get things working, but this should hopefully get you at least one more step along the way.
  3. riddler652

    riddler652 Serious Server Member

    Thanks Apnar,

    Makes perfect sense - getting it to work is where I have trouble :) I manually configured one of my wireless clients to use as the default gateway and gave it a static IP, but it didn't work - the client didn't have any internet access with the VPN up or down. It's like I want to plug the tomato router in by it's WAN port so it will have an internet connection but I want it to route its clients. Any help is appreciated!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice