My home topology:
router1 (192.168.1.1) - D-Link dsl2540u server with static IP available from Internet (ADSL via ppoe). 4 LAN ports.
router2 (192.168.1.2) - D-Link DIR-300 with OpenWRT. Plays role of WiFi access point. 4 LAN ports + WAN port.
Home PC (connects to router1 via DHCP) | internet ------ router1----- | router2 (OpenVPN server on OpenWRT)
On router1 I set up NAT Virtual Servers and can connect to my router via SSH or OpenVPN (tcp on 443 port)
OpenVPN server works fine and all traffic goes via tun interface after connection.
OpenVPN server config (if matter):
--script-security 2mode serverdev tunport 443proto tcpserver 10.0.0.0 255.255.255.0push "redirect-gateway def1"push "dhcp-option DNS 192.168.1.1" # Change this to your router's LAN IP Addresspush "route 192.168.1.0 255.255.255.0" # Change this to your networkclient-config-dir ccdclient-to-clienttls-serverdh /etc/openvpn/dh2048.pemca /etc/openvpn/CA_cert.pemcert /etc/openvpn/certs/server.pemkey /etc/openvpn/keys/server.pemcrl-verify /etc/openvpn/crl/crl.pemtls-auth /etc/openvpn/ta.key 0#comp-lzokeepalive 10 120tun-mtu 1500mssfix 1450persist-keypersist-tunverb 3log /var/log/openvpn.log
My goal is OpenVPN tunnel with Internet from my home router1. At now I can connect to OpenVPN server but all traffic that goes via tunnel does not reach Internet.
Firewall rules on router2 (OpenWRT):
iptables -t nat -A prerouting_wan -p tcp --dport 443 -j ACCEPTiptables -A input_wan -p tcp --dport 443 -j ACCEPTiptables -t nat -A prerouting_lan -p tcp --dport 443 -j ACCEPTiptables -A input_lan -p tcp --dport 443 -j ACCEPTiptables -I INPUT -i tun+ -j ACCEPTiptables -I FORWARD -i tun+ -j ACCEPTiptables -I OUTPUT -o tun+ -j ACCEPTiptables -I FORWARD -o tun+ -j ACCEPT
It's definitely a problem with routing but I have no enough knowledges to solve it.