I have flashed a router at two separate sites with DD-WRT firmware and setup OpenVPN on both. once connected the client can ping computers on the servers LAN however the server cannot ping IPs on the clients lan. I am executing the ping command in the shell for the routers (so i don't have to remote into local machines etc.)
I disabled the firewall at both sites (this is being done on a test config). Am I still missing something here? The config I used is below. id really appreciate any help/guidance.
Do I need to also push a route to the VPN server ips?
192.168.2.0 is client subnet
192.168.4.0 is server subnet
Thank you
Sever.conf
server 192.168.5.0 255.255.255.0
client-config-dir /tmp/openvpn/ccd
route 192.168.2.0 255.255.255.0
push "route 192.168.4.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
client-to-client
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management port
management localhost 5001
Startup Command
mkdir -p /tmp/openvpn/ccd
echo "iroute 192.168.2.0 255.255.255.0" > /tmp/openvpn/ccd/client1
Server Router Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0
192.168.4.0 * 255.255.255.0 U 0 0 0 br0
192.168.2.0 192.168.5.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 vlan1
Client router Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 192.168.5.5 255.255.255.0 UG 0 0 0 tun0
192.168.4.0 192.168.5.5 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
74.21X.XX.0 * 255.255.255.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default static-74-21X-X 0.0.0.0 UG 0 0 0 vlan1
Client setup (just in case)
Best Answer
You need to remove one of your "push" statements.
The server needs to push the announcement of its own subnets to the client so the client knows to route all 192.168.4.0 traffice through the VPN tunnel.
But you are also telling the client "if you see packets destined for 192.168.2.0, send them over the VPN". This will cause the server-to-client traffic to get lost in the VPN and never make it out onto the client network.
Remove that second push line, and you should be OK.