The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Tutorials

(Solved) - How To Install and Configure OpenVPN On Your DD-WRT Router

(6 posts)
  • Started 8 years ago by osunax
  • Latest reply from VulcanTheTerrible
  • Topic Viewed 12863 times

Posts: 0

Hello there,

This post is related to this How-to:

Does anybody know which iptables rule(s), if any, I need to add/remove in order to allow my OpenVPN clients to use my LAN's local DNS server as well?

Some key info:
-DD-WRT v24-sp2 (12/20/11) vpn-small (SVN revision 18024)
-Router: Linksys WRT160Nv3
-Local-Gateway / Local-DNS :
-"No DNS Rebind" option is Disabled
-Redirect Gateway is enabled, so that all traffic is routed through the VPN.
-I did add push "dhcp-option DNS" on the OpenVPN server.
-Local DNS works fine on LAN
-I can ping from LAN to OpenVPN-LAN and viceversa. Yes, ping to local-DNS ( also works.

I'm currently able to access the Internet over the VPN, but only if I either use an external (public) DNS or use plane IP addresses (no DNS at all). That is, the VPN clients fail to resolve with the local DNS. I suspect either dns requests or dns replies are being dropped by iptables (?)

Can anybody shed some light?

Thanks in advance!

Posted 8 years ago
Posts: 0

OK, actually I found a solution for what I wanted. So I thought I'd post it here as a potential future reference for others...

Note: I won't write much details, I'll assume some technical expertise... also, please do realize the previous post has all the key info to follow this one.

1/ Granting your OpenVPN clients Internet access:
you need to do NAT on the OpenVPN traffic properly with the following iptables rule, just save it as Firewall under the Administration-> Commands tab.
iptables -t nat -A POSTROUTING -s -o vlan2 -j SNAT --to-source $(nvram get wan_ipaddr)

2/ Getting DNSMasq to resolve for your OpenVPN clients:
you need to tell DNSMasq to also listen on your virtual (OpenVPN) LAN by adding this flag in "Additional DNSMasq Options" under your Services -> Services tab.

Alright, that did it for me! I hope this helps someone out there... ;)

Accepted Answer · Posted 8 years ago
Posts: 0

Thank You!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I've been trying to pass my internet traffic over the tunnel for days and hours of my time ... !!

All I've done after work and at work for the last few days is search through Google and posts trying to figure out of to get the traffic back over the tunnel and to the internet...

On like day 2 I got DNS working the same way you did ... but for the life of me and for the last like 4 or 5 days I couldn't get the Internet to work even though LAN access worked fine.

Thanks Again!!!


Posted 8 years ago
Posts: 0

Hi there!

I'm gonna post this as a related reference: I recently happened to upgrade to a WRT160NL router [firmware: DD-WRT v24-sp2 (07/20/12) std]. In this router the interfaces bear different names. So, in order to maintain the same scenario as described above, you need to update the instructions in my first post as follows:

In 1/: replace vlan2 by ethx, where ethx = your WAN interface (in my case: eth1), i.e. your public IP

In 2/: replace tun0 by tunx, where tunx = your local OpenVPN interface (in my case: tun2), i.e.

Happy modding! :)


Posted 8 years ago
Posts: 0

Just for the sake of completeness:

Edit: [firmware: DD-WRT v24-sp2 (07/20/12) std - build 19519]

Posted 8 years ago
Posts: 0

Thank you so much you guys!!! I was pulling my hair out trying to get this to work!!!

Its so aweeesome to have it all work perfectly now.



Posted 8 years ago

Topic Closed

This topic has been closed to new replies.

The Best Tech Newsletter Anywhere

Join 250,000 subscribers and get a daily digest of news, geek trivia, and our feature articles.