Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense to dd-wrt openvpn tunnel

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gollo
      last edited by

      How do you NAT exempt traffic on the openvpn tunnel?  I'm not sure if the issue I'm seeing is on pfsense side (doubt it) or dd-wrt side (more probable).

      I build the openvpn tunnel and the tunnel comes up.  If I add a rule allowing traffic from the openvpn ip I can ping from the dd-wrt to any ip on the pfsense inside network but it gets NAT'ed to the dd-wrt's openvpn subnet ip.  I want it to work like an IPSEC tunnel does and pass the traffic non-nat'ed.

      Anybody know how to set that up?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        OpenVPN works that way by default on pfSense, we don't NAT on it (unless you jump through some hoops to make it happen)

        Not sure what the config for that would be on DD-WRT but it's most likely on that side. You might have more luck asking that bit on a DD-WRT forum/list.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          Cino
          last edited by

          I use a P2P Shared Key tunnel… Not sure if this will help you but here is an example of my DD-WRT config.. And nothing is NAT from what I can tell. Straight routing..  pfsense site is 192.168.0.x, the other site is 192.168.50.x... 172.16.50.x is the tunnel.

          Startup commands

          
# Config for Site-to-Site SiteA-SiteB
echo "
remote pfsense IP/Host
proto udp          
port 1195
dev tun0
persist-tun
persist-key
resolv-retry infinite
secret /tmp/static.key
nobind
mute-replay-warnings
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 172.16.50.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.50.1
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.50.1
route add -net 192.168.60.0 netmask 255.255.255.0 gw 172.16.50.1
route add -net 192.168.100.0 netmask 255.255.255.0 gw 172.16.50.1
route add -net 192.168.200.0 netmask 255.255.255.0 gw 172.16.50.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf

          firewall commands, I need to tweaks these but they work… just can't ping the dd-wrt router but i can telnet/web into it

          
# private subnets (anything FROM these subnets)
iptables -A ALL_ACCEPT -s 192.168.0.0/16 -j ACCEPT
iptables -A ALL_ACCEPT -s 172.16.50.0/24 -j ACCEPT
iptables -A ALL_ACCEPT -s 172.16.60.0/24 -j ACCEPT

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 1195 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.