Hey everyone,
I am struggeling for days now, I run (Partly)succesfully an router with an openvpn connection. As soon as the vpn connection is made with the main router at home. I cannot reach my own sites behind a port like https://www.mydomain.com:5001, while http://www.mydomain.com is just working fine. I setup an openvpn connection, this works almost perfect. I can reach the whole internet except my own webpages running on the server in my own domain behind the router with the active vpn connection.
I can reach the server on a direct ip adres.
can you give me a hint?
Additional info:
The firewall of the Asus router at home is switched off. Nat loopback of the router are on.
The host is trying to connect from anywhere but home
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd8a:6518:2e52::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option hostname 'Travelrouter'
option ipaddr '192.168.8.1'
option ifname 'eth1.1'
option default_macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option hostname 'Travelrouter'
option metric '10'
option type 'bridge'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 0t'
config interface 'wwan'
option proto 'dhcp'
option metric '20'
config interface 'guest'
option ifname 'guest'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'ovpn'
option ifname 'tun0'
option proto 'none'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'wan6 wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'shadowsocks'
option type 'script'
option path '/var/etc/shadowsocks.include'
option reload '1'
config rule 'glservice_rule'
option name 'glservice'
option dest_port '83'
option proto 'tcp udp'
option src 'wan'
option target 'ACCEPT'
option enabled '0'
config include 'glfw'
option type 'script'
option path '/usr/bin/glfw.sh'
option reload '1'
config forwarding
option dest 'wan'
option src 'lan'
option enabled '0'
config forwarding
option dest 'lan'
option src 'wan'
config zone 'guestzone'
option name 'guestzone'
option network 'guest'
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
config forwarding 'guestzone_fwd'
option src 'guestzone'
option dest 'wan'
config rule 'guestzone_dhcp'
option name 'guestzone_DHCP'
option src 'guestzone'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guestzone_dns'
option name 'guestzone_DNS'
option src 'guestzone'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config include 'glqos'
option type 'script'
option path '/usr/sbin/glqos.sh'
option reload '1'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'
config forwarding
option dest 'ovpn'
option src 'lan'
config forwarding
option dest 'ovpn'
option src 'wan'
config forwarding
option dest 'lan'
option src 'ovpn'
config forwarding
option dest 'wan'
option src 'ovpn'
config zone 'vpn_zone'
option name 'ovpn'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'ovpn'
option masq '1'
option mtu_fix '1'
config forwarding 'forwarding_vpn1'
option dest 'ovpn'
option src 'lan'
/etc/config/vpn_service
config general 'global'
option enable '0'
config service 'vpn'
option auth 'SHA1'
option proto 'udp'
option port '1194'
option dev 'tun-SERVER'
option dev_type 'tun'
option cipher 'BF-CBC'
option comp 'adaptive'
option subnet '10.8.0.0'
option mask '255.255.255.0'
option host '127.0.0.1'
Trying to reach the main config page of the home openvpn router result in showing it.
Trying to reach all the other ip's running behind the openvpn connection results in:
Even puting the ip of oe of the clients in DMZ is not working
Hope this is all the info you need to solve the issue
André