Cannot access router that is server from OpenVPN

I have this working with 18.06.4 but not the current release. I have a 19.7.3 OpenWRT server I have installed SAMBA and FTP and using the radio inside as a wired remote access point. The WAN interface is not used. The LAN interface has DHCP disabled and a static LAN address.

Now the OpenVPN SAMBA server LAN connector is attached to the main OpenVPN (19.7.3 fw) LAN port which is the main home router which has a DHCP server active and has OpenVPN server installed. It also has a radio active inside. Now the address of the OpenVPN SAMBA is 192.168.7.252 and is static.

I can log in the SAMBA server and access Luci via 192.168.7.252 and I can log in the main home router and access Luci (in the SAMBA server) via 192.168.7.252.

But when I tunnel in, I can no longer access the SAMBA server at 192.168.7.252. I believe this must be due to something inside the SAMBA server blocking the 10.8.0.x IP address that I have when I am coming in through the tunnel. This connection was not blocked with previous releases of OpenWRT because I am using this exact configuration in another house.

I've gone into the SAMBA server and gone to Network, Firewall and under Firewall Zone settings, I have disabled the SYN-flood and changed all defaults to ACCEPT but since this device is not really even routing, it must be something new in the internals of the software that blocks the IP address outside of the 192.168.7.x subnet from connecting to the static LAN IP I assigned to this router 192.168.7.252. Again, the WAN port is not in use and I have attached this server to the main router via a LAN to LAN connection as I have done many times in the past.

I have no background training but have been using OpenWRT since it's inception. I can run queries if anyone has the networking skills and has the time to assist. Thanks!

In effect, an OpenWRT router has been configured as a NAS device and connected via the LAN interface (instead of the WAN). The local subnet can get to the server but OpenVPN clients that come in over the LAN via another exteernal OpenVPN subnet address can access other appliances on the subnet, but not the NAS. Something inside the NAS is stopping out of subnet clients from connecting to the NAS LAN IP address which only responds on the assumed local subnet.

This is a change with the 19.7 firmware from 18.x

Can you ping the samba server when you are connected by VPN?
If yes then it is not routing issue.
Double check that firewall is not blocking anything. Is INPUT selected ACCEPT in lan zone?
Finally post here the samba configuration. Either some configuration file in /etc/config/smb... or /etc/smb/...

1 Like

I can ping the NFS server from either the NFS radio or the radio in the main home router. I cannot ping the NFS server when tunneled in, while I can ping every other appliance on that same local LAN.

/etc/config/samba4

config samba
	option workgroup 'WORKGROUP'
	option description 'Samba on OpenWrt'
	option charset 'UTF-8'

config sambashare
	option path '/mnt/sda2/Music'
	option name 'Music'
	option create_mask '0666'
	option dir_mask '0777'
	option read_only 'no'
	option guest_ok 'yes'

config sambashare
	option path '/mnt/sda2/Videos'
	option create_mask '0666'
	option dir_mask '0777'
	option read_only 'no'
	option guest_ok 'yes'
	option name 'Movies'

config sambashare
	option path '/mnt/sda2/'
	option name 'WD'
	option dir_mask '0777'
	option create_mask '0666'
	option force_root '1'
	option read_only 'no'
	option guest_ok 'yes'

I can't even get to the luci interface on the server from VPN when I am tunneled in. I can't ping, get to Luci or in any way communicate with the LAN attached NAS but if I am on the subnet via either radio I can get in. It must have to do with the IP address I come in over the VPN with.

That's tricky.

Please copy the output of the following commands from the NAS. Remember to redact passwords, MAC addresses and any public IP addresses you may have

uci export network; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
1 Like

Stating again that the way the NAS is attached to the network is via the LAN with an IP address of 192.168.7.252 and with the DHCP server disabled. There is no cable attached to the LAN. Other tidbits is that OpenVPN is installed on this device but disabled.


 OpenWrt 19.07.3, r11063-85e04e9f46
 -----------------------------------------------------
root@OpenWrt:~# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.7.1/24 brd 192.168.7.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    inet 189.***.***.*** peer 200.***.***.***/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
root@OpenWrt:~# ip -4 ro li tab all
default via 200.***.***.*** dev pppoe-wan
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 scope link  src 10.8.0.1
192.168.7.0/24 dev br-lan scope link  src 192.168.7.1
200.***.***.*** dev pppoe-wan scope link  src 189.***.***.***
local 10.8.0.1 dev tun0 table local scope host  src 10.8.0.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
local 189.***.***.*** dev pppoe-wan table local scope host  src 189.***.***.***
broadcast 192.168.7.0 dev br-lan table local scope link  src 192.168.7.1
local 192.168.7.1 dev br-lan table local scope host  src 192.168.7.1
broadcast 192.168.7.255 dev br-lan table local scope link  src 192.168.7.1
root@OpenWrt:~# ip -4 ru
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default


 
root@OpenWrt:~# head -n -0 /etc/firewall.user;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@OpenWrt:~# head -n -0 /etc/firewall.user; \
>
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# iptables-save -c; ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
# Generated by iptables-save v1.8.3 on Tue Jun  9 19:31:32 2020
*nat
:PREROUTING ACCEPT [4676:336912]
:INPUT ACCEPT [1065:89595]
:OUTPUT ACCEPT [2105:155435]
:POSTROUTING ACCEPT [1197:87835]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[4676:336912] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[2891:252124] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[0:0] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[1474:67767] -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
[311:17021] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
[5270:324338] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[253:20258] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
[4073:236503] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
[253:20258] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[2891:252124] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
[0:0] -A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
[311:17021] -A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
[4073:236503] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[4073:236503] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[1474:67767] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Tue Jun  9 19:31:32 2020
# Generated by iptables-save v1.8.3 on Tue Jun  9 19:31:32 2020
*mangle
:PREROUTING ACCEPT [132344:46184074]
:INPUT ACCEPT [34287:5046090]
:FORWARD ACCEPT [97635:41035581]
:OUTPUT ACCEPT [39963:21563555]
:POSTROUTING ACCEPT [137097:62578077]
[0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[1079:58408] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[23:1148] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Jun  9 19:31:32 2020
# Generated by iptables-save v1.8.3 on Tue Jun  9 19:31:32 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_dest_REJECT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[11118:976042] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[23172:4070168] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[19383:3835080] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1446:60132] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[4:168] -A INPUT -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN-Inbound" -j ACCEPT
[1471:132991] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[2300:101183] -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
[14:746] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
[97635:41035581] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[92126:40599634] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[4258:346589] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
[1251:89358] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[11118:976042] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[28850:20589553] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[27638:20495253] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[36:13140] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[1176:81160] -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
[2244:92965] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[50:7810] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[1446:60132] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[696:47076] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[4258:346589] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[4258:346589] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1471:132991] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[1471:132991] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[36:13140] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[36:13140] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1471:132991] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
[1251:89358] -A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
[1251:89358] -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
[660:33936] -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
[0:0] -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_REJECT
[14:746] -A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
[0:0] -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[14:746] -A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
[0:0] -A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
[0:0] -A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
[14:746] -A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
[501:21059] -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[5524:462112] -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[2300:101183] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[6:408] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[2294:100775] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[1176:81160] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[1176:81160] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
[2294:100775] -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Tue Jun  9 19:31:32 2020
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.7.1/24 brd 192.168.7.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
    inet 189.***.***.*** peer 200.***.***.***/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
default via 200.***.***.*** dev pppoe-wan
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 scope link  src 10.8.0.1
192.168.7.0/24 dev br-lan scope link  src 192.168.7.1
200.***.***.*** dev pppoe-wan scope link  src 189.***.***.***
local 10.8.0.1 dev tun0 table local scope host  src 10.8.0.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
local 189.***.***.*** dev pppoe-wan table local scope host  src 189.***.***.***
broadcast 192.168.7.0 dev br-lan table local scope link  src 192.168.7.1
local 192.168.7.1 dev br-lan table local scope host  src 192.168.7.1
broadcast 192.168.7.255 dev br-lan table local scope link  src 192.168.7.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
root@OpenWrt:~#

Perhaps you're missing the client-to-client directive in your OpenVPN config?

1 Like

I fixed it. What I am doing is splitting up services between 2 openwrt routers. I had one router runninng OpenVPN, plus SAMBA, FTP and other very data intensive apps. I had disabled OpenVPN on the NFS but I had not removed it yet. What I did was both opkg remove openvpn-openssl and also I added a gateway definition to the LAN interface and a DNS server entry as well, naming the home router 192.168.7.1 as both and with this, everything started working as expected.

Thanks to those who provided help. I appreciate it!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.