Cannot connect to VPN

I have set up OpenVPN in order to remotely connect to my home network. However, something is wrong with my Firewall I think, as I get Server poll timeout errors in the OpenVPN client.

My setup is as follows:
I have a DS Lite connection, so everything is IPv6 only. I've set up a DynDNS entry using Route53, which all seems to work correctly, i.e. it is updated automatically should my IP address change, and doing ping vpn.myurl.com works.

I have the standard zone forwardings:

image1942×1394 201 KB

I don't have any port forwards and this is the entry for my Traffic Rule:

image1942×1162 170 KB

image1942×1162 196 KB

However, this is what happens when I try to connect to the VPN:

[Jan 26, 2025, 10:31:22] START CONNECTION

[Jan 26, 2025, 10:31:22] ----- OpenVPN Start -----
OpenVPN core 3.10.5 ios arm64 64-bit

[Jan 26, 2025, 10:31:22] OpenVPN core 3.10.5 ios arm64 64-bit

[Jan 26, 2025, 10:31:22] Frame=512/2112/512 mssfix-ctrl=1250

[Jan 26, 2025, 10:31:22] NOTE: This configuration contains options that were not used:

[Jan 26, 2025, 10:31:22] Unsupported option (ignored)

[Jan 26, 2025, 10:31:22] 0 [user] [nobody]

[Jan 26, 2025, 10:31:22] 1 [group] [nogroup]

[Jan 26, 2025, 10:31:22] EVENT: RESOLVE

[Jan 26, 2025, 10:31:22] Contacting [<correct IPv6 address>]:1194 via UDP

[Jan 26, 2025, 10:31:22] EVENT: WAIT

[Jan 26, 2025, 10:31:22] Connecting to [vpn.myurl.com]:1194 (<correct IPv6 address>) via UDP

[Jan 26, 2025, 10:31:32] Server poll timeout, trying next remote entry...

[Jan 26, 2025, 10:31:32] EVENT: RECONNECTING

[Jan 26, 2025, 10:31:32] EVENT: RESOLVE

[Jan 26, 2025, 10:31:32] Contacting [<correct IPv6 address>]:1194 via UDP

[Jan 26, 2025, 10:31:32] EVENT: WAIT

<...>

[Jan 26, 2025, 10:32:18] Connecting to [vpn.myurl.com]:1194 (<correct IPv6 address>) via UDP

[Jan 26, 2025, 10:32:22] EVENT: CONNECTION_TIMEOUT [ERR]

[Jan 26, 2025, 10:32:22] EVENT: DISCONNECTED

[Jan 26, 2025, 10:32:22] EVENT: CORE_THREAD_DONE

[Jan 26, 2025, 10:32:22] EVENT: DISCONNECT_PENDING

[Jan 26, 2025, 10:32:22] Raw stats on disconnect:
  BYTES_OUT : 20827
  PACKETS_OUT : 59
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 5


[Jan 26, 2025, 10:32:22] Performance stats on disconnect:
  CPU usage (microseconds): 73547
  Network bytes per CPU second: 283179
  Tunnel bytes per CPU second: 0

Any idea why this is not working?

On the LAN firewall zone you have to add the OpenVPN Device if you did not specify it it could be tun0
Other wise look at ifconfig what the device name is

I did that. The guide on the wiki specifies tun+, but indeed using ifconfig it seems to be tun0. But still it doesn't work

$ ifconfig
<..>
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.8.1  P-t-P:192.168.8.1  Mask:255.255.255.0
          inet6 addr: fe80::d0e5:5995:c7d8:e021/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:304 (304.0 B)

$ uci show firewall.lan.device
firewall.lan.device='tun0'

$ uci show firewall.@rule[0]
firewall.cfg0592bd=rule
firewall.cfg0592bd.name='Allow VPN'
firewall.cfg0592bd.family='ipv6'
firewall.cfg0592bd.proto='udp'
firewall.cfg0592bd.src='wan'
firewall.cfg0592bd.dest_port='1194'
firewall.cfg0592bd.target='ACCEPT'

Of course I've committed the firewall and restarted the service.

The phone should be using the LTE network not your house wifi, to properly test connecting from outside.

Run tcpdump on your router's wan and confirm that requests from the phone are actually arriving through the ISP.

I think by default OpenVPN does not listen on IPv6 unless so configured. Run netstat -lnp to confirm port 1194 is open on ::/0.

My phone is using mobile connection, Wifi turned off. Indeed I haven't configured OpenVPN to listen to IPv6. I thought it's just "automatically" done, but alas I was wrong. I have tried following this guide from OpenVPN, but I'm not able to connect still. I'm pretty sure I'm doing something wrong. My knowledge about IPv6 is limited, but I'm trying to learn as I figure things out.

Maybe someone of you can help me with the settings of OpenVPN.

Current setup: Internet via DS-Lite connection to ISP mandatory router, in the ISP router I have turned on exposed host for my OpenWRT instance as well as activated prefix delegation, which looking at the UI seems to work:

Ohne Titel1970×1062 188 KB

This is the current server.conf:

tun-ipv6
push tun-ipv6
port 1194
proto udp6

# same as the address in IPv6-DP
ifconfig-ipv6 2a02:XXXX::/64 
push "route-ipv6 20a2:XXXX::/64"

ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/server.crt
key /etc/easy-rsa/pki/private/server.key

dh /etc/easy-rsa/pki/dh.pem

tls-crypt-v2 /etc/easy-rsa/pki/private/server.pem

crl-verify /etc/easy-rsa/pki/crl.pem

I'm not sure what needs to be done, can anybody point me in the right direction? Do I need to do what's described under "Split netblock configuration" in the OpenVPN guide? Are there any OpenWRT specific guides for this?