Can't access remote LAN resources

I'm running OpenWrt 18.06.4 on BT Home Hub 5A.
I set up a new OpenVPN server. My goal was to access my LAN resources from a Windows or Android client. The clients get the connection established but for some reason I can't access the resources.They either time out or load after 3rd or 4th attempt. Even then they load very slowly. The same applies to web pages. I put my config below

client

verb 3
dev tun
nobind
client
remote xxx.xxx.net 1194 udp
auth-nocache
remote-cert-tls server

head -n -0 /etc/openvpn/*.conf

verb 4
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.200.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='xx'
network.atm=atm-bridge
network.atm.payload='bridged'
network.atm.vci='38'
network.atm.vpi='0'
network.atm.encaps='llc'
network.atm.nameprefix='dsl'
network.dsl=dsl
network.dsl.ds_snr_offset='0'
network.dsl.line_mode='vdsl'
network.dsl.annex='b'
network.dsl.xfer_mode='ptm'
network.dsl.tone='a'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='xx'
network.wan=interface
network.wan.ifname='dsl0.101'
network.wan.proto='pppoe'
network.wan.username='xx@xx'
network.wan.password='xx'
network.wan.ipv6='auto'
network.wan.peerdns='0'
network.wan.dns='151.80.222.79 104.238.186.189'
network.wan_dev=device
network.wan_dev.macaddr='xx'
network.wan_dev.name='dsl0'
network.wan6=interface
network.wan6.proto='dhcpv6'
network.wan6.ifname='dsl0'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 6t'
network.vpnserver=interface
network.vpnserver.proto='none'
network.vpnserver.ifname='tun0'
network.vpnserver.auto='1'
network.wan_ethernet=interface
network.wan_ethernet.proto='dhcp'
network.wan_ethernet.ifname='eth0.2'
network.wan_ethernet.macaddr='xx'

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.lan.network='lan'
firewall.lan.device='tun0'
firewall.wan=zone
firewall.wan.name='wan'
firewall.wan.input='REJECT'
firewall.wan.output='ACCEPT'
firewall.wan.forward='REJECT'
firewall.wan.masq='1'
firewall.wan.mtu_fix='1'
firewall.wan.device='tun0'
firewall.wan.log='1'
firewall.wan.network='wan wan6 wan_ethernet'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[1].enabled='0'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-OpenVPN'
firewall.@rule[9].src='wan'
firewall.@rule[9].proto='tcp udp'
firewall.@rule[9].dest_port='1194'
firewall.@rule[9].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].masq='1'
firewall.@zone[2].name='vpnserver'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].network='vpnserver'
firewall.lan_wan=forwarding
firewall.lan_wan.src='vpnserver'
firewall.lan_wan.dest='lan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='lan'
firewall.ovpn=rule
firewall.ovpn.name='Allow-OpenVPN'
firewall.ovpn.src='wan'
firewall.ovpn.dest_port='1194'
firewall.ovpn.proto='udp'
firewall.ovpn.target='ACCEPT'

Assuming that whatever the connection issue is resolved, with OpenVPN and a low-powered SoC, you're likely looking at around 10 Mbps throughput (which would be split among all devices, and slowed by other activity on the device).

Some of the issue might be related to running PPPoE as well as the VPN server. Is there a way you could test the OpenVPN performance without involving your ISP?

I use vpn for simple file operation so 10Mb is enough. I used this router as a vpn server before and had no issues. I think there is a bug in configuration.

Just to give advice to anyone who come across the same issue. I reset my OpenWrt router and set up everything from the scratch. I followed the steps from OpenWrt OpenVPN tutorial. It didn't help. I started searching for possible OpenVpn issues with PPPOE and came across one post with the same issue as mine. The suggested solution was to change the protocol to TCP. I tried it and VPN started working!

Regarding throughput I achieved 5.6MB/s when transferring a file.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.