Can't connect ovpn client from internet using mobile data

Setting dest_ip to a non-public IP is wrong. To open a port you only need options src, target, proto, and dest_port. Firewall rules act only if all the specified conditions match. So don't impose extra conditions.

The old syntax was option proto 'tcp udp' I don't know if multiple protocols can be done with list proto. But two points on that, if you're running the server in UDP mode you don't need to allow TCP at all, and if you wanted to allow both you could write two separate rules.

Also, your ISP may be blocking UDP or not forwarding it correctly. In that case the workaround is to use TCP.

My isp has nothing to do with the problem because I've tested everything using a RPi4 and it works.
I'gonna try separating rules in different lines and deleting dest_ip.

Not working. Very odd problem.

I've changed the router to test with the isp's and no problem, I can connect via udp protocol, so that concludes that the problem is in openwrt firewall.

Thanks again for the help. I'll keep investigating.

I thought you were running OpenVPN on your main router, in that case you would open the port to allow incoming connections on the local router. If you have a separate server you need to configure the main router to forward the public VPN server port to it.

Scrolling down to the bottom of your configuration (which I assume is the main router) you have done both, which is not going to work. The first rule listed that matches the conditions will take action and subsequent rules will be ignored. So since the local open is listed first the packet is accepted and sent to the OpenWrt OS, where it is then refused since there is no process bound to the port.

1 Like

Rules in the nat table take priority over the filter table.
Anyway, the current topology is too confusing for me to comment.

1 Like

Yes, oVPN is running in the main router and the port allows incoming connections to de router. I did this, several times.

I don't understand when u say: since there is no process bound to the port., of course there is a process bounded to the port and is oVPN server:`

root@OpenWrt:~# netstat -lp | grep openvpn
udp        0      0 0.0.0.0:openvpn         0.0.0.0:*                           16788/openvpn

Odd odd issue. I'm starting to think it's a bug.

Working now.

For anyone who needs help, I must say that I don't know what was the problem.
I reinstalled everything from zero and now it works, but some advice is that in the firewall zones, tun0 must be specified in the covered devices. If everything fails, start from scratch cleaning every config file. When you're stuck, you change things here and there and lost control of this changes. This is what I did.

Thanks to everybody who helped me.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.