Connected onto openvpn but unable to get internet out wireless/ lan devices

Installing and Using OpenWrt Network and Wireless Configuration
#1

Hi there, I will love to have some assistance with this setup. Something unique about my setting is that I require openvpn in order to use internet. this is requirement from my university. So after finally setting up my openvpn and it states that it is connected, I am still unable to access internet on my external devices through wireless/ lan. I have been able to ping google.com while ssh into the router. When going through other posts, I can see that I have to do something to the firewall but I am not certain what I have to do.

My router is a Asus RT AC-51U.

Configurations from my openvpn:

config openvpn 'Esslingen'
	option config '/etc/openvpn/Esslingen.ovpn'
	option enabled '1'

Configurations from my firewall:

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option name 'Esslingen'

config forwarding
	option src 'lan'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'Esslingen'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

Configurations from my opvn file:

client
dev tun
remote *******.*******.de
remote *******.*******.de
port 1194
pull
auth-user-pass /etc/openvpn/pass.txt
tun-mtu 1500
mssfix 1400
key /etc/openvpn/key.txt
cert /etc/openvpn/cert.txt
ca /etc/openvpn/he-ca.txt
comp-lzo
keepalive 10 60
nobind
float
cipher BF-CBC
ns-cert-type server

Will greatly appreciate any help i can get !

#2

please use preformatted text if possible.

you have no referce to your vpn device in firewall add to your wan zone or Esslingen as you name it:

list device 'tun0'

Kep

1 Like
#3

fwiw, review the ' Alternative guide for OpenVPN client with LuCI' tutorial PDF found at bottom of owrt wiki page for setting up firewall zones etc.

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci
(update: corrected above URL)

1 Like
#4

Thank you guys so much!!! It has been configured! Really appreciate it!

#5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.