I have a WRT1900ACS with LEDE 17.01.4 and a OpenVPN server working (TUN), which I got it running by following step by step the great OpenVPN guide in the wiki.
I can connect to it via my smartphones and PCs with the official OpenVPN client and I can see the rest of the computers in the server LAN (and they can see me conected to it) and access to internet via the server WAN interface.
Ok, now I wanted to add a remote LEDE router connected as VPN client to my OpenVPN server via internet so all the clients connnected to this router are automatically under the VPN. Is that possible?
This router uses the WWAN interface to obtain access to internet from another router directly connected to the FTTH cable (I think it is called a routed client using masquerade). I have followed the steps detailed in this guide. I will post the results of the vpn-related parts from the client router.
My /etc/config/network looks like:
config interface 'vpn'
option ifname 'tun0'
option proto 'none'
option auto '1'
My /etc/config/openvpn:
config openvpn 'myvpn'
option enabled '1'
option client '1'
option dev 'tun'
option proto 'udp'
option resolv_retry 'infinite'
option nobind '1'
option persist_tun '1'
option persist_key '1'
option ca '/etc/openvpn/XXXX.ca'
option key '/etc/openvpn/XXXX.key'
option cert '/etc/openvpn/XXXX.cert'
option comp_lzo 'yes'
option verb '3'
option float '1'
option pull '1'
option remote 'XXXX 1194'
option tls_client '1'
option enable '1'
My /etc/config/firewall:
config zone
option name 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option network 'vpn
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option dest 'vpn'
option src 'lan'
So, the final result is that I can enable the myvpn instance, connect to it, I see traffic under the VPN0 interface (only TX no RX) but I cannot either access to internet or see the other computers in the VPN. Basically I cannot ping any client in the VPN subnet (10.8.0.0) so I think there is some big problem with the firewall rules/zones.
Anyone could help me?
Thansk in advance!