hi, i'm trying to set up a private vpn between two offices, i'm using two small devices that have a built-in openvpn function (GL.iNet GL-MT300N-V2 Mini Travel Router, WiFi Converter, OpenWrt Pre-Installed, Repeater Bridge, 300Mbps High Performance, OpenVPN Client) i've correctly set up server and client but i can't ping from server side to client side while yes i'm be able to do the reverse, any suggest how to fix it? thanks in advance for your support.
Most likely the firewall in client side.
Please post the configuration in preformatted text
uci show firewall
this is client side ---> https://pastebin.com/c5EUvxi7
Just as I thought. Add the tunnel interface in the lan zone.
thanks for your quick reply, could you please tell me how can i add ?
Under Network-Interfaces edit the tunnel interface, go to Firewall Settings tab and Assign it under lan zone.
Yes, you need to add in the same zone the tunnel interface too.
sorry but I don't understand what does it mean "add tunnel interface" I have this in interfaces, maybe I need to press + to add something new?
No, you need to edit the tunnel interface. This is the OVPN, not the LAN.
You have assigned it to a zone of its own, so you either allow forwardings from/to LAN, or assign it in the same zone as LAN (which is easier).
so I don't know how to proceed I've done the server with a wizard, and I've exported the certificate in the client side, that's all, now could you please explain step by step how can I "made" this tunnel forwarding to be able to ping from server Lan that is 192.168.8.x in to the client Lan side that is 192.168.5.x?
The step by step procedure to assign the interface in lan zone is explained here.
If you'd rather enable forwardings from lan to the vpn zone, then you need to go to the firewall, edit the lan zone and enable forwarding from and to the vpn zone.
Because you are in the LAN interface and not in the OVPN.
Yes that's better. Is it working now?
no still the same client side 192.168.5.1 ping ok the server lan 192.168.8.1 while client side 192.168.5.1 doesn't ping server lan 192.168.8.1 as in the picture I'm so frustrated
Then you need to go through your configurations and make sure of the following:
- Server side router has a route in the routing table for the client's LAN subnet.
- Client side router has a route in the routing table for the server's LAN subnet.
- Firewall is not blocking the traffic from vpn interface to the lan interface on both server and client. (basically what we did in the previous posts)
Can you ping router running OpenVPN-client? To access lan behind client you should use iroute option along with routing options.