Forward port on OpenWrt to server through OpenVPN


I want to connect two networks using OpenVPN where my OpenWRT router (TP-WDR4300 with 21.02 version) is a client. This is working and I can reach any host on the remote network from the OpenWRT router.

Now I want to configure OpenWRT to act as a forwarder/tunnel/proxy to a specific port in a host on the remote newtork with something like this: App on TV => OpenWRT on port 32400 => VPN => Plex Server on port 32400.

The OpenWRT is not connected to internet directly because there's a router (from my network provider).

Can this can be done using any proxy or port forwarding?. Is there any way to make any device connected to OpenWRT to reach OpenVPN hosts?. I have limited knowledge of IPTables and firewall and I tried to forward ports between interfaces but there's no tun/vpn interface.


Set up so OpenWrt (and its LAN including the TV) has a route to the remote LAN with the server's IP directly. Then configure the app to use that IP.

Thanks Mike, that's the concept, but I don't know how to do that. Do you mean a route on "Static routes" section? How can I do that without an interface for VPN, or what's the parameters to create this interface?

The ideal setup for me is that all traffic of any device connected to the OpenWRT (LAN or WIFI) be routed through the VPN so it can reach any server on remote network and even use its public IP.


If both the OpenVPN client and server are the main routers for their respective LANs, all that needs to be done is have the OpenVPN server (which is at the site with the video server) push a route to its LAN to the OpenVPN client.

Try these iptables rules for testing purposes:

iptables -I forwarding_rule -i tun+ -j ACCEPT
iptables -I forwarding_rule -o tun+ -j ACCEPT
iptables -t nat -I postrouting_rule -o tun+ -j MASQUERADE

The client router is not the main router, is just another device in a network. The OpenVPN server is a raspberry pi on the remote network.

Will try these rules...

If the client router is not connected to the main router via its wan port (double NAT) but acts as a dumb AP for the wireless lan clients, the rules won't work.

I suspect this is why I had no success with any solution :thinking:

On the client side, the VPN-users LAN (the TV) should be connected directly to the box that is running the OpenVPN client, and on a network that is originated from that box-- it is the default route for that LAN. It will NAT into the VPN tunnel. Once in the tunnel the fact that it is additional NAT to the Internet doesn't matter.