Forward traffic between subnets and allow subnet internet access

I have a VPN on a device ( that assigns IPs on the subnet. The assigned IPs cannot see the internet or any device on that's not Previous consumer router let this access just happen. (the device is on a proxmox host that also has OpenWRT intalled and a virtual bridge is giving access to OpenWRT - but I don't think the issue is with proxmox since since proxmox isn't in the business of routing)

I've tried a few things from adjacent search results and they didn't work (won't list them, they didn't work and reverted anyway). How do I set OpenWRT so that can access the main subnet and the internet?

I'm finding it hard to understand the topology here...

Is this device an OpenWrt system? Or some other system? Is this VPN acting in a server or client capacity?

What devices are assigned addresses in this subnet? (where are they relative to the network?)

Maybe a diagram would help -- be sure to make the diagram complete with all relevant infrastructure along with addresses for each device (real or virtual). Make it clear what OS/environment each device is running.

And then, for the hosts having issues connecting, show the addresses of those hosts and the addresses they are trying to reach.

We will surely want to see config information, too, but right now it's probably best to understand the topology first.

Thanks for taking the time to respond! I hope this network topology diagram helps, never made one before so tried my best.

The VPN is a server that accepts outside connections from clients and assigns them static IPs that are outside of the "main" local subnet. The VPN-assigned client would physically be outside the network but due to the VPN its traffic would be originating from the VPN server.

An outside connection can make it to and establish a VPN connection, get assigned a VPN client IP of, and SSH to but that VPN client w/ IP cannot access any other devices on the subnet (like or [OpenWRT device]) or the internet.

Let me know if you need more info, I may be leaving out needed info b/c I don't know it is essential!

what vpn protocol are you using? wireguard? openvpn? something else?

This problem is not related to OpenWrt since your VPN is not running on OpenWrt, but I think the solution should hopefully be simple by checking the VPN configuration. Your linux box will still be responsible for the routing between the VPN and main networks, but that doesn't necessarily need to be an issue.

You were right, I looked into the setup steps for the VPN (Wireguard) and it had an iptables definition that required calling out the network interface. I put eth0 per the guide but the network interface was actually named ens0. Changed those eth0 references in iptables to ens0 and it all works - I assumed OpenWRT needed a manual config to allow subnet to chat with the subnet but I was wrong!

Thanks for your time - especially since this wasn't an OpenWRT issue at all!

Glad it is working now! The linux host that is running the WG endpoint is, in this case, responsible for routing the traffic to your main network. It is probably running it in a NAT masquerade configuration currently.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.