How can I open-up VLAN to internet fully - Using LUCI GUI

You haven't really done anything with your 'proof of concept' other than bypass the firewall, which isn't really a great idea. You'd be far better off learning how to use the firewall properly, i.e. open/forward ports that need to be opened.

Yes, I Am very much aware of that! I thought I'd be able to do that as I progressed, but it is much harder (for me) than I thought and especially I find it difficult to use the right search-terms for what I try to accomplish.. I'm not giving up on it. I want to be much better aware when I implement my webserver related configs and something doesn't work, if can focus troubleshooting on the server part or if the issue at hand is network related. It's all so much new material to me that I have difficult times to continue with good motivation if I cannot find a resolution in a reasonable time.. :wink:

So I'm really grateful for the support I got so far! :+1:

I think the question for you is:
Do you want to enable full access for yourself only or for the whole internet?
You can have full access for yourself. Just connect to the VPN server from the internet and route the packets internally. Then you will be able to reach all your internal infrastructure without limitations.
If you want to allow anyone from the internet, then my previous reply applies.

Ok.. Done, I throw it in the ring and give up. I've spent the best part op last 3 hours trying to get it to work with the OpenWrt VPN-client to no avail.

I have reverted to my original setup, done in 10 minutes to get that working again. I'm facing the same challenges of course, but for the heck of me I can not understand how to configure it. In prvious answers in this thread, I get feedback like: "Just connect to the VPN server from the internet and route the packets internally".. or I should use: "individual DNATs where you can select which protocol/port will be forwarded to which private IP"..

And then I sit here, trying my way in, searching this forum, scratching my head, searching google, how to route packets with OpenWrt, or how to configure individual DNATs, trying again to reconfigure my OpenWrt, changing yet something else and NEVER any bit of success. I'm not a network guy, at least not on the level of packets that's for sure. I have a basic understanding of the topology and I will have to work with that because I'm not going to buy books and start a study in networking packets.

On this forum I would say: for me, there is a lack of clear examples. I can see some people trying to help me and I greatly appreciate the effort, but the help does not match what I need.

I will see if I can find another box with decent hardware AES encryption as a dedicated VPN box within my network, so I can make my 'Proof of Concept' the real deal. Or I re-purpose my current OpenWrt box to serve as the OpenVPN client (ignoring the second onboard nic) in my network because it is massively over-dimensioned to serve as just a plain, simple OpenWrt router.

Thanks, cheers, Igor

Still, you didn't answer my question, so I cannot help you further.

You need to understand that this is not something that one can find in an example somewhere. You are trying to implement something that very few people will even think of. Moreover there is the OpenVPN Server with some unknown to us OS, which makes it harder.
Typically a static route is enough to route packets to the right interface so they can find their way.

You already have one and it is not utilized, what good will it come from the second?

@ikerstges - there are lots of examples of various types of configurations in the wiki and the forums. And users are encouraged to contribute.

I think the issue here is that nobody really understands exactly what you are trying to achieve.

It still is not clear if you are trying to access your network for yourself (i.e. through a VPN), or if you are trying to serve stuff to anyone/everyone on the internet as a whole. And if you are tying to serve to the internet as a whole, it isn't clear exactly what you want to serve (you can't just arbitrarily provide complete unfettered access to multiple hosts via a single IPv4 address).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.