Maybe it's my ISP router?.. I have that set to Bridge mode (DMZplus) to my Openwrt router. But I thought DMZplus was suppose to allow ALL traffic through the device I tell it to go to?
Initial packet received is good, means there is a network connection.
TLS key negotiation failed probably means the server is using a TLS key but you haven't deployed and configured the same key on the client. This is a simple optional additional layer of security. It has nothing to do with the certificates.
It would be better to post here the configurations to see what can be the problem:
uci export network; uci export firewall; uci export openvpn; head -n -0 /etc/openvpn/*.conf; head -n -0 /etc/openvpn/*.ovpn
OH! Once i disconnected from the wifi, my phone was able to connect to the VPN instantly
If you are using the wan IP you should connect from the internet, not the lan.
Check if everything works as it should.
I'm connected to the vpn, but I can't get the internet at all nor can I get into my pi's Octoprint server <_>
Can you ping the router at least?
Post these to see what can be the issue.
uci export network; uci export firewall; uci export openvpn; head -n -0 /etc/openvpn/*.conf; head -n -0 /etc/openvpn/*.ovpn
The guide I follow doesn't create a bunch of .ovpn files, it just made one, but I made multiple Client certificate files
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr 'xxxxxx'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx::/xxx'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr 'xxxx'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'xxxxx'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ipaddr 'xxxx'
option netmask '255.255.255.0'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
list device 'tun0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'guest'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'lan_wan'
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option dest_port '53'
option name 'Guest DNS'
option target 'ACCEPT'
option src 'guest'
config rule
option dest_port '67-68'
option src 'guest'
option name 'Guest DHCP'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '1194'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'vpn0'
config forwarding
option src 'vpn'
option dest 'wan'
config forwarding
option src 'vpn'
option dest 'lan'
package openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'myvpn'
option enabled '1'
option dev 'tun'
option port '1194'
option proto 'udp'
option comp_lzo 'yes'
option status '/var/log/openvpn_status.log'
option log '/tmp/openvpn.log'
option verb '3'
option mute '5'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option group 'nogroup'
option mode 'server'
option tls_server '1'
option server '10.8.0.0 255.255.255.0'
option topology 'subnet'
option route_gateway 'dhcp'
option client_to_client '1'
list push 'comp-lzo yes'
list push 'persist-key'
list push 'persist-tun'
list push 'user nobody'
list push 'user nogroup'
list push 'topology subnet'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
list push 'route 10.10.1.0 255.255.255.0'
list push 'dhcp-option DNS 107.170.95.180'
list push 'dhcp-option DNS 50.116.40.226'
option ca '/etc/easy-rsa/pki/ca.crt'
option cert '/etc/easy-rsa/pki/issued/A7Octo.crt'
option key '/etc/easy-rsa/pki/private/A7Octo.key'
option dh '/etc/easy-rsa/pki/dh.pem'
client.ovpn
#specify TUN vs. TAP (if you're not sure, you want TUN)
dev tun
#specify protocol to use (default is UDP)
proto udp
#Certificate information
ca ca.crt
cert novag6.crt
key novag6.key
#client settings
client
remote-cert-tls server
remote xxxxxx.duckdns.org 1194
Let me offer a piece of advice here. Covering the loopback IP, the ULA, and the other private IPs means you lack fundamental knowledge of networks.
Since you didn't follow the guide from the OpenWrt wiki, I don't want to have to guess what went wrong with the random guide you followed.
So it's faster to just follow the official guide which is tested and works. If you copy paste the commands without alternations there will be no mistake.
I tried the Openwrt guide too, but doesn't even generate the openvpn settings at all, at least from what I can see on luci. It just made the firewall but not the vpn configurations
All the keys,certs, etc are located in /etc/easy-rsa/pki and they are also imported to the openvpn.conf file. Isn't that so?
The parts with easyrsa generated fine (since the commands are the same in both guides) but when it came to generating the client and server configurations, the Openwrt guide's commands doesn't seem to run at all.
--Edit--
I took another attempt again at the openwrt guide, and I can confirm that the client files generate but nothing is generated or changed when running with the server commands.
That is weird because I just copy pasted the commands and I got myself the /etc/openvpn/server.conf
Paste here all the commands you pasted on the console and the errors if any.
In my frustration I went and cleared all of the keys and stuff I made and started over with the Openwrt guide and finally realized that the commands weren't actually directly adding the configurations with UCI but where being saved in /etc/openvpn/. So I went and imported the conf file that the command made into Openwrt but I can't get the server to run <_>
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde0:a862:5e3e::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr '98:da:c4:7c:0d:24'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
list device 'tun0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'guest'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'lan_wan'
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option dest_port '53'
option name 'Guest DNS'
option target 'ACCEPT'
option src 'guest'
config rule
option dest_port '67-68'
option src 'guest'
option name 'Guest DHCP'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '1194'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'vpn0'
config forwarding
option src 'vpn'
option dest 'wan'
config rule
option src 'vpn'
option name 'OpenVPNToPi'
option dest 'lan'
list dest_ip '192.168.1.130'
option target 'ACCEPT'
config rule 'ovpn'
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'udp'
option target 'ACCEPT'
package openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'myvpn'
option dev 'tun'
option port '1194'
option proto 'udp'
option comp_lzo 'yes'
option status '/var/log/openvpn_status.log'
option log '/tmp/openvpn.log'
option verb '3'
option mute '5'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option group 'nogroup'
option mode 'server'
option tls_server '1'
option server '10.8.0.0 255.255.255.0'
option topology 'subnet'
option route_gateway 'dhcp'
option client_to_client '1'
list push 'comp-lzo yes'
list push 'persist-key'
list push 'persist-tun'
list push 'user nobody'
list push 'user nogroup'
list push 'topology subnet'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
list push 'route 10.10.1.0 255.255.255.0'
list push 'dhcp-option DNS 107.170.95.180'
list push 'dhcp-option DNS 50.116.40.226'
option ca '/etc/easy-rsa/pki/ca.crt'
option cert '/etc/easy-rsa/pki/issued/A7Octo.crt'
option key '/etc/easy-rsa/pki/private/A7Octo.key'
option dh '/etc/easy-rsa/pki/dh.pem'
config openvpn 'Octoprint'
option config '/etc/openvpn/Octoprint.ovpn'
option enabled '1'
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
XXXXXXXXXXXX
-----END DH PARAMETERS-----
</dh>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/Octoprint.ovpn <==
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
XXXXXXXXXXXX
-----END DH PARAMETERS-----
</dh>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/novag6.ovpn <==
verb 3
dev tun
nobind
client
remote enderwolf3d.duckdns.org 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/ryzennova.ovpn <==
verb 3
dev tun
nobind
client
remote enderwolf3d.duckdns.org 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/thinknova.ovpn <==
verb 3
dev tun
nobind
client
remote enderwolf3d.duckdns.org 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
I think there are 3 OpenVPN servers trying to run on the same port, so it is no surprise that it is not working.
Clean up the device from previous configurations.
Also the firewall is a mess. tun0 is member of the lan zone, vpn0 is member of vpn zone, and 1194 is opened twice.
I cleared as much of the configurations as I could find.. but still can't get it to start
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde0:a862:5e3e::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr '98:da:c4:7c:0d:24'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
list device 'tun0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'guest'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'lan_wan'
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option dest_port '53'
option name 'Guest DNS'
option target 'ACCEPT'
option src 'guest'
config rule
option dest_port '67-68'
option src 'guest'
option name 'Guest DHCP'
option target 'ACCEPT'
list proto 'udp'
config rule 'ovpn'
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'udp'
option target 'ACCEPT'
package openvpn
config openvpn 'Octoprint'
option config '/etc/openvpn/Octoprint.ovpn'
option enabled '1'
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END DH PARAMETERS-----
</dh>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/Octoprint.ovpn <==
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
-----BEGIN DH PARAMETERS-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END DH PARAMETERS-----
</dh>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
==> /etc/openvpn/client.ovpn <==
verb 3
dev tun
nobind
client
remote enderwolf3d.duckdns.org 1194 udp
auth-nocache
remote-cert-tls server
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
I seem to be getting errors like this
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: UDPv4 link local (bound): [AF_INET][undef]:1194
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: UDPv4 link remote: [AF_UNSPEC]
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: GID set to nogroup
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: UID set to nobody
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: MULTI: multi_init called, r=256 v=256
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: IFCONFIG POOL: base=192.168.8.2 size=252, ipv6=0
Sat May 30 18:38:49 2020 daemon.notice openvpn(server)[3806]: Initialization Sequence Completed
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Diffie-Hellman initialized with 2048 bit key
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat May 30 18:38:53 2020 daemon.err openvpn(Octoprint)[3848]: ERROR: Cannot ioctl TUNSETIFF tun0: Resource busy (errno=16)
Sat May 30 18:38:53 2020 daemon.notice openvpn(Octoprint)[3848]: Exiting due to fatal error
Even odder is that this never happened when I did the configurations from this guide
I finally figured out what it was, OpenVPN kept on reading the client.ovpn file on the router and kept running it before I told luci to run the same one which I imported into Openwrt. I removed the server.ovpn one off the router and finally got it to run and connect. And I can get internet connection 
But now I'm back to square 2.. I'm not sure how to direct traffic to my pi's server.
No need to direct anything, point the OpenVPN client to the IP of the RPi server.
Er.. how do I do that? I'm quite new to this stuff as you can see <_>