How to access openwrt router from outside via openvpn

acognard · October 17, 2020, 11:29am

hello,
i installed openvpn server/client. But i am not able to acces to my routeur (192.168.1.1) from another place with have the same routeur defintion IP !
so if i try to go to 192.168.1.1, i access to the local machine, not to my openwrt router.

can you help me please. Tks in advance.
Arnaud

vgaetera · October 17, 2020, 11:57am

You can access your router using its VPN IPv4 or IPv6 address.
Simply add the VPN interface to the LAN firewall zone on the router.

acognard · October 19, 2020, 8:21am

thks for your reply,
i think it is the case ...

riodoro · October 19, 2020, 10:51am

You can't use same ip-networks on both sides of your OpenVPN tunnel.
In my setup I use a fancy LAN network like 10.37.48.0; that is usually not used elswhere.

acognard · November 1, 2020, 9:41am

tks for your help, but sorry, i have no idea of how to ...

bellow my conf

config openvpn 'vpn_server'
option dev 'tun'
option ifconfig '10.0.0.1 10.0.0.2'
option keepalive '10 60'
option log '/var/log/openvpn.log'
option status '/var/run/openvpn.status 5'
option mute '5'
option mode 'server'
option route_gateway 'dhcp'
option persist_tun '1'
option persist_key '1'
option server '10.8.0.0 255.255.255.0'
Sincerly.
Arnaud

vgaetera · November 1, 2020, 10:04am

acognard · November 1, 2020, 12:59pm

sorry, it does not help me.

i connect to openvpn from my phone (4g). I can access to my machines (ie 192.168.1.xxx) but not able to access to my router ( 192.168.1.1) : ERR_Connection_refused
using 10.8.0.1, 10.0.0.1 is neither working.

Sun Nov 1 13:56:22 2020 us=411754 vpn_client/xx.xxx.xxx.xxx:64379 SENT CONTROL [vpn_client]: 'PUSH_REPLY,persist-key,persist-tun,user nobody,topology subnet,route-gateway dhcp,redirect-gateway def1,block-outside-dns,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)

tks

vgaetera · November 1, 2020, 1:10pm

Change on the server:

topology subnet

acognard · November 1, 2020, 1:44pm

it is the case

config openvpn 'vpn_server'
option dev 'tun'
option ifconfig '10.0.0.1 10.0.0.2'
option keepalive '10 60'
option log '/var/log/openvpn.log'
option status '/var/run/openvpn.status 5'
option mute '5'
option mode 'server'
option route_gateway 'dhcp'
option persist_tun '1'
option persist_key '1'
option server '10.8.0.0 255.255.255.0'
option client_to_client '1'
option tls_server '1'
option cert '/etc/easy-rsa/pki/issued/vpn_server.crt'
option key '/etc/easy-rsa/pki/private/vpn_server.key'
option tls_auth '/etc/easy-rsa/pki/ta.key 0'
option user 'nobody'
option group 'nogroup'
option dh '/etc/easy-rsa/pki/dh.pem'
option ca '/etc/easy-rsa/pki/ca.crt'
option comp_lzo 'yes'
option float '1'
option verb '4'
option port '1194'
option proto 'udp'
list push 'persist-key'
list push 'persist-tun'
list push 'user nobody'
list push 'topology subnet'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
list push 'block-outside-dns'
option enabled '1'

vgaetera · November 1, 2020, 2:01pm

uci -q delete openvpn.vpn_server.ifconfig
uci set openvpn.vpn_server.topology="subnet"
uci del_list openvpn.vpn_server.push="topology subnet"
uci commit openvpn
/etc/init.d/firewall restart

acognard · November 1, 2020, 3:06pm

Done, but topology net30 seems to persist !

Sun Nov 1 15:55:08 2020 us=408026 vpn_client/xxx.xxx.xxx.xxx:56789 SENT CONTROL [vpn_client]: 'PUSH_REPLY,persist-key,persist-tun,user nobody,**topology subnet**,route-gateway dhcp,redirect-gateway def1,block-outside-dns,route 10.8.0.0 255.255.255.0,**topology net30**,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)

vgaetera · November 1, 2020, 11:02pm

uci show openvpn.vpn_server