Lost internet after openvpn configuration

szakaria · February 20, 2021, 12:42pm

Hello,
I just installed openvpn server. Clients using 4G (in WAN zone) can connect to the server without issue. They are assigned a private IP address (192.168.8.2 ....). They have access to LAN and to the internet. The issue is with devices that are in LAN. They can no more connect to the internet. However, they can ping sites like google...

root@machine1# ping google.com

64 bytes from 216.58.197.206: seq=0 ttl=115 time=13.087 ms
64 bytes from 216.58.197.206: seq=1 ttl=115 time=9.390 ms

Below are the network and firewall configurations. Any advice will be helpful. Thank you very much.

uci show network

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdd1:7762:2478::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.16.1'
network.lan.gateway='192.168.1.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_eth0_2_dev=device
network.wan_eth0_2_dev.name='eth0.2'
network.wan_eth0_2_dev.macaddr='3c:84:6a:49:10:d8'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='2 3 4 5 0t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='1 0t'
network.vpn0=interface
network.vpn0.ifname='tun0'
network.vpn0.proto='none'

I have removed some irrelevant firewall rules from the listing below to make it more readable, however, I can provide the whole listing if needed.

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.lan.device='tun0'
firewall.lan.network=' '
firewall.wan=zone
firewall.wan.name='wan'
firewall.wan.output='ACCEPT'
firewall.wan.input='REJECT'
firewall.wan.forward='REJECT'
firewall.wan.masq='1'
firewall.wan.mtu_fix='1'
firewall.wan.network='wan6'
firewall.lan_wan=forwarding
firewall.lan_wan.src='lan'
firewall.lan_wan.dest='wan'

firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-OpenVPN-Inbound'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].src='wan'
firewall.@rule[9].proto='udp'
firewall.@rule[9].dest_port='1194'
firewall.@zone[2]=zone
firewall.@zone[2].name='vpn'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='vpn0'
firewall.@zone[2].masq='1'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[1].src='vpn'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='wan'
firewall.@forwarding[2].src='vpn'

vgaetera · February 20, 2021, 1:16pm

uci -q delete firewall.lan.network
uci add_list firewall.lan.network="lan"
uci commit firewall
/etc/init.d/firewall restart
uci -q delete network.lan.gateway
uci commit network
/etc/init.d/network restart
sleep 10
/etc/init.d/openvpn restart

szakaria · February 21, 2021, 12:13am

You saved me time. Thanks a million!

system · March 3, 2021, 12:14am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.