Hello,
I just installed openvpn server. Clients using 4G (in WAN zone) can connect to the server without issue. They are assigned a private IP address (192.168.8.2 ....). They have access to LAN and to the internet. The issue is with devices that are in LAN. They can no more connect to the internet. However, they can ping sites like google...
root@machine1# ping google.com
64 bytes from 216.58.197.206: seq=0 ttl=115 time=13.087 ms
64 bytes from 216.58.197.206: seq=1 ttl=115 time=9.390 ms
Below are the network and firewall configurations. Any advice will be helpful. Thank you very much.
uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdd1:7762:2478::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.16.1'
network.lan.gateway='192.168.1.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_eth0_2_dev=device
network.wan_eth0_2_dev.name='eth0.2'
network.wan_eth0_2_dev.macaddr='3c:84:6a:49:10:d8'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='2 3 4 5 0t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='1 0t'
network.vpn0=interface
network.vpn0.ifname='tun0'
network.vpn0.proto='none'
I have removed some irrelevant firewall rules from the listing below to make it more readable, however, I can provide the whole listing if needed.
uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.lan.device='tun0'
firewall.lan.network=' '
firewall.wan=zone
firewall.wan.name='wan'
firewall.wan.output='ACCEPT'
firewall.wan.input='REJECT'
firewall.wan.forward='REJECT'
firewall.wan.masq='1'
firewall.wan.mtu_fix='1'
firewall.wan.network='wan6'
firewall.lan_wan=forwarding
firewall.lan_wan.src='lan'
firewall.lan_wan.dest='wan'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-OpenVPN-Inbound'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].src='wan'
firewall.@rule[9].proto='udp'
firewall.@rule[9].dest_port='1194'
firewall.@zone[2]=zone
firewall.@zone[2].name='vpn'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='vpn0'
firewall.@zone[2].masq='1'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[1].src='vpn'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='wan'
firewall.@forwarding[2].src='vpn'