Hi,
I hope to get some help here. I am trying to access my homenet thru openvpn and have no more ideas.
In my house there are 3 floors. Downstairs comes my Internet there is installed a TP-Link Archer VR600. It has static LAN Adress 192.168.178.1 - called rooter) without dhcp.
My network cables go from there to some rooms like living room (basement), child1,child2,parents,(1st floor, there is nothing connected) an Rooftop.
In the livingroom there is a TP-Link TL-WDR4300 v1 with openWrt Image
OpenWrt 18.06.4 r7808-ef686b7292 / LuCI openwrt-18.06 branch (git-19.170.32094-4d6d8bc)
(called dhcp) with static adress 192.168.178.2 and serves dhcp to all clients who has no static adress, and WLAN.
I use adblock plugin.
Rooftop there is a fritzbox configuered as client, who serves WLAN und LAN .
The SSIDS are all the same.
I have no Problems at home.
But I am not able to access my Lan from outside thru openvpn.
I post my configs , and hope somebody finds what is going wrong.
root@dhcp:~# cat /etc/config/network
config globals 'globals'
option ula_prefix 'fdf3:0c94:0518::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.178.2'
option stp '1'
option broadcast '192.168.178.0'
option delegate '0'
option gateway '192.168.178.1'
option igmp_snooping '1'
option ifname 'eth0 eth0.1 eth0.2 tun0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t 1'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
root@dhcp:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'lan'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-DHCP-Renew'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option src 'lan'
config rule
option name 'Allow-Ping'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option src '*'
option dest '*'
config rule
option name 'Allow-IGMP'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option src 'lan'
config rule
option name 'Allow-IPSec-ESP'
option proto 'esp'
option target 'ACCEPT'
option family 'ipv4'
option src '*'
option dest '*'
config rule
option name 'Allow-ISAKMP'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option family 'ipv4'
option src '*'
option dest '*'
config include
option path '/etc/firewall.user'
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'vpn0'
config forwarding
option src 'vpn'
option dest 'lan'
config redirect 'ovpn'
option name 'Redirect-OpenVPN'
option src 'lan'
option src_dport '1194'
option dest 'lan'
option dest_ip '192.168.178.2'
option family 'ipv4'
option proto 'udp'
option target 'DNAT'
config redirect 'adblock_dns_53'
option name 'Adblock DNS, port 53'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_dns_853'
option name 'Adblock DNS, port 853'
option src 'lan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_dns_5353'
option name 'Adblock DNS, port 5353'
option src 'lan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
root@dhcp:~# cat /etc/config/openvpn
config openvpn 'dhcp'
# option reneg_sec '0'
option persist_key '1'
option verb '5'
option port '1194'
option dev_type 'tun'
option dev 'tun0'
option ca '/etc/openvpn/certs/ca.crt'
option dh '/etc/openvpn/certs/dh.pem'
option cert '/etc/openvpn/certs/server.crt'
option key '/etc/openvpn/certs/server.key'
option enabled '1'
option log '/var/log/openvpn.log'
option mode 'server'
option client_to_client '1'
option topology 'subnet'
option server '10.10.10.0 255.255.255.0'
option float '1'
# option persist_tun '1'
option keepalive '10 120'
option tls_server '1'
option cipher 'BF-CBC'
# option local '192.168.178.2'
list push 'route 192.168.178.0 255.255.255.0'
# list push 'persist-tun'
# list push 'persist-key'
# list push 'compress lzo'
root@dhcp:~# ip route show
default via 192.168.178.1 dev br-lan
10.10.10.0/24 via 192.168.178.2 dev br-lan
192.168.178.0/24 dev br-lan scope link src 192.168.178.2
Port 1194 at "rooter" (Downstairs/192.168.178.1) is forwarded to "dhcp" (livingroom/192.168.178.2)
static route at "rooter" is 10.10.10.0 gw 192.168.178.2
This text will be hidden
static route at fritzbox is static route at "rooter" is 10.10.10.0 gw 192.168.178.2
I tryed at "dhcp":
ip route add 10.10.10.0 via 192.168.178.2 dev tun0
and got
ip: RTNETLINK answers: Network unreachable
so I did
ip route add 10.10.10.0 via 192.168.178.2
some more info...
root@dhcp:~# netstat -tulpe | grep openvpn
udp 0 0 0.0.0.0:openvpn 0.0.0.0:* 24191/openvpn
is that right?
Im such confused . thank you for help.