Open VPN via LEDE router not working

Hello.

Apologies if this has already been covered.. there are some related posts but they all seem to be for programmers. I'm just configuring my router using the web interface and with medium level knowledge...

So... I have previously used Tunnelblick on my laptop to access my QNAP NAS server in my office when I'm away... this has previously worked using a BT Home Hub and a simple port forwarding rule for port 1194 UDP + TCP. However I'm now using the LEDE router and I cannot get the Open VPN to work. The connection is made successfully but I can't actually access anything over the connection. QNAP technical help have looked at the NAS but can't really help... it looks like a router problem... I set up a port forwarding rule same as before... and then I also added a traffic rule... but to no avail... From the remote laptop I can't access nor ping anything on the LAN in the office.

Any help would be most welcome.
Thank you.

Post your config files here, please.

Hi... This is the latest version of the Tunnelblick config... the QNAP tech guy changed the protocol from UDP to TCP... not sure why... but it didn't make any difference anyway...

client
dev tun2001
script-security 3
proto tcp
explicit-exit-notify 1
remote [qnap cloud address] 1194
resolv-retry infinite
nobind
ca ca.crt
auth-user-pass
reneg-sec 0
cipher AES-128-CBC
tls-cipher [cipher key]
comp-lzo

I guess that is the configuration on the client... we also need the configuration on the server, all of it.

Yes, that's the config file that the Server gives you to load into Tunnelblick... I'm not sure how you would access the config file for the server end... there are a few settings you can access but I've never seen an actual config file...
I'm wondering if I'd be better off installing Open VPN on the LEDE router which I believe you can do...? That would achieve the same thing if it works..?

You can.

See the OpenVPN Client setup documentation on the OpenWrt/LEDE wiki...

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client

Sorry, but I am confused about your setup and what role do OpenVPN and TunnelBlick play. You mention you "previously used TunnelBlick", do you still use it? You are also / now using OpenVPN, who is the client and who is the server?

Tunnelblick is an OpenVPN client for OS X and macOS.

https://tunnelblick.net/

The OP mentioned that it connects to "a QNAP NAS server in my office"

Tunnelblick is the software that runs on the remote laptop with the config file that I posted above... this establishes the Open VPN link to the QNAP NAS Server in my office which has the facility to act as an Open VPN server... I have successfully used this setup before but when the office was located elsewhere and had a standard BT HomeHub router. In my current office I don't have BT, and I couldn't get the Open VPN working with the router provided by my current ISP, Daisy... so that's when I discovered the LEDE version of the BT router... the problem would seem to be a traffic issue within the router... it's just figuring out what...

While you're in the office, can you connect to QNAP OpenVPN by it's LAN IP?

What configuration changes did to make to your OpenWrt router, specifically /etc/config/firewall?

Yes... when everything's on the LAN it's all fine.... I'm not in the office at the moment and so would have to check the settings next time I'm in, but basically I made a port forwarding rule that maps port 1194 UDP + TCP to the NAS and when that didn't work I also made a traffic rule which I guess does pretty much the same thing. Without those rule(s) in place the connection doesn't succeed at all. With them in place the connection is made successfully but I simply can't access anything on the LAN. With the BT router in the previous setup it all just worked with one simple port forwarding rule.
I will get the exact config for the rules but I'm not back in there until next week.

Here are screenshots of the rules I have applied:
thanks,
06

and the other one... the traffic rule:
32

Hi. I've posted the router firewall settings below if you get chance to have a look. Many thanks.