to network conf file connection via VPN is established but from the connected device (client vpn) I do not have access even to openwrt. When I remove this lines OpenVPN starts to work correctly. What am I doing wrong?
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
config host
option dns '1'
option mac 'f0:5b:7b:12:68:a9'
option ip '192.168.0.90'
option name 'a5'
config host
option name 'zenbbok'
option dns '1'
option mac '74:da:38:d8:ec:33'
option ip '192.168.0.80'
config host
option dns '1'
option mac 'a4:71:74:3d:73:0f'
option ip '192.168.0.91'
option name 'p9lite'
config host
option name 'rpi'
option dns '1'
option mac 'b8:27:eb:9d:d5:c2'
option ip '192.168.0.20'
config host
option name 'tv'
option dns '1'
option mac 'c4:8e:8f:8d:3b:1d'
option ip '192.168.0.70'
config host
option name 'brother'
option dns '1'
option mac '54:8c:a0:2d:8f:bd'
option ip '192.168.0.200'
config host
option name 'zenbook_wifi'
option dns '1'
option mac 'a4:02:b9:47:70:89'
option ip '192.168.0.81'
config dhcp 'guest'
option interface 'guest'
option start '5'
option limit '30'
option leasetime '1h'
Even if you were running an apache or nginx web server, you'd want it in it's own network zone, not in lan, as no unauthenticated, non-crypto verified traffic should be allowed to pass from WAN to LAN
Unless you're 100% on your web server config for ownCloud/NextCloud, it should not be exposed to WAN. IIRC, there's a warning in the ownCloud manual about not exposing it to WAN until the user fully understands the webserver they're using and has a secure web server config up and running.
If you've done all that, it should be on its own vlan
I think apache is properly secured. However, I'm not sure. I need external access because sometimes I need OwnCloud data from another device.
Maybe I should start a new topic, but I have such a short question.
Can you configure wshaper on LEDE?
When I install this package and set the configuration as below, all traffic on all networks falls to 1Mbps, and when I uninstall wshaper I have 100Mbps back.
It's been a few years since I read through the ownCloud manual, as I switched to NextCloud after the mass exodus of ownCloud maintainers back in 2015ish to form NextCloud. I ended up going with Nginx, but if IIRC there's a section in the ownCloud manual about Apache.
If you haven't thoroughly read the manual, or haven't had prior experience with Apache, it would be recommended to configure a VPN or tunnel access to owCloud over SSH, as you don't want to expose it's webserver to WAN unless you're 100% it's secure and is not exploitable. If you do choose to leave it directly exposed to WAN, it definitely needs to be in it's own vLAN with no other devices and strict firewalling in place for it's vLAN.
I have NextCloud running in a FreeBSD jail, and I'm not sure what your underlying OS is on the Pi, but, if possible, you definitely want to jail it to protect the underlying OS.
The raspberry system is raspbian, i.e. simply debian. I tried centos, but I miss a lot of packages for this architecture.
I need to think about VLAN, because VPN is ok, but it would be a bother to run VPN whenever I want to get to files. Besides, I have synchronization on my phone and I would have to enable OpenVPN permanently. In total, I could think about the SSH tunnel.
In fact, I was thinking about NextCloud, but ultimately I chose OwnCloud.
Are you suggesting that NextCloud is safer? I seriously consider migration from OwnCloud. I need to investigate whether the database is compatible to copy contacts and calendars.
Thank you!