My setup:
- OLD OpenVPN client on FB7240 (Freetz) has been decomissioned
- NEW OpenVPN client on FB4040 (OpenWrt 19.07.2) has been setup with config from FB7240
- OpenVPN connection seems to get successfully established (
Initialization Sequence Completed)
Problem: I can ping the remote host 192.168.108.4 from the FB4040, but not from the PC 192.168.178.28 (and subsequently on the PC I can not attach a network drive located on 192.168.108.4)
On the PC (Win10):
C:\Users\tmo>ping 192.168.108.4
Ping wird ausgeführt für 192.168.108.4 mit 32 Bytes Daten:
Antwort von 192.168.178.99: Zielport nicht erreichbar. <--- Destination port unreachable
Antwort von 192.168.178.99: Zielport nicht erreichbar.
Antwort von 192.168.178.99: Zielport nicht erreichbar.
Antwort von 192.168.178.99: Zielport nicht erreichbar.
Ping-Statistik für 192.168.108.4:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
(0% Verlust),
On the FB4040 (OpenWrt):
root@FB4040:~# ping 192.168.108.4
PING 192.168.108.4 (192.168.108.4): 56 data bytes
64 bytes from 192.168.108.4: seq=0 ttl=64 time=29.343 ms
64 bytes from 192.168.108.4: seq=1 ttl=64 time=27.368 ms
64 bytes from 192.168.108.4: seq=2 ttl=64 time=26.323 ms
64 bytes from 192.168.108.4: seq=3 ttl=64 time=57.849 ms
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd08:9e59:8ac0::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.178.1'
option ipaddr '192.168.178.99'
list dns '192.168.178.1'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0'
/etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
root@FB4040:~# ifconfig
br-lan Link encap:Ethernet HWaddr F0:B0:14:7C:A9:2E
inet addr:192.168.178.99 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::f2b0:14ff:fe7c:a92e/64 Scope:Link
inet6 addr: fd08:9e59:8ac0::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:270566 errors:0 dropped:151058 overruns:0 frame:0
TX packets:57866 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31642161 (30.1 MiB) TX bytes:46121950 (43.9 MiB)
eth0 Link encap:Ethernet HWaddr F0:B0:14:7C:A9:2E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:347162 errors:0 dropped:40 overruns:0 frame:0
TX packets:57868 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40038132 (38.1 MiB) TX bytes:46122250 (43.9 MiB)
eth1 Link encap:Ethernet HWaddr F0:B0:14:7C:A9:2F
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4114 errors:0 dropped:0 overruns:0 frame:0
TX packets:4114 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:329775 (322.0 KiB) TX bytes:329775 (322.0 KiB)
tap0 Link encap:Ethernet HWaddr 2A:44:F1:F1:17:89
inet addr:192.168.108.150 Bcast:192.168.108.255 Mask:255.255.255.0
inet6 addr: fe80::2844:f1ff:fef1:1789/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12002 errors:0 dropped:0 overruns:0 frame:0
TX packets:1161 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1940607 (1.8 MiB) TX bytes:79860 (77.9 KiB)
Any hints what could be wrong or missing?