OpenVPN can't access LAN

DDPF02 · September 6, 2020, 6:21pm

Hey there, I followed this guide to setup my VPN server on my router: https://fahadusman.com/setup-openvpn-server-on-openwrt-router/
I can connect to my router/the VPN server, but I can't connect to my NAS or other devices on the LAN. I tried tweaking some settings but couldn't get it to work.... What do I miss?
Here are my configs:

Firewall:

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '1194'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'vpn0'

config forwarding
        option dest 'lan'
        option src 'vpn'

Network:

config interface 'vpn0'
        option proto 'none'
        option ifname 'tun0'

OpenVPN:

config openvpn 'myvpn'
        option enabled '1'
        option dev 'tun'
        option port '1194'
        option proto 'udp'
        option comp_lzo 'yes'
        option status '/var/log/openvpn_status.log'
        option log '/tmp/openvpn.log'
        option verb '3'
        option mute '5'
        option keepalive '10 120'
        option persist_key '1'
        option persist_tun '1'
        option user 'nobody'
        option group 'nogroup'
        option mode 'server'
        option tls_server '1'
        option topology 'subnet'
        option server '192.168.2.0 255.255.255.0'
        option route_gateway 'dhcp'
        option client_to_client '1'
        list push 'persist-key'
        list push 'persist-tun'
        list push 'user nobody'
        list push 'user nogroup'
        list push 'topology subnet'
        list push 'route-gateway dhcp'
        list push 'redirect-gateway def1'
        list push 'route 192.168.1.0 255.255.255.0'
        list push 'comp-lzo yes'
        option ca '/etc/easy-rsa/pki/ca.crt'
        option cert '/etc/easy-rsa/pki/issued/server.crt'
        option key '/etc/easy-rsa/pki/private/server.key'
        option dh '/etc/easy-rsa/pki/dh.pem'

LAN info:
Subnet: 192.168.1.0/24
Gateway: 192.168.1.1

Thank you!

trendy · September 6, 2020, 7:15pm

There is an official and tested guide for OpenVPN server.

DDPF02 · September 6, 2020, 8:11pm

Thank you. I‘m going to try it again tomorrow. In my opinion the official guide is not very clear. There could be more explanations for the executed commands.......

ulmwind · September 6, 2020, 8:57pm

In 'basic config' tun adapter is placed in 'lan' zone. But you've created separate zone, so you've correctly created forwarding rule.

Now check routing from OpenVPN-client:

traceroute 192.168.1.1
tracert 192.168.1.1

DDPF02 · September 7, 2020, 11:49am

This is what I got:

Tracing route to DDPFSAMBA [192.168.1.1]
over a maximum of 30 hops:

  1     5 ms     4 ms     4 ms  DDPFSAMBA [192.168.1.1]

Routing to another server:

Tracing route to openwrt.org [139.59.209.225]
over a maximum of 30 hops:

  1     3 ms     4 ms     4 ms  192.168.2.1
  2     6 ms    18 ms     8 ms  ve-92-mlx-zrh-1.net [213.160.36.1]
  3     6 ms     6 ms     6 ms  te9.01.p.czh.ch.as15576.nts.ch [212.103.65.233]
  4    20 ms    18 ms    24 ms  80.249.211.163
  5    61 ms    23 ms    23 ms  138.197.244.86
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9    22 ms    22 ms    23 ms  wiki-01.infra.openwrt.org [139.59.209.225]

Trace complete.

DDPF02 · September 7, 2020, 12:24pm

Never mind, I can access the Lan, my NAS wasn't configured the right way. Thank you all for your time!

system · September 17, 2020, 12:24pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.