OpenVPN config to access local network PC

Hi All,

I've configured OpenVPN on my router, and I'm able to connect to the VPN successfully. I get an IP on the client device (phone), but I cannot access my PC on the LAN.

From what I can tell, I'm able to ping the device successfully, but I cannot connect to anything on the PC. If I connect to the wireless network, I can connect successfully so it seems to be traffic from the VPN that's the issue. I'm assuming maybe the firewall is allowing ICMP traffic but not other ports?

Is there something I need to do in the firewall setup or routing to allow traffic to/from (vpn client/phone) to the LAN PC( I've tried adding a push route to the server.conf, doesn't seem to make a difference. Not sure where I can look to start troubleshooting this.

Any ideas are appreciated.


That could well be the case, most LAN clients have their own firewall which will allow traffic from the local subnet but not from other subnets e.g. your VPN subnet.
So check the firewall of the LAN clients you want to reach and disable the firewall on the local LAN client to test if this is the problem.
After you have confirmed that this is the problem enable the firewall on your local Lan client again but tweak the firewall to allow traffic from the VPN subnet

In this case, it's a windows PC running a service on port 8100. Other LAN clients can access it fine, it's just traffic from the VPN. The firewall is turned off completely on the PC while I'm testing. I can't even see the VPN traffic attempting to hit the PC, so it's like it's not making it through the router onto the LAN.

In that case show your configs.

Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
ip route show table all
ip rule show
for ovpn in $(ls /etc/openvpn/*.ovpn);do echo $ovpn; cat $ovpn; echo;done
logread | grep openvpn