I have this exact same implementation on 6 different other routers that I service. Everything is exactly the same and all OpenVPN servers are running on 18.6.4.
I was setting up a new one yesterday with 19.07.3 and with installing openvpn-openssl and making the following configuration changes as I have done on all other routers, I find this one is not working like the others. If I sign onto the 192.168.7.1 OpenVPN server directly, I can ping all devices on the 192.168.7.x subnet and can FTP, access internal web servers, etc. However if I open a VPN tunnel into this router, I can only access the 192.168.7.1 address on the subnet which is the router itself.
I don't have network training nor do I understand routing tables but can anyone guide me to a simple fix? Was something changed in the OpenVPN package that would make this setup stop working that I have been using for years or did I get a bad piece of hardware?
Configuration files: (works on ally 18.6.4 servers but not on 19.07.3 new server)
***** Updated after testing with option masq '1' and option mtu_fix '1' test which does not fix the problem
OPENVPN SERVER
IP: 192.168.7.1
====================
FILE: /etc/config/ddns ......
(configured for dydns and is working properly)
====================
FILE: /etc/config/firewall ......
# begin of DJ add
config rule
option name Allow-OpenVPN-Inbound
option target ACCEPT
option src *
option proto udp
option dest_port 1194
config zone
option name 'vpn'
option input 'ACCEPT'
#https://forum.openwrt.org/t/cant-run-ping-under-diagnostics-with-openvpn-client-active/59977/7
# option forward 'ACCEPT' <-- changing this doesn't fix problem
option forward 'REJECT'
option output 'ACCEPT'
option network 'vpn0'
# note adding or removing the following two lines
# does not resolve the problem
option masq '1'
option mtu_fix '1'
config forwarding
option src vpn
option dest wan
config forwarding
option src vpn
option dest lan
config forwarding
option src lan
option dest vpn
# end of DJ add
====================
FILE: /etc/config/network ......
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
# option ipaddr '192.168.1.1'
# begin of DJ add
option ipaddr '192.168.7.1'
# end of DJ add
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
# option proto 'dhcp'
# begin of DJ add
option proto 'pppoe'
option username 'myISPid'
option password 'myISPpassword'
option ipv6 'auto'
# end of DJ add
# begin of DJ add
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
# end of DJ add
====================
FILE: /etc/config/openvpn ......
config openvpn 'myvpn'
option enabled '1'
option verb '3'
option port '1194'
option proto 'udp'
option dev 'tun'
option server '10.8.0.0 255.255.255.0'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh2048.pem'
option keepalive '10 120'
option status '/var/log/openvpn-status.log'
list push 'route 192.168.7.0 255.255.255.0'
list push 'redirect-gateway def1'
list push 'dhcp-option DNS 192.168.7.1'
====================
FILE: Windows Client OpenVPN
(config file openvpn.opvn)
client
dev tun
proto udp
remote-cert-tls server
remote dydnsclient.dydns.com 1194
ca client.crt
cert user1.crt
key user1.key
ns-cert-type server
verb 3
====================