I have this exact same implementation on 6 different other routers that I service. Everything is exactly the same and all OpenVPN servers are running on 18.6.4.
I was setting up a new one yesterday with 19.07.3 and with installing openvpn-openssl and making the following configuration changes as I have done on all other routers, I find this one is not working like the others. If I sign onto the 192.168.7.1 OpenVPN server directly, I can ping all devices on the 192.168.7.x subnet and can FTP, access internal web servers, etc. However if I open a VPN tunnel into this router, I can only access the 192.168.7.1 address on the subnet which is the router itself.
I don't have network training nor do I understand routing tables but can anyone guide me to a simple fix? Was something changed in the OpenVPN package that would make this setup stop working that I have been using for years or did I get a bad piece of hardware?
Configuration files: (works on ally 18.6.4 servers but not on 19.07.3 new server)
***** Updated after testing with option masq '1' and option mtu_fix '1' test which does not fix the problem
OPENVPN SERVER IP: 192.168.7.1 ==================== FILE: /etc/config/ddns ...... (configured for dydns and is working properly) ==================== FILE: /etc/config/firewall ...... # begin of DJ add config rule option name Allow-OpenVPN-Inbound option target ACCEPT option src * option proto udp option dest_port 1194 config zone option name 'vpn' option input 'ACCEPT' #https://forum.openwrt.org/t/cant-run-ping-under-diagnostics-with-openvpn-client-active/59977/7 # option forward 'ACCEPT' <-- changing this doesn't fix problem option forward 'REJECT' option output 'ACCEPT' option network 'vpn0' # note adding or removing the following two lines # does not resolve the problem option masq '1' option mtu_fix '1' config forwarding option src vpn option dest wan config forwarding option src vpn option dest lan config forwarding option src lan option dest vpn # end of DJ add ==================== FILE: /etc/config/network ...... config interface 'lan' option type 'bridge' option ifname 'eth0.1' option proto 'static' # option ipaddr '192.168.1.1' # begin of DJ add option ipaddr '192.168.7.1' # end of DJ add option netmask '255.255.255.0' option ip6assign '60' config interface 'wan' option ifname 'eth0.2' # option proto 'dhcp' # begin of DJ add option proto 'pppoe' option username 'myISPid' option password 'myISPpassword' option ipv6 'auto' # end of DJ add # begin of DJ add config interface 'vpn0' option ifname 'tun0' option proto 'none' option auto '1' # end of DJ add ==================== FILE: /etc/config/openvpn ...... config openvpn 'myvpn' option enabled '1' option verb '3' option port '1194' option proto 'udp' option dev 'tun' option server '10.8.0.0 255.255.255.0' option ca '/etc/openvpn/ca.crt' option cert '/etc/openvpn/server.crt' option key '/etc/openvpn/server.key' option dh '/etc/openvpn/dh2048.pem' option keepalive '10 120' option status '/var/log/openvpn-status.log' list push 'route 192.168.7.0 255.255.255.0' list push 'redirect-gateway def1' list push 'dhcp-option DNS 192.168.7.1' ==================== FILE: Windows Client OpenVPN (config file openvpn.opvn) client dev tun proto udp remote-cert-tls server remote dydnsclient.dydns.com 1194 ca client.crt cert user1.crt key user1.key ns-cert-type server verb 3 ====================