Hello
I have a small issue with a openvpn server on a Unifi ac lite AP. the AP works as AP only (No dhcp and routing) the address is static 192.168.1.10 but my gateway is on 192.168.1.1.
The AP only have LAN network
I configured the VPN as TUN but the issue is that i cant access to the LAN network (I can access 192.168.1.10 but not the rest of the network ) . in the openvpn has the route to be pushed via server (route 192.168.1.0 255.255.255.0 and dhcp-option DNS 192.168.1.1)
i configured the vPN network (192.168.8.1) the firewall has all the forwadings in accept but i can see where is the problem that i cant access to the network
i have another vpn server configured as tap and it work wells but i need to work on TUN mode because i want acces it via Android phone
cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd01:3f01:b24d::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.10'
option gateway '192.168.1.1'
list dns '1.1.1.1'
option ifname 'eth0 tap0'
config interface 'tun1'
option ifname 'tun1'
option proto 'none'
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone 'wan'
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option input 'ACCEPT'
option network 'wan wan6'
config forwarding 'lan_wan'
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
config zone
option network 'tun1'
option input 'ACCEPT'
option forward 'ACCEPT'
option name 'vpn'
option output 'ACCEPT'
cat /etc/config/openvpn
config openvpn 'TAPserver'
option enabled '1'
option config '/etc/openvpn/vpnserver.conf'
config openvpn 'TunServer'
option enabled '1'
option verb '11'
option log '/var/log/openvpn/openvpn.log'
option log_append '/var/log/openvpn/openvpn.log'
option port '1999'
option client_to_client '1'
option compress 'lzo'
option keepalive '10 120'
option persist_tun '1'
option persist_key '1'
option dh '/etc/openvpn/lan/dh.pem'
option tls_crypt '/etc/openvpn/lan/tc.pem'
option ca '/etc/openvpn/lan/ca.crt'
option cert '/etc/openvpn/lan/lanvpnserver.crt'
option key '/etc/openvpn/lan/lanvpnserver.key'
list push 'route 192.168.1.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.1.1'
list push 'compress lzo'
list push 'persist-tun'
list push 'persist-key'
option dev 'tun1'
option proto 'udp'
option server '192.168.8.0 255.255.255.0'
thanks