OpenVPN on linux server and OpenWrt


I have a server running OpenVPN, located in my "DMZ," which uses the subnet.

The IP address for this server is, for instance,

OpenVPN utilizes the virtual subnet.

How can I create a virtual interface on OpenWrt to manage the firewall, allowing the subnet to connect to the subnet or the subnet?

Basically just open up the firewall for the appropriate port and place the OpenVPN interface (tunx) in the LAN zone:

I know that OpenWrt have OpenVPN but I already have one server with it.

I think it's not the same no ?

If the OpenVPN server is not running on the router but on a client then you have to port forward to that client

I'm not sure if I've fully understood your questions, let me try to rephrase it:

You have OpenWrt running as your main router with subnet. Within this subnet, you have an OpenVPN server that uses the subnet for its clients. Now you would like to give your clients from the subnet access to the subnet - right?

If that's the case, then you need to configure your server accordingly, not OpenWrt. You have several options, what comes to my mind:

  1. Enable NAT on the server and masquerade the OpenVPN traffic as traffic from the server (usually a quick solution)
  2. Enable routing on the server and on OpenWrt and avoid the masquerading
  3. Use a VLAN to get the OpenVPN traffic as-is to an interface on OpenWrt and configure the routing/masquerading there

In all cases, you will have to configure your server to do the right thing. What OS is your server running?

If you OpenWrt device has enough power, is moving the OpenVPN instance to the OpenWrt router an option? That would ease a few things.

Yes, It's that.

I need to create push route on my openvpn config.

And how can I create vlan with this "virtual" subnet created by openvpn ?

That depends on the answer to my question:

It's a debian 11 and I have OpenWrt 22.03

I'm afraid, you will have to figure out how to do this in Debian 11 since you need to bridge and/or route the OpenVPN traffice on the OpenVPN server - not on OpenWrt. Once you have the VLAN, we can help with the OpenWrt side.

Edit: The easiest solution we can help with is moving the OpenVPN server to OpenWrt!

Yes it's the easiest solution but it's very long and difficult to configure server and add user...

With my Linux I have a script "" to do it.

But if it's very complicate, I will try openvpn on openwrt a second time

It can definitely be done on Debian 11, I remember having done this many years ago on a Ubuntu machine. Basically, I configured Ubuntu to act as a NAT router for the VPN interface.