Hi JW, Thanks for the follow up. Below is firewall, network and openvpn configs. This is a VPN server config on my router. The client I was referring to was the remote device (in this case Macbook laptop) that is connecting into the VPN.
uci show firewall
firewall.@rule[0]=rule
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[0].proto='tcp udp'
firewall.@rule[0].src='wan'
firewall.@rule[0].dest_port='5000'
firewall.@rule[0].name='vpnportforward'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-DHCP-Renew'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='udp'
firewall.@rule[1].dest_port='68'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[1].family='ipv4'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-Ping'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='icmp'
firewall.@rule[2].icmp_type='echo-request'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-IGMP'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='igmp'
firewall.@rule[3].family='ipv4'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-DHCPv6'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='udp'
firewall.@rule[4].src_ip='fc00::/6'
firewall.@rule[4].dest_ip='fc00::/6'
firewall.@rule[4].dest_port='546'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-MLD'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].src_ip='fe80::/10'
firewall.@rule[5].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Input'
firewall.@rule[6].src='wan'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-ICMPv6-Forward'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='*'
firewall.@rule[7].proto='icmp'
firewall.@rule[7].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[7].limit='1000/sec'
firewall.@rule[7].family='ipv6'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-IPSec-ESP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].proto='esp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-ISAKMP'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='500'
firewall.@rule[9].proto='udp'
firewall.@rule[9].target='ACCEPT'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[2]=zone
firewall.@zone[2].name='vpn'
firewall.@zone[2].network='vpn0'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='vpn'
firewall.@forwarding[1].src='lan'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='lan'
firewall.@forwarding[2].src='vpn'
uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='XXXXXXXXXX'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth1.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth1.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 5t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 6t'
network.vpn0=interface
network.vpn0.ifname='tun0'
network.vpn0.proto='none'
uci show openvpn
openvpn.vpnserver=openvpn
openvpn.vpnserver.proto='udp'
openvpn.vpnserver.enabled='1'
openvpn.vpnserver.dev='tun0'
openvpn.vpnserver.topology='subnet'
openvpn.vpnserver.port='5000'
openvpn.vpnserver.server='10.1.0.0 255.255.255.240'
openvpn.vpnserver.ifcofig='10.1.0.1 255.255.255.240'
openvpn.vpnserver.push='route 192.168.1.0 255.255.255.0' 'dhcp-option DNS 192.168.1.1' 'dhcp-option NTP 45.56.123.24' 'dhcp-option WINS 192.168.1.1' 'compress lz4' 'sndbuf 393216' 'rcvbuf 393216'
openvpn.vpnserver.dh='/etc/ssl/openvpn/dh2048.pem'
openvpn.vpnserver.auth='SHA512'
openvpn.vpnserver.pkcs12='/etc/ssl/openvpn/vpn-server.p12'
openvpn.vpnserver.cipher='AES-128-CBC'
openvpn.vpnserver.tls_server='1'
openvpn.vpnserver.tls_version_min='1.2'
openvpn.vpnserver.tls_crypt='/etc/ssl/openvpn/tls-crypt.key'
openvpn.vpnserver.tls_cipher='TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4:!kRSA'
openvpn.vpnserver.status='/tmp/openvpn-status.log'
openvpn.vpnserver.keepalive='10 120'
openvpn.vpnserver.compress='lz4'
openvpn.vpnserver.client_to_client='1'
openvpn.vpnserver.persist_key='1'
openvpn.vpnserver.persist_tun='1'
openvpn.vpnserver.sndbuf='393216'
openvpn.vpnserver.rcvbuf='393216'
openvpn.vpnserver.fragment='0'
openvpn.vpnserver.mssfix='0'
openvpn.vpnserver.tun_mtu='48000'
openvpn.vpnserver.user='nobody'
openvpn.vpnserver.group='nogroup'
openvpn.vpnserver.verb='5'
logread -l 250 -e openvpn
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: MULTI: multi_create_instance called
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Re-using SSL/TLS context
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 LZ4 compression initializing
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Control Channel MTU parms [ L:48122 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Data Channel MTU parms [ L:48122 D:48122 EF:122 EB:8156 ET:0 EL:3 ]
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 48102,tun-mtu 48000,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA512,keysize 128,key-method 2,tls-server'
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 48102,tun-mtu 48000,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA512,keysize 128,key-method 2,tls-client'
Tue Dec 4 20:54:50 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 TLS: Initial packet from [AF_INET]clientIP:38783, sid=53e6863a f697cd57
Tue Dec 4 20:54:51 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 VERIFY OK: depth=1, C=US, ST=MI, L=SOMEPLACE, O=Intertubes, OU=LAN, CN=intertubes.lan
Tue Dec 4 20:54:51 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 VERIFY OK: depth=0, C=US, ST=MI, L=SOMEPLACE, O=Intertubes, OU=LAN, CN=IntertubesClient
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_VER=2.4.6
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_PLAT=mac
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_PROTO=2
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_NCP=2
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_LZ4=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_LZ4v2=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_LZO=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_COMP_STUB=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_COMP_STUBv2=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_TCPNL=1
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Tue Dec 4 20:54:52 2018 daemon.warn openvpn(vpnserver)[9361]: clientIP:38783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 48102', remote='link-mtu 48101'
Tue Dec 4 20:54:52 2018 daemon.warn openvpn(vpnserver)[9361]: clientIP:38783 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 2048 bit RSA
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: clientIP:38783 [IntertubesClient] Peer Connection Initiated with [AF_INET]clientIP:38783
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 MULTI_sva: pool returned IPv4=10.1.0.2, IPv6=(Not enabled)
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 MULTI: Learn: 10.1.0.2 -> IntertubesClient/clientIP:38783
Tue Dec 4 20:54:52 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 MULTI: primary virtual IP for IntertubesClient/clientIP:38783: 10.1.0.2
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 PUSH: Received control message: 'PUSH_REQUEST'
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 SENT CONTROL [IntertubesClient]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,dhcp-option NTP 45.56.123.24,dhcp-option WINS 192.168.1.1,compress lz4,sndbuf 393216,rcvbuf 393216,route-gateway 10.1.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.1.0.2 255.255.255.240,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 Data Channel MTU parms [ L:48050 D:48050 EF:50 EB:8156 ET:0 EL:3 ]
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 4 20:54:54 2018 daemon.notice openvpn(vpnserver)[9361]: IntertubesClient/clientIP:38783 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
vpnclient.ovpn
# Config Type #
#------------------------------------------------
client
# Connection #
#------------------------------------------------
dev tun
proto udp
remote my ddns.com 5000
# Speed #
#------------------------------------------------
mssfix 0
fragment 0
tun-mtu 48000
# Reliability #
#------------------------------------------------
nobind
resolv-retry infinite
# Encryption #
#------------------------------------------------
auth-nocache
auth SHA512
# --- SSL --- #
cipher AES-128-CBC
# --- TLS --- #
tls-version-min 1.2
ca OpenWrt-OpenVPN_ICA-Chain.crt.pem
cert vpn-client1.crt.pem
key vpn-client1.key.pem
remote-cert-eku "TLS Web Server Authentication"
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
KeyStuffsHere
-----END OpenVPN Static key V1-----
</tls-crypt>
# Logging #
#------------------------------------------------
verb 7