OpenVPN server: cannot access LAN

Hello all,

I think I have the firewall settings incorrect. Hopefully someone can help.

My configuration:

  • OpenVPN server on the router, which is itself a client in my home network using IP 192.168.8.54. I can make a connection successfully from outside (tested via mobile hotspot, so I am out of my home network)
  • VPN server uses tun0 as interface, here some settings I use:
proto tcp-server
dev tun
topology subnet
server 192.168.21.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.8.1"
...
  • since the firewall config complains there are no devices connected to tun0, I have created an OVPN interface, my config/network looks like this:
config interface 'tun0'
        option proto 'none'
config interface 'ovpn'
        option proto 'none'
        option ifname 'tun0'
  • my config/firewall looks like this
config zone
        option network 'ovpn'
        option name 'OpenVPN'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option output 'ACCEPT'
config forwarding
        option dest 'lan'
        option src 'OpenVPN'
config nat
        list proto 'all'
        option name 'OpenVPN'
        option src_ip '192.168.21.0/24'
        option target 'MASQUERADE'
        option src 'lan'

with these settings, I cannot even ping the openVPN server at 192.168.21.1.
Before I was directly using tun0 in the firewall settings without the ovpn device, there I could ping the openVPN server but also not reach anything in the LAN.

any hint? thanks a lot!
Roger

ok... with some more tests, I found the solution. I had to push the route to the 192.168.8 network. I did not do this before because I thought not being able to ping the VPN server itself was the real problem.
push "route 192.168.8.0 255.255.255.0"

1 Like

For future reference use the guide from the wiki.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.