Hello all,

I think I have the firewall settings incorrect. Hopefully someone can help.

My configuration:

  • OpenVPN server on the router, which is itself a client in my home network using IP I can make a connection successfully from outside (tested via mobile hotspot, so I am out of my home network)
  • VPN server uses tun0 as interface, here some settings I use:
proto tcp-server
dev tun
topology subnet
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
  • since the firewall config complains there are no devices connected to tun0, I have created an OVPN interface, my config/network looks like this:
config interface 'tun0'
        option proto 'none'
config interface 'ovpn'
        option proto 'none'
        option ifname 'tun0'
  • my config/firewall looks like this
config zone
        option network 'ovpn'
        option name 'OpenVPN'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option output 'ACCEPT'
config forwarding
        option dest 'lan'
        option src 'OpenVPN'
config nat
        list proto 'all'
        option name 'OpenVPN'
        option src_ip ''
        option target 'MASQUERADE'
        option src 'lan'

with these settings, I cannot even ping the openVPN server at
Before I was directly using tun0 in the firewall settings without the ovpn device, there I could ping the openVPN server but also not reach anything in the LAN.

any hint? thanks a lot!

ok... with some more tests, I found the solution. I had to push the route to the 192.168.8 network. I did not do this before because I thought not being able to ping the VPN server itself was the real problem.
push "route"

For future reference use the guide from the wiki.


