OpenVPN Server - Can't ping LAN network

Hello,

I've two routers on my LAN network:

  • 192.168.5.1 running DD-WRT
  • 192.168.5.200 running OpenWRT

LAN network: 192.168.5.0/24
VPN network: 10.5.5.0/24

There is an OpenVPN server running on OpenWRT, but also dnsmasq forwarding DNS requests to 192.168.5.1. I don't use DHCP of dnsmasq. I don't have a WAN interface. I'm only using LAN part of OpenWRT. I can connect to OpenVPN server without issues. However, I can't reach LAN network from VPN network. The only device I can reach using a LAN IP is OpenWRT device. I can ping 192.168.5.200 through VPN, but not, eg 192.168.5.1.

OpenVPN config:

config openvpn 'server_tun'
	option port '1194'
	option proto 'udp'
	option dev 'tun0'
	option dh '/etc/easy-rsa/pki/dh.pem'
	option ca '/etc/easy-rsa/pki/ca.crt'
	option key '/etc/easy-rsa/pki/private/server.key'
	option keepalive '10 60'
	option cert '/etc/easy-rsa/pki/issued/server.crt'
	option compress 'lz4-v2'
	option verb '11'
	option enabled '1'
	option client_to_client '1'
	option tls_crypt '/etc/easy-rsa/pki/tc.pem'
	option ifconfig_pool_persist '/tmp/ipp.txt'
	option persist_key '1'
	option persist_tun '1'
	option topology 'subnet'
	option server '10.5.5.0 255.255.255.0'
	list push 'dhcp-option DNS 10.5.5.1'
	list push 'dhcp-option DOMAIN example.lan'
	list push 'route 192.168.5.0 255.255.255.0'
	list push 'topology subnet'

Interfaces config:

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.5.200'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.5.1'
	list dns '192.168.5.1'
	option ifname 'eth0 eth1'

config interface 'openvpn'
	option ifname 'tun0'
	option proto 'none'

Firewall config:

config rule
	option name 'ALLOW-OpenVPN-Access'
	option target 'ACCEPT'
	option src '*'
	option proto 'udp'
	option dest_port '1194'

config zone
	option name 'openvpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option network 'openvpn'
	option forward 'REJECT'
	option masq '1'

config forwarding
	option dest 'openvpn'
	option src 'lan'

config forwarding
	option src 'openvpn'
	option dest 'lan'

route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.5.1    0.0.0.0         UG    0      0        0 br-lan
10.5.5.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.5.0    0.0.0.0         255.255.255.0   U     0      0        0 br-lan

tcpdump ping

17:54:47.513489 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 3, length 64
17:54:48.543400 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 4, length 64
17:54:49.523691 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 5, length 64
17:54:50.523747 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 6, length 64
17:54:51.555504 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 7, length 64

Everything looks good, and I've no more ideas to find the issue :confused:

Add a route on 5.1 for 10.5.5.0/24 via 192.168.5.200
Or if you can't, add the masquerade in lan zone for traffic from 10.5.5.0/24
The masquerade in openvpn zone is not necessary.

1 Like

Thank you, it worked !!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.