Hello,
I've two routers on my LAN network:
- 192.168.5.1 running DD-WRT
- 192.168.5.200 running OpenWRT
LAN network: 192.168.5.0/24
VPN network: 10.5.5.0/24
There is an OpenVPN server running on OpenWRT, but also dnsmasq forwarding DNS requests to 192.168.5.1. I don't use DHCP of dnsmasq. I don't have a WAN interface. I'm only using LAN part of OpenWRT. I can connect to OpenVPN server without issues. However, I can't reach LAN network from VPN network. The only device I can reach using a LAN IP is OpenWRT device. I can ping 192.168.5.200 through VPN, but not, eg 192.168.5.1.
OpenVPN config:
config openvpn 'server_tun'
option port '1194'
option proto 'udp'
option dev 'tun0'
option dh '/etc/easy-rsa/pki/dh.pem'
option ca '/etc/easy-rsa/pki/ca.crt'
option key '/etc/easy-rsa/pki/private/server.key'
option keepalive '10 60'
option cert '/etc/easy-rsa/pki/issued/server.crt'
option compress 'lz4-v2'
option verb '11'
option enabled '1'
option client_to_client '1'
option tls_crypt '/etc/easy-rsa/pki/tc.pem'
option ifconfig_pool_persist '/tmp/ipp.txt'
option persist_key '1'
option persist_tun '1'
option topology 'subnet'
option server '10.5.5.0 255.255.255.0'
list push 'dhcp-option DNS 10.5.5.1'
list push 'dhcp-option DOMAIN example.lan'
list push 'route 192.168.5.0 255.255.255.0'
list push 'topology subnet'
Interfaces config:
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.5.200'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.5.1'
list dns '192.168.5.1'
option ifname 'eth0 eth1'
config interface 'openvpn'
option ifname 'tun0'
option proto 'none'
Firewall config:
config rule
option name 'ALLOW-OpenVPN-Access'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone
option name 'openvpn'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'openvpn'
option forward 'REJECT'
option masq '1'
config forwarding
option dest 'openvpn'
option src 'lan'
config forwarding
option src 'openvpn'
option dest 'lan'
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.5.1 0.0.0.0 UG 0 0 0 br-lan
10.5.5.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
tcpdump ping
17:54:47.513489 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 3, length 64
17:54:48.543400 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 4, length 64
17:54:49.523691 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 5, length 64
17:54:50.523747 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 6, length 64
17:54:51.555504 IP 10.5.5.2 > 192.168.5.1: ICMP echo request, id 40880, seq 7, length 64
Everything looks good, and I've no more ideas to find the issue