OpenVPN Server - Can't ping LAN network


I've two routers on my LAN network:

  • running DD-WRT
  • running OpenWRT

LAN network:
VPN network:

There is an OpenVPN server running on OpenWRT, but also dnsmasq forwarding DNS requests to I don't use DHCP of dnsmasq. I don't have a WAN interface. I'm only using LAN part of OpenWRT. I can connect to OpenVPN server without issues. However, I can't reach LAN network from VPN network. The only device I can reach using a LAN IP is OpenWRT device. I can ping through VPN, but not, eg

OpenVPN config:

config openvpn 'server_tun'
	option port '1194'
	option proto 'udp'
	option dev 'tun0'
	option dh '/etc/easy-rsa/pki/dh.pem'
	option ca '/etc/easy-rsa/pki/ca.crt'
	option key '/etc/easy-rsa/pki/private/server.key'
	option keepalive '10 60'
	option cert '/etc/easy-rsa/pki/issued/server.crt'
	option compress 'lz4-v2'
	option verb '11'
	option enabled '1'
	option client_to_client '1'
	option tls_crypt '/etc/easy-rsa/pki/tc.pem'
	option ifconfig_pool_persist '/tmp/ipp.txt'
	option persist_key '1'
	option persist_tun '1'
	option topology 'subnet'
	option server ''
	list push 'dhcp-option DNS'
	list push 'dhcp-option DOMAIN example.lan'
	list push 'route'
	list push 'topology subnet'

Interfaces config:

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ip6assign '60'
	option gateway ''
	list dns ''
	option ifname 'eth0 eth1'

config interface 'openvpn'
	option ifname 'tun0'
	option proto 'none'

Firewall config:

config rule
	option name 'ALLOW-OpenVPN-Access'
	option target 'ACCEPT'
	option src '*'
	option proto 'udp'
	option dest_port '1194'

config zone
	option name 'openvpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option network 'openvpn'
	option forward 'REJECT'
	option masq '1'

config forwarding
	option dest 'openvpn'
	option src 'lan'

config forwarding
	option src 'openvpn'
	option dest 'lan'


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 br-lan   U     0      0        0 tun0   U     0      0        0 br-lan

tcpdump ping

17:54:47.513489 IP > ICMP echo request, id 40880, seq 3, length 64
17:54:48.543400 IP > ICMP echo request, id 40880, seq 4, length 64
17:54:49.523691 IP > ICMP echo request, id 40880, seq 5, length 64
17:54:50.523747 IP > ICMP echo request, id 40880, seq 6, length 64
17:54:51.555504 IP > ICMP echo request, id 40880, seq 7, length 64

Everything looks good, and I've no more ideas to find the issue :confused:

Add a route on 5.1 for via
Or if you can't, add the masquerade in lan zone for traffic from
The masquerade in openvpn zone is not necessary.

1 Like

Thank you, it worked !!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.