accessing devices in LAN while I'm connected from VPN to VPN Server on Router.
cutting off access to LAN while being connected to Commercial VPN
Problem 1 is more concerning to me...
LAN addressing is 10.1.1.0/24
VPN is 10.2.1.0/24
VPN for Commecial VPN Provider is 10.3.1.0
Before You will see my config - I need to explain one thing - I also have VPN Client on Router which one is used for separated SSID...
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: rmnet_data0: <UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 1000
inet 10.93.109.230/30 scope global rmnet_data0
valid_lft forever preferred_lft forever
34: tun0: <POINTOPOINT,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
inet 10.2.1.6/30 scope global tun0
valid_lft forever preferred_lft forever
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all iif lo oif dummy0 uidrange 0-0 lookup dummy0
10500: from all iif lo oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
11000: from all iif tun0 lookup local_network
12000: from all fwmark 0x0/0x20000 iif lo uidrange 0-99999 lookup tun0
12000: from all fwmark 0xc0078/0xcffff lookup tun0
13000: from all fwmark 0x10063/0x1ffff iif lo lookup local_network
13000: from all fwmark 0x10077/0x1ffff iif lo lookup rmnet_data0
13000: from all fwmark 0x10078/0x1ffff iif lo uidrange 0-99999 lookup tun0
13000: from all fwmark 0x10078/0x1ffff iif lo uidrange 0-0 lookup tun0
14000: from all iif lo oif dummy0 lookup dummy0
14000: from all iif lo oif rmnet_data0 lookup rmnet_data0
14000: from all iif lo oif tun0 uidrange 0-99999 lookup tun0
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
19000: from all fwmark 0x77/0x1ffff iif lo lookup rmnet_data0
21000: from all fwmark 0x78/0xffff lookup rmnet_data0
22000: from all fwmark 0x0/0xffff iif lo lookup rmnet_data0
32000: from all unreachable
10.1.1.0/24 dev tun0 table tun0 proto static scope link
10.2.1.0/24 dev tun0 table tun0 proto static scope link
10.2.1.4/30 dev tun0 table tun0 proto static scope link
default dev dummy0 table dummy0 proto static scope link
default via 10.93.109.229 dev rmnet_data0 table rmnet_data0 proto static
10.93.109.228/30 dev rmnet_data0 table rmnet_data0 proto static scope link
10.2.1.4/30 dev tun0 proto kernel scope link src 10.2.1.6
10.93.109.228/30 dev rmnet_data0 proto kernel scope link src 10.93.109.230
broadcast 10.2.1.4 dev tun0 table local proto kernel scope link src 10.2.1.6
local 10.2.1.6 dev tun0 table local proto kernel scope host src 10.2.1.6
broadcast 10.2.1.7 dev tun0 table local proto kernel scope link src 10.2.1.6
broadcast 10.93.109.228 dev rmnet_data0 table local proto kernel scope link src 10.93.109.230
local 10.93.109.230 dev rmnet_data0 table local proto kernel scope host src 10.93.109.230
broadcast 10.93.109.231 dev rmnet_data0 table local proto kernel scope link src 10.93.109.230
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
VPN OFF
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: rmnet_data0: <UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 1000
inet 10.93.109.230/30 scope global rmnet_data0
valid_lft forever preferred_lft forever
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all iif lo oif dummy0 uidrange 0-0 lookup dummy0
10500: from all iif lo oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
13000: from all fwmark 0x10063/0x1ffff iif lo lookup local_network
13000: from all fwmark 0x10077/0x1ffff iif lo lookup rmnet_data0
14000: from all iif lo oif dummy0 lookup dummy0
14000: from all iif lo oif rmnet_data0 lookup rmnet_data0
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
19000: from all fwmark 0x77/0x1ffff iif lo lookup rmnet_data0
22000: from all fwmark 0x0/0xffff iif lo lookup rmnet_data0
32000: from all unreachable
default dev dummy0 table dummy0 proto static scope link
default via 10.93.109.229 dev rmnet_data0 table rmnet_data0 proto static
10.93.109.228/30 dev rmnet_data0 table rmnet_data0 proto static scope link
10.93.109.228/30 dev rmnet_data0 proto kernel scope link src 10.93.109.230
broadcast 10.93.109.228 dev rmnet_data0 table local proto kernel scope link src 10.93.109.230
local 10.93.109.230 dev rmnet_data0 table local proto kernel scope host src 10.93.109.230
broadcast 10.93.109.231 dev rmnet_data0 table local proto kernel scope link src 10.93.109.230
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
those are from Android - to be sure that im outside of my lan
Im a bit lost with this problem... And is seems that Community cannot help me. Meanwhile I have set up (parallel to OpenVPN) OpenConnect where this worked nearly out of the box as desired. I can ping / connect between to devices which are in LAN from OC Client like android / linux. So if anyone will be reading this - You may try to use alternative solution to OpenVPN. The only downside of this solution I have found (and I haven't yet tried to fix this) is low performance of router - with 100% of CPU I was able to download with speed at level of 700kB which is nice. I think bottleneck is related to cipher algorithms. 256 Bit for OC vs 128 OVPN, but as mentioned I haven't yet tried to optimize it. On top of this - OC supports user/password configuration from LuCI which is quite nice