OpenVPN server setup not working with Moonlight

Follow the troubleshooting section of the guide.
30+ posts wasted and still no log.

1 Like

Doesnt work after reboot

How can I get a log

https://openwrt.org/docs/guide-user/services/vpn/openvpn/server#troubleshooting

Restart the server, try to connect the client, check client and server logs.

1 Like

I am on the Davidc502 firmware, so I will try to install stock openwrt

OK...but unsure why you don't wanna provide logs...

I hope you're not doing that because you believe there's some bug you convinced yourself of.

EDIT: I was gonna add, I'm not familiar in OpenVPN on OpenWrt specifically, it was my understanding the instructions properly set up this forwarding.

If not, I was simply gonna suggest re-configuring the firewall to add tun0 to its own firewall zone, and permit forwarding to/from LAN.

1 Like

You have not created a vpn network device (in /etc/config/network), nor have you created the appropriate vpn firewall zone and fowardings.

You also need a route to the LAN from the OpenVPN tunnel.

add to /etc/config/network
config interface 'vpn0'
	option proto 'none'
	option ifname 'tun0'
add to /etc/config/firewall
config zone
	option name 'vpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option network 'vpn0'

config forwarding
	option dest 'lan'
	option src 'vpn'

config forwarding
	option dest 'wan'
	option src 'vpn'
add to openvpn server config file

push "route 192.168.1.0 255.255.255.0"

P.S. Also, when testing internet connectivity, you really need to use a trace route application, otherwise you don't know what route your packets are taking (direct to the internet, or through the tunnel and then out to the internet).

1 Like

No, I just can't figure out what type of log you need. The logs show no true errors, only connection confirmations

What is the format of a route

I included everything you need in my post... look in the spoilers.

No need for that:

1 Like

I concur. See my edit above.

Perhaps something else is wrong, though...?

1 Like
# Restart the services, then try to reconnect
service log restart; service openvpn restart; sleep 10
 
# Log and status
logread -e openvpn; netstat -l -n -p | grep -e openvpn

I've never tried just adding a tun 'device' to a lan firewall zone instead of creating a network and adding that... no idea if that works and/or if there are advantages/disadvantages to the different approaches. But it seems that things aren't working, so I think my suggestion is worth trying (if it doesn't fix the situation, then the difference may be irrelevant).

Will do that after I reinstall openvpn. I installed openwrt stock, the davidc502 version had preinstalled openvpn servers that couldnt be removed, and they showed up in the logs. It would have been confusing to try to figure out which server I was using, as all of the vpn servers showed in the logs, not just the one I had been actually using.

It is tested, documented and works well enough:

1 Like

...but...the OP doesn't have an OpenWrt enumerated Interface...they added the raw interface.

You both are correct.

The OP needs to make an unmanaged Interface, then add it to LAN by its Interface name. This was the syntax error I was testing for.

1 Like

wow... the more you know! Although I've always had success with the network device, I will keep this in mind as I help others :slight_smile:

The generation of the RSA for the Openvpn will take a long time. I will try this immediately.

I hope you're doing your RSA key generation on a full fledged computer instead of your router... if not, try it... so much faster!

1 Like