OpenVPN server setup not working with Moonlight

# in /etc/config/network

config interface 'vpn'
	option proto 'none'
	option ifname 'tun0'
# in /etc/config/firewall

config forwarding                                                    
        option dest 'vpn'                                          
        option src 'lan' 

config forwarding                                                    
        option dest 'lan'                                          
        option src 'vpn' 

config zone                             
	option name 'vpn'  
	option network 'vpn'        
	option forward 'DROP'           
	option output 'ACCEPT'              
	option input 'ACCEPT'      
	option mtu_fix '1'

Be mindful of @vgaetera's warning:

I don't quite understand it...and you don't use this method (but you learned how).

EDIT - see:

I have a VPN server at home that allows me access to my LAN and internet via my tunnel. I'm not exactly sure what you mean by VPN-only access to the host, but to elaborate, my VPN sever (OpenWrt with OpenVPN) is not my primary router -- it sits behind my main router... when remote, the only way to get to the LAN or the OpenWrt VPN router is via a VPN tunnel.

On your 3rd point, you are right -- I've never tried it before, as it is rare that my VPN ever has a reason to have a network restart that wouldn't be part of a full OpenWrt reboot.

EDIT: Also worth noting that I do have wireguard installed as well, so I actually have another option should that get messed up, but yeah, I do see your point :slight_smile:

2 Likes

Changing the options doesn't work, getting logs to send.

If you used SCP, did you apply them by rebooting?

I haven't rebooted.

If I haven't been clear, the SCP method you're using requires a series of reload commands, or a reboot.

So, when I mention "Save & Apply", in the SCP method you use to edit, you must reboot to apply, every time.

I did nano for the last thing you told me to do

:man_facepalming:

AND DID YOU APPLY THEM AFTER SAVING IN nano!?!?

with /etc/init.d/firewall reload?

and /etc/init.d/network reload FIRST but the VPN may not come up or restart without rebooting...

:bulb:

(I'm starting to see @vgaetera's point)

1 Like

Yes, I did that.

Maybe it does work I just rebooted let me try Wake On Lan (Another thing that didn't work before)

Please stay on topic.

Rebooting is the easiest way to ensure every service gets restarted in the correct order.

As far as WOL, you should troubleshoot one thing at a time -- get the VPN functioning properly first.

1 Like

It works! Officially, this time. I did /etc/init.d/firewall reload then rebooted after making the changes

Restarting network service resets all the declared interfaces.
It removes IP-address, sets interface down and up and then configures IP-address.
If proto=none, there's no IP-address to configure.
So, the interface becomes unroutable until you restart the VPN-service.
However managing remote host via the internet you often has VPN-only access.
And it is not always possible to gain any other access to the host in an acceptable time.

3 Likes

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

How can I go around tracerouting on my iphone?

This part looses me. But this may be because tunnels I use don't need an IP.

1 Like

tracert on Windows
And should be traceroute on Apple, Linux, Unix, etc...

Isn't there an app for that?