Good Evening,
Desperately hoping someone can help me with this as I am pulling my hair out.
I've usually had OpenVPN Server setup in TAP mode, but have recently switched this to a TUN configuration as I have replaced my Android Phone the OpenVPN Client I used which supported TAP is no longer maintained and does not function on newer Android versions and I am wanting to avoid buying another client.
I therefore switched to TUN mode and everything is working great except I am unable to access any of the port forwards that I have in place with NAT Loopback enabled, such as my web server. I don't want to start looking at Split DNS etc and just want to keep things simple.
If I try accessing my web server then I appear to be hitting the OpenWRT Web Server as I get the OpenWRT Certificate & the following error: "Forbidden - Rejected request from RFC1918 IP to public server address".
I've got the following OpenVPN configuration, which all seems good:
port 1194
proto udp
dev tun0
#scramble obfuscate ovpnclient
ca '/etc/openvpn/ca.crt'
cert '/etc/openvpn/my-server.crt'
key '/etc/openvpn/my-server.key'
dh '/etc/openvpn/dh2048.pem'
topology subnet
server 192.168.10.0 255.255.255.0
client-to-client
max-clients 254
keepalive 10 120
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DOMAIN xxx.lan"
push "dhcp-option DOMAIN-SEARCH xxx.lan"
push "dhcp-option DOMAIN-SEARCH xxx.lan"
push "dhcp-option DNS 192.168.0.1"
push "compress lz4-v2"
fast-io
cipher AES-256-CBC
auth SHA256
compress lz4-v2
push "compress lz4-v2"
verb 3
I'm currently running OpenWrt 21.02.5 if that is any use. Wondering if this can be worked around with some sort of NAT Rule?
Thanks