Desperately hoping someone can help me with this as I am pulling my hair out.
I've usually had OpenVPN Server setup in TAP mode, but have recently switched this to a TUN configuration as I have replaced my Android Phone the OpenVPN Client I used which supported TAP is no longer maintained and does not function on newer Android versions and I am wanting to avoid buying another client.
I therefore switched to TUN mode and everything is working great except I am unable to access any of the port forwards that I have in place with NAT Loopback enabled, such as my web server. I don't want to start looking at Split DNS etc and just want to keep things simple.
If I try accessing my web server then I appear to be hitting the OpenWRT Web Server as I get the OpenWRT Certificate & the following error: "Forbidden - Rejected request from RFC1918 IP to public server address".
I've got the following OpenVPN configuration, which all seems good:
port 1194 proto udp dev tun0 #scramble obfuscate ovpnclient ca '/etc/openvpn/ca.crt' cert '/etc/openvpn/my-server.crt' key '/etc/openvpn/my-server.key' dh '/etc/openvpn/dh2048.pem' topology subnet server 192.168.10.0 255.255.255.0 client-to-client max-clients 254 keepalive 10 120 push "route 192.168.0.0 255.255.255.0" push "route 192.168.10.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DOMAIN xxx.lan" push "dhcp-option DOMAIN-SEARCH xxx.lan" push "dhcp-option DOMAIN-SEARCH xxx.lan" push "dhcp-option DNS 192.168.0.1" push "compress lz4-v2" fast-io cipher AES-256-CBC auth SHA256 compress lz4-v2 push "compress lz4-v2" verb 3
I'm currently running OpenWrt 21.02.5 if that is any use. Wondering if this can be worked around with some sort of NAT Rule?