Openvpn works, but no LAN hostnames

N.Schotten · October 11, 2022, 9:54am

Hello hivemind.
So i got my router reprogrammed to OpenWRT. Added OpenVPN server (multi client/user) and that works. I can connect via the VPN and despite being on a differtent DHCP range i can connect to the devices on the LAN side of the tunnel via their IP adresses.
However, Windows on the client side can't see the available devices/systems from their hostnames.
The Network window/folder remains empty.
What needs to be changed so that the windows client does populate the network folder, just like the systems on the LAN side show the devices?

Some of the Windows software i use look for the other systems by their hostnames rather than their IP. Windows not finding / getting these names pushed / pulled to it breaks these programs.

TIA.
Niels

frollic · October 11, 2022, 10:48am

the clients connecting via VPN to be able to access your routers DNS, unless we're talking about some other kind of discovery ...

N.Schotten · October 11, 2022, 11:36am

Hi Frollic,
Sounds like that might be needed. But how to set that up?

kukulo · October 11, 2022, 12:21pm

In DHCP and DNS add to listen interfaces your openvpn tun interface. Then hit save and apply.

N.Schotten · October 11, 2022, 1:05pm

Even with an active VPN i'm not seeing an openvpn tunnel interface.
And adding "LAN" to the listen interfaces list killed the connection to the internet (DNS lookup fail?)

N.Schotten · October 11, 2022, 1:05pm

The Openvpn page

kukulo · October 11, 2022, 1:29pm

You will nee to follow following guide in order to setup openvpn server:

After that add tun0 to the DHCP and DNS as a listen interface.

N.Schotten · October 11, 2022, 1:33pm

I did folow that guide, last night.

kukulo · October 11, 2022, 1:58pm

In Openvpn section tick the enabled and start next to your server configuration. This should enable the tun0 device in Luci.

In Luci, then add new interface:

Assign it to your vpn firewall zone:

And add DHCP DNS listen to interface tun0.

Important: check, whether you have correctly set up firewall.

ulmwind · October 11, 2022, 2:17pm

Trivial approach is to use 'tap' instead of 'tun'.

N.Schotten · October 11, 2022, 2:57pm

Neither of the sample configs are used by the actual VPN config.
No idea as to how to add the actual cofig to this list. That said. i downloaded the server.conf and renamed it server.ovpn. loaded that into luci-openvpn. saved, enabled etc all that seemed to result in is a broken VPN connection. I can connect and get an IP. But no other devices show up. can't even reach them by their IP. No internet acces neither.
How to roll that back???
Not sure if my latest config backup was from after i got the VPN to 'work" last night. looking at the timestamp... no...

BTW.
Looking at some of the commands in the posted setup page.

# Fetch WAN IP address
. /lib/functions/network.sh
network_flush_cache

There is a space between the period and the forward slash. I feel that that space shouldn't be there.

kukulo · October 11, 2022, 3:06pm

You can edit directly the /etc/config/openvpn file, the Luci will afterwards recognize the instances and you can start the server from Luci.

N.Schotten · October 12, 2022, 12:33pm

So i rebuild it some...
Now i have these interfaces.

Which names do i put in to the listen box? LAN or br-lan? VPNA or eth0.1?

And i'm currently running into problems with generating the user's ovpn files.
I'm using:

and

But on the multi-client page the code doesn't seem to generate extra ovpn files. It generates the key and pem files but they don't convert to ovpn.

/etc/openvpn/server.conf
#user nobody
#group nogroup
dev tun
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

And there doesn't seem to be any server.ovpn file (Find doesn't find it)

N.Schotten · October 12, 2022, 12:37pm

ok. on the last part... i just reran part 4 (VPN service) after doing the # Add one more client
from the multi-client page and got the other client's ovpn file.

But this is still a TUN not a TAP.
How to switch to TAP? not as simple as changing the names in the conf and client files i assume..

kukulo · October 12, 2022, 4:39pm

The ovpn file does not differ much from the server.conf you just provided. You are just missing the key part of the config:

option dh '/etc/luci-uploads/cbid.openvpn.VPN.dh'
option ca '/etc/luci-uploads/cbid.openvpn.VPN.ca'
option key '/etc/luci-uploads/cbid.openvpn.VPN.key'
option cert '/etc/luci-uploads/cbid.openvpn.VPN.cer
t'