OpenWrt + OpenVPN(.net) + DynDNS(no-ip) + Game Server

Hi y'all - hoping to get some help with configuring this - I've read through many of the similar posts on here but they all address older versions of OpenWrt and I haven't been able to adapt them correctly it seems.

Here's the situtation:

  • Modem is a ZTE500 (5g Cellular device) running its default firmware, which is CGNAT'd by the ISP. Modem has IP passthrough enabled successfully. (
  • Router is a Netgear DNGD3700 v1 with OpenWrt 21.02.2 . ( Both Ethernet and wireless devices successfully have internet.
  • An ethernet device plugged in to the router is running a game server I would like to expose publicly (static dhcp As I am behind CGNAT, I cannot open ports, therefore I now have accounts for both:

I have been attempting to use: VPN Policy Based Routing as described in the linked thread.

I have all the relevant packages installed on the OpenWrt (ddns, no-ip, openvpn, policy based routing, all the relevant LuCI packages for web management).

Here is what I'm unsure of:

  • I'd like to have the VPN tunnel sitting on the OpenWrt, not on the machine running the game.
  • It is unclear to me whether I need to be using an Host (and configure a client on the OpenWrt), an Network (and configure server on the OpenWrt) or both, and in any case, how they should all be connected.
  • It seems super unclear what devices/interfaces are what with the VPNs set up and connected - I simply imported two .ovpn files downloaded from to set them up on the router, and I am not sure how that works with the VPN policy configuration specified in the example linked below. The options specified in this example don't seem to conflict with the information in the .ovpn files, except for the clear direction to use a different port for the client, which seems to break the clients connection to the cloud if I do.

I was attempting to follow this VPN Policy example from that packages developer's documentation but it doesn't seem to work. Certainly I have no idea how to direct the DDNS settings to pick up the VPN's internet facing IP (I am struggling to adapt the solutions here and here)

Any assistance with this is greatly appreciated!

EDIT: If at all possible, I would like the machine running the game server to have all its regular traffic run normally not over the VPN - was hoping to just expose specifically the port that the game server is on to the VPN tunnel (hence having the client on the router, rather than on the machine)

Optionally, if someone could just tell me which service I need I can continue to experiment!
(subtle bump!)