Please help with configuring OpenVPN connection on LuCI

aedmonds1990 · December 6, 2020, 9:21am

I lose internet connectivity once I enable an OpenVPN connection.

I've tried a few different VPN servers now. But all have the same result.

Without OpenVPN connection, router works great. Here is the config:

However when I then start the OpenVPN connection, and change the firewall settings so that the LAN has forwarding to the VPN zone, my LAN loses internet connectivity. I don't think it is a DNS issue as I cannot even ping 8.8.8.8 from the Openwrt console.

I am following this guide which appears to be the most comprehensive out there: https://www.dropbox.com/sh/c8cqmpc6cacs5n8/AAA2f8htk1uMitBckDW8Jq88a?dl=0&preview=4-OpenVPN+Client+for+HH5A+v1.2i.pdf

I am a little confused when you set up forwarding from LAN -> VPN. It feels like you should also have some forwarding from VPN -> WAN so that it can access the wider network.

Please help me though. I would really appreciate it. Let me know if you require any further diagnostics.

vgaetera · December 6, 2020, 9:26am

Change LAN IP to 192.168.2.X.

hnyman · December 6, 2020, 9:34am

Sounds strange, as you have the same 192.168.1.x subnet on both wan and lan. Router should be at least semi-confused about your routing wishes.

The OpenWrt router really need a different subnet on the wan and lan sides, so that it understands which packets are local inside your LAN, and which should be flowing out to the internet via wan.

(vgaetera already pointed out the same mistake, but I thought to be more verbose...)

Ps. That advice is also mentioned in that guide that you claim to be following...

aedmonds1990 · December 6, 2020, 10:06am

Thank you very much for your responses. That does make sense and I will give it a go.

I had set up some reserved addresses on my ISP router's DHCP server. However I can still see why this might be confusing when I attempt to the VPN server.

Thanks again

aedmonds1990 · December 6, 2020, 11:56am

I tried changing the LAN static IP to 192.168.2.X, and now I am not able to connect to the router.

Does anyone have any ideas?

hnyman · December 6, 2020, 12:28pm

Hopefully 192.168.2.1 (not x)

I just meant that it needs to be a different subnet than the wan, so instead of 192.168.1.0/24, something from 192.168.2.0/24 or 192.168.44.0/24 or whatever.
E.g. 192.168.2.1 or 192.168.2.22, or pretty much anything from 192.168.2.{1-253}

Have you already fixed your PC to be in the 192.168.2.x subnet?
If it still has IP of 192.168.1.x, it doesn't connect to the router, as they are in different subnets.

If it

has a fixed IP, changel to something like 192.168.2.34 or .56 or whatever
uses DHCP, just refresh the DHCP address fetching.

aedmonds1990 · December 6, 2020, 12:30pm

Yes so I changed the LAN interface of the router to be 192.168.2.124.

I've connected this to the ethernet adaptor on my local machine. I've changed the adaptor's config to:

But I still cannot connect

aedmonds1990 · December 6, 2020, 12:34pm

The router does appear to have a presence on the network, it is responding to ARP probes

hnyman · December 6, 2020, 12:47pm

Well, the router has 192.168.1.124, but it looks like you set Windows to look for gateway at 192.168.2.1 ?

You need to make sure that your settings are consistent.

Windows is also sometimes picky in using new addresses, so you might need to refresh it by physically disconnecting the cable, or something similar.

Or maybe reboot both the router and then Windows.

(might be easier to let Windows to use DHCP and fetch the its IP from the router, assuming that you have left the default DHCP server intact in the OpenWrt router.)

vgaetera · December 6, 2020, 3:00pm

You can use the IPv6 ULA or LLA addresses to access the router.
IPv6 and IPv4 work independently in general case.
The IPv6 ULA of your router is on the first screenshot in the OP.

aedmonds1990 · December 7, 2020, 2:48pm

I think I was hitting the follow issue. Fresh install worked: https://github.com/openwrt/luci/issues/2660