Dear Openwrt Experts,
i have some problems setting up OpenVPN.
My setup:
I have an Internet Router with IP Address 192.168.72.1 that connects to the internet
I have a public IPv4 Address and a usable IPv6 /56 Prefix
IPv4 Port 443 TCP is forwarded to my Openwrt router
and Port 443 TCP is accessible on the IPV6 Address of the Openwrt Router
My Openwrt Router is Running Openwrt 22.03.2 and has the static IP 192.168.72.2.
It is configured as Dumb AP so there is no WAN Interface.
OpenVPN is configured to listen to Port 443 TCP
What works so far:
I was able to configure networking and firewall to work with ipv4 only. I can connect via OpenVPN. Have access to all devices in the network and can route all traffic through the tunnel. But i can only listen on the ipv4 address.
This is the firewall config for ipv4:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
option syn_flood '1'
option drop_invalid '1'
config rule
option target 'ACCEPT'
option family 'ipv4'
option proto 'tcp udp'
option src '*'
option dest_port '443'
option name 'Allow Forwarded VPN Request -> <device>'
config rule
option target 'ACCEPT'
option family 'ipv4'
option proto 'tcp udp'
option src '*'
option src_ip '10.11.0.0/28'
option dest_ip '192.168.72.0/24'
option name 'Allow VPN0 -> LAN'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option family 'ipv4'
option src '*'
option src_ip '10.11.0.0/28'
option dest '*'
option dest_ip '192.168.72.0/24'
option name 'Allow Forwarded VPN0 -> LAN'
config rule
option target 'ACCEPT'
option proto 'icmp'
list icmp_type 'echo-request'
option src '*'
option src_ip '10.11.0.0/28'
option dest 'lan'
option name 'Allow VPN0 (ICMP 8) -> <device> '
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
config zone
option name 'vpn'
option network 'vpn0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'vpn'
option src 'lan'
config forwarding
option dest 'lan'
option src 'vpn'
As soon as i configure my Router to also get an IPv6 Address
Relevant Part in /etc/config/network
config interface 'lan6'
option device '@lan'
option proto 'dhcpv6'
and i setup OpenVPN to Listen on tcp6 and added
list push "route-ipv6 2000::/3"
list push "redirect-gateway ipv6 def1"
I can connect to my Network via IPv4 and IPv6 but the IPV6 Traffic on my external connecting device is no longer forwarded.
I tried to modify some example firewall rules to my dumb ap setup but i failed to succeed.
Honestly i am familiar with linux but i do not thoroughly understand how to handle IPv6.
I also tried to follow this guide:
and to modify firewall rules to my setup but nothing worked so far.
Any help is appreciated.
Thank you