Setting up LEDE openvpn for lan gaming

Hi all.

I have set up openvn server on my LEDE router.
When in "dev tun" mode
My clients can connect to it without any problem and all traffic is routed through my openvpn server. I get my routers global ip address when connected. And all my clients can see each other.

But i read that for lan gaming over openvn i need to have "dev tap" mode. Of course i tried in dev tun mode with no luck. It did not work. Then i just changed "dev tun" to "dev tap" in my openvpn server and clients too (i have 2 linux PCs to test this one at my work one at home)
When i ran the game and created server in my home PC my work PC was able to see lan game started and could connect to it. So everything is like i wanted.

Just the thing is. When connected to openvpn in "dev tap" mode clients can't use their network connection. It's like they do not have internet connection. What's problem? Could you help?

You need to configure split tunneling for your clients. There is a brief explanation on the OpenVPN Wiki, but I found a more complete solution:
http://swimminginthought.com/routing-traffic-vpn/

Also, it might be worth checking the client-to-client directive to allow your VPN clients to see each other as per your expected use-case.

Finally i have got it working with tap mode and all my clients have internet connection when connected to my openvpn server!!!!

If anyone needs these are my settings

firewall
http://www.picz.ge/img/s1/1706/17/4/4a3e0cdbff2d.jpg

interfaces
http://www.picz.ge/img/s3/1706/17/e/e10e65d06ce0.jpg

/etc/config/firewall settings

config zone
option name 'vpn'
option masq '1'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'vpn0'
option forward 'ACCEPT'

config forwarding
option dest 'lan'
option src 'vpn'

config forwarding
option dest 'vpn'
option src 'lan'

config forwarding
option dest 'wan'
option src 'vpn'

config forwarding
option dest 'vpn'
option src 'wan'

and my openvpn.conf

mode server
tls-server
port 1194
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
tls-auth /etc/openvpn/ta.key 0
auth 'SHA256'
cipher 'AES-256-CBC'
tls-version-min 1.0
server-bridge 10.0.0.1 255.255.255.0 10.0.0.128 10.0.0.254
topology subnet
comp-lzo yes
persist-key
persist-tun
client-to-client
verb 3
mute 20
keepalive 10 60
mssfix 1420
log /tmp/ovpn.log
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.0.1" # Change this to your router's LAN IP Address
push "route 10.0.0.0 255.255.255.0" # Change this to your network

I was wrong! When connected to the openvpn network internet does not work. It works if only i am in routers lan network when connecting to openvpn network. Nor i am able to ping 10.0.0.1 (router) and any other client.
Can some one help me what do i have to do?

No one has done it before?

I locked out myself from router and could not access it and failsafe mode saved me. I have configured so many things on it :slight_smile:
at last i got it working!!!! I checked everything is working.

Bridge checked
vpn access from the internet checked
traffic routing through vpn server checked (all clients have my home flobal ip)
tap mode checked
ping checked
internet access from clients when connected to openvpn checked

Finally i have got it working!!!!

Congratulations @anon20279570 ! Did you have to change anything from your described config (if so please update your previous post)? I'm very interested and will test that in near future.

Thanks.

here is config

firewall:
http://www.picz.ge/img/s2/1706/18/c/cdd7e6b1417f.jpg

config rule
option name 'Allow-UDP1194-Inbound'
option src '*'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1194'

config zone
option name 'vpn'
option masq '1'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'vpn0'
option forward 'REJECT'

config forwarding
option dest 'lan'
option src 'vpn'

config forwarding
option dest 'vpn'
option src 'lan'

network interfaces:

config interface 'vpn0'
option proto 'none'
option ifname 'tap0'

config interface 'lan'
option type 'bridge'
option ifname 'wlan0 tap0'

openvpn server.conf file:

mode server
tls-server
port 1194
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
tls-auth /etc/openvpn/ta.key 0
auth 'SHA256'
cipher 'AES-256-CBC'
tls-version-min 1.0
server-bridge 10.0.0.1 255.255.255.0 10.0.0.128 10.0.0.254
topology subnet
comp-lzo yes
persist-key
persist-tun
client-to-client
verb 3
mute 20
keepalive 10 60
mssfix 1420
log /tmp/ovpn.log
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.0.1" # Change this to your router's LAN IP Address
push "route 10.0.0.0 255.255.255.0" # Change this to your network

openvpn client must be in tap mode too!!! That's it. Everything should work. I tried only one game hedgewars (it's just for testing :D) On linux just "sudo apt-get install hedgewars" installs it. It has lan game option you create server on one side and client connects from lan (in reality it connects through vpn connection) so it works. tommorow i will test some more games and windows machines too :slight_smile: hopefully they work. For now everything works with linux machines :slight_smile: i have lubuntu on my laptop and ubuntu on my work PC. I am a linux guy. :slight_smile:

1 Like