Hi. Based on the advice of this forum, I installed and configured WireGuard.
Worked great, 1st time!!
However, from the remote client, I can ping the OpenWRT router's default gateway, and access the internet. I can ping the LAN address of the OpenWRT router, but I can't ping anything else on the LAN.
I tried a couple of different things (like creating a zone that forwards from the VPN to the LAN), but no luck.
HELP! THANKS!
Please run the following commands on your router (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd54:c81f:ce62::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ip6assign '60'
list ipaddr '10.1.10.4/24'
config interface 'wan'
option ifname 'eth1.2'
option proto 'static'
option netmask '255.255.255.248'
option ipaddr '99.99.99.65'
option gateway '99.99.99.70'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'vpn'
option proto 'wireguard'
option private_key '**************************************'
option listen_port '51820'
list addresses '192.168.9.1/24'
list addresses 'fdf1:e8a1:8d3f:9::1/64'
config wireguard_vpn 'wgclient'
option public_key '**************************************'
option preshared_key '**************************************'
list allowed_ips '192.168.9.2/32'
list allowed_ips 'fdf1:e8a1:8d3f:9::2/128'
config wireguard_vpn 'wglaptop'
option public_key '**************************************'
option preshared_key '**************************************'
list allowed_ips '192.168.9.3/32'
list allowed_ips 'fdf1:e8a1:8d3f:9::3/128'
config wireguard_vpn 'wgmobile'
option public_key '**************************************'
option preshared_key '**************************************'
list allowed_ips '192.168.9.4/32'
list allowed_ips 'fdf1:e8a1:8d3f:9::4/128'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'tun+'
option network 'lan vpn'
config zone 'wan'
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src_port '60101'
option src 'wan'
option name 'RemoteSSH'
option target 'ACCEPT'
list proto 'tcp'
config rule
option src 'wan'
option name 'RemoteHTTP'
option target 'ACCEPT'
list proto 'tcp'
option dest_port '80'
option src_port '60102'
config rule
option src 'wan'
option name 'RemoteHTTPS'
option target 'ACCEPT'
list proto 'tcp'
option dest_port '443'
option src_port '60103'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'vpn'
option output 'ACCEPT'
config forwarding
option dest 'lan'
config zone
option name 'VPN'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'vpn'
option output 'ACCEPT'
config forwarding
option dest 'lan'
option src 'VPN'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Generated by iptables-save v1.8.3 on Wed May 26 13:25:00 2021
*nat
:PREROUTING ACCEPT [3927:432855]
:INPUT ACCEPT [1997:140201]
:OUTPUT ACCEPT [494:33375]
:POSTROUTING ACCEPT [2:178]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[3927:432855] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[0:0] -A PREROUTING -i tun+ -m comment --comment "!fw3" -j zone_lan_prerouting
[9:819] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[2069:301781] -A PREROUTING -i vpn -m comment --comment "!fw3" -j zone_lan_prerouting
[1849:130255] -A PREROUTING -i eth1.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[2069:301781] -A PREROUTING -i vpn -m comment --comment "!fw3" -j zone_VPN_prerouting
[885:118609] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[0:0] -A POSTROUTING -o tun+ -m comment --comment "!fw3" -j zone_lan_postrouting
[1:60] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o vpn -m comment --comment "!fw3" -j zone_lan_postrouting
[883:118431] -A POSTROUTING -o eth1.2 -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o vpn -m comment --comment "!fw3" -j zone_VPN_postrouting
[1:60] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[2078:302600] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[883:118431] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[883:118431] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[1849:130255] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Wed May 26 13:25:00 2021
# Generated by iptables-save v1.8.3 on Wed May 26 13:25:00 2021
*mangle
:PREROUTING ACCEPT [45258:16735221]
:INPUT ACCEPT [19443:3191650]
:FORWARD ACCEPT [24276:13336151]
:OUTPUT ACCEPT [16884:13352952]
:POSTROUTING ACCEPT [41149:26688663]
[478:24856] -A FORWARD -o eth1.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[306:15904] -A FORWARD -i eth1.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed May 26 13:25:00 2021
# Generated by iptables-save v1.8.3 on Wed May 26 13:25:00 2021
*filter
:INPUT ACCEPT [489:19717]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
[12:1144] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[19433:3190610] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[16612:3000428] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[686:28488] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[0:0] -A INPUT -i tun+ -m comment --comment "!fw3" -j zone_lan_input
[3:180] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[367:28038] -A INPUT -i vpn -m comment --comment "!fw3" -j zone_lan_input
[2451:161964] -A INPUT -i eth1.2 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A INPUT -i vpn -m comment --comment "!fw3" -j zone_VPN_input
[24276:13336151] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[23736:13243213] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[540:92938] -A FORWARD -m comment --comment "!fw3: Zone * to lan forwarding policy" -j zone_lan_dest_ACCEPT
[0:0] -A FORWARD -i tun+ -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[537:92758] -A FORWARD -i vpn -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth1.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i vpn -m comment --comment "!fw3" -j zone_VPN_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[12:1144] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[16878:13353080] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[16379:13319583] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A OUTPUT -o tun+ -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o vpn -m comment --comment "!fw3" -j zone_lan_output
[499:33497] -A OUTPUT -o eth1.2 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o vpn -m comment --comment "!fw3" -j zone_VPN_output
[0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[686:28488] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[0:0] -A zone_VPN_dest_ACCEPT -o vpn -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to lan forwarding policy" -j zone_lan_dest_ACCEPT
[0:0] -A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
[0:0] -A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
[0:0] -A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
[0:0] -A zone_VPN_src_ACCEPT -i vpn -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_lan_dest_ACCEPT -o tun+ -m comment --comment "!fw3" -j ACCEPT
[3:180] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_lan_dest_ACCEPT -o vpn -m comment --comment "!fw3" -j ACCEPT
[537:92758] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[537:92758] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[370:28218] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[370:28218] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[0:0] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[0:0] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[0:0] -A zone_lan_src_ACCEPT -i tun+ -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[3:180] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[367:28038] -A zone_lan_src_ACCEPT -i vpn -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[11:440] -A zone_wan_dest_ACCEPT -o eth1.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[1025:125815] -A zone_wan_dest_ACCEPT -o eth1.2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth1.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[2451:161964] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[1118:93292] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[73:2628] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -p tcp -m tcp --sport 60101 -m comment --comment "!fw3: RemoteSSH" -j ACCEPT
[0:0] -A zone_wan_input -p tcp -m tcp --sport 60102 --dport 80 -m comment --comment "!fw3: RemoteHTTP" -j ACCEPT
[0:0] -A zone_wan_input -p tcp -m tcp --sport 60103 --dport 443 -m comment --comment "!fw3: RemoteHTTPS" -j ACCEPT
[3:520] -A zone_wan_input -p udp -m udp --dport 51820 -m comment --comment "!fw3: Allow-WireGuard" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[1257:65524] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
[499:33497] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[499:33497] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[768:45807] -A zone_wan_src_ACCEPT -i eth1.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Wed May 26 13:25:00 2021
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 10.1.10.4/24 brd 10.1.10.255 scope global br-lan
valid_lft forever preferred_lft forever
9: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 99.99.99.65/29 brd 99.99.99.71 scope global eth1.2
valid_lft forever preferred_lft forever
10: vpn: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.9.1/24 brd 192.168.9.255 scope global vpn
valid_lft forever preferred_lft forever
default via 99.99.99.70 dev eth1.2 proto static
10.1.10.0/24 dev br-lan proto kernel scope link src 10.1.10.4
99.99.99.64/29 dev eth1.2 proto kernel scope link src 99.99.99.65
192.168.9.0/24 dev vpn proto kernel scope link src 192.168.9.1
broadcast 10.1.10.0 dev br-lan table local proto kernel scope link src 10.1.10.4
local 10.1.10.4 dev br-lan table local proto kernel scope host src 10.1.10.4
broadcast 10.1.10.255 dev br-lan table local proto kernel scope link src 10.1.10.4
broadcast 99.99.99.64 dev eth1.2 table local proto kernel scope link src 99.99.99.65
local 99.99.99.65 dev eth1.2 table local proto kernel scope host src 99.99.99.65
broadcast 99.99.99.71 dev eth1.2 table local proto kernel scope link src 99.99.99.65
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.9.0 dev vpn table local proto kernel scope link src 192.168.9.1
local 192.168.9.1 dev vpn table local proto kernel scope host src 192.168.9.1
broadcast 192.168.9.255 dev vpn table local proto kernel scope link src 192.168.9.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Allow traffic and ICMP from outside the local subnet in the Windows firewall settings.
Thanks, but no. I can already ping outside my subnet from Windows. I can ping the router (99.99.99.70) and all the other servers on the 99.99.99.x network.