OpenWrt Forum Archive

Topic: [Help] OpenVPN created and connected to, but not working

The content of this topic has been archived on 4 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I have a Linksys WRT1900ACS with OpenWRT 15.05 on it.

I have followed the "OpenVPN tutorial for beginners" from this web step by step (changing the local references like IP address...etc) and I got it running.

I imported the *.ovpn configuration file into the OpenVPN official app on my Android smartphone running LineageOS 7.1.2 and it connects correctly to the server on my router. I see the real WAN IP of my network, it assigns me an IP in the VPN range (10.8.0.X) and the bytes in and out go up steadily.

But I cannot do any of the actions I was supposed to be able to while connected to my VPN, that is, navigate as if I were a local machine connected to the router, and therefore with the WAN IP of the rest of devices (If I visit a whatismyip site, it shows the mobile network IP, not the WAN IP). I cannot accessany of the local resources of the local network by typing the local address (i.e. I cannot SSH the router on 192.168.1.1:22 but I can do it by introducing the WAN IP like when I am out of my network 92.176.88.125:22)... I double cheked I allowed the traffic from VPN to LAN and viceversa and from VPN to WAN.

VPN --> LAN
uci set firewall.vpn_forwarding_lan_in=forwarding
uci set firewall.vpn_forwarding_lan_in.src=vpn
uci set firewall.vpn_forwarding_lan_in.dest=lan

LAN --> VPN
uci set firewall.vpn_forwarding_lan_out=forwarding
uci set firewall.vpn_forwarding_lan_out.src=lan
uci set firewall.vpn_forwarding_lan_out.dest=vpn

VPN --> WAN
uci set firewall.vpn_forwarding_wan=forwarding
uci set firewall.vpn_forwarding_wan.src=vpn
uci set firewall.vpn_forwarding_wan.dest=wan

Any hints?

Thanks in advance!

(Last edited by jfromeo on 1 Aug 2017, 10:06)

I add the output of the following commands, leaving only the vpn-related lines:

/etc/config/network

config interface 'vpn'
        option ifname 'tun'
        option proto 'none'
        option auto '1'

/etc/config/firewall

config rule 'Allow_OpenVPN_Inbound'
        option target 'ACCEPT'
        option src '*'
        option proto 'udp'
        option dest_port '1194'

config zone 'vpn'
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'REJECT'
        option output 'ACCEPT'
        option masq '1'
        option network 'vpn'

config forwarding 'vpn_forwarding_lan_in'
        option src 'vpn'
        option dest 'lan'

config forwarding 'vpn_forwarding_lan_out'
        option src 'lan'
        option dest 'vpn'

config forwarding 'vpn_forwarding_wan'
        option src 'vpn'
        option dest 'wan'

/etc/config/openvpn

config openvpn 'myvpn'
        option enabled '1'
        option verb '3'
        option port '1194'
        option proto 'udp'
        option dev 'tun'
        option server '10.8.0.0 255.255.255.0'
        option keepalive '10 120'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/olmos13vpnserver.crt'
        option key '/etc/openvpn/olmos13vpnserver.key'
        option dh '/etc/openvpn/dh2048.pem'
        list push 'route 192.168.13.0 255.255.255.0'
        list push 'redirect-gateway def1'
        option client_to_client '1'

Summing it up, I can connect to server, but I cannot go to internet through the private tunnel (my WAN IP is the same as before connecting to openVPN) and I cannot see the rest of the LAN machines (I can only access to router via the VPN IP (10.8.0.1), not the LAN IP (192.168.13.1))

Newbie question. Do I need to port forward 1194 UDP to the router IP from WAN to VPN?

doesn't seem like this expert community is very eager to help.....

The discussion might have continued from here.