OpenWrt Forum Archive

Topic: OpenVPN no access to LAN

The content of this topic has been archived on 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
mrremo
11 Dec 2017, 12:35

I setup a OpenVPN Server in my wrt3200 and the VPN connection works. Unfortunately, I only have access to my router (192.168.0.1) and not to other servers/computers in the network. Below you will find my config. Does anyone know where the mistake is?

root@LEDE:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxxx/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.0.1'

config interface 'wan'
        option type 'bridge'
        option _orig_ifname 'eth1 wlan0'
        option _orig_bridge 'true'
        option proto 'dhcp'
        option ifname 'eth1'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6'

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'
        option auto '1'

root@LEDE:~# cat /etc/config/firewall

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option src 'wan'
        option dest_port '1194'
        option proto 'udp'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option network 'vpn0'

config forwarding
        option dest 'lan'
        option src 'vpn'

config forwarding
        option dest 'wan'
        option src 'vpn'

root@LEDE:~# cat /proc/sys/net/ipv4/ip_forward
1
root@LEDE:~# cat /etc/config/openvpn
config openvpn 'BellevueVPN'
        option enabled '1'
        option dev 'tun'
        option port '1194'
        option proto 'udp'
        option status '/var/log/openvpn_status.log'
        option log '/tmp/openvpn.log'
        option verb '3'
        option mute '5'
        option keepalive '10 120'
        option persist_key '1'
        option persist_tun '1'
        option user 'nobody'
        option group 'nogroup'
        option ca '/etc/easy-rsa/keys/ca.crt'
        option cert '/etc/easy-rsa/keys/BellevueVPN.crt'
        option key '/etc/easy-rsa/keys/BellevueVPN.key'
        option dh '/etc/easy-rsa/keys/dh2048.pem'
        option mode 'server'
        option tls_server '1'
        option tls_auth '/etc/easy-rsa/keys/ta.key 0'
        option server '10.8.0.0 255.255.255.0'
        option topology 'subnet'
        option route_gateway 'dhcp'
        option client_to_client '1'
        list push 'persist-key'
        list push 'persist-tun'
        list push 'redirect-gateway def1'
        # allow your clients to access to your network
        list push 'route 192.168.0.0 255.255.255.0'
        # push DNS to your clients
        list push 'dhcp-option DNS 192.168.0.1'
        option comp_lzo 'no'

root@LEDE:/etc/easy-rsa/keys# cat xxxx.ovpn
client
dev tun
proto udp
remote xxxxx.xx 1194
resolv-retry infinite
nobind
mute-replay-warnings
ns-cert-type server
key-direction 1
verb 1
mute 20
comp-lzo no
# uncomment for Windows 7 clients
#route-method exe
#route-delay 2
<ca>
-----BEGIN CERTIFICATE-----
Post #2
eduperez
11 Dec 2017, 15:03

Check the routes at the client, and verify that there is one for the 192.168.0.x network.
Use "traceroute" (or a similar utility) to see where are the packages being lost.
Verify that the machines at the 192.168.0.x network are willing to accept traffic from a machine at the 10.8.0.x network.

Post #3
mrremo
11 Dec 2017, 16:09

Thanks for your answer!
The OpenVPN server runs on my router. I can connect to the router and I can also log in to the router (192.168.0.1). But I cannot reach other subscribers in the network (192.168.0. x). This means that the VPN connection works but the connection to my NAS (192.168.0.2) for example is not forwarded. I don't know how to find the mistake.

(Last edited by mrremo on 11 Dec 2017, 16:09)

The discussion might have continued from here.