OpenWrt Forum Archive

Topic: OpenVPN connected but traffic not routable

The content of this topic has been archived between 19 Apr 2018 and 30 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

600cc wrote:

* Your VPN computer can open a VPN connection over its WAN interface (192.168.3.222) to a remote endpoint and can send its own traffic down the tunnel.

Yes.

600cc wrote:

* Other devices are configured to use the VPN computer's LAN interface (192.168.2.212) as their default gateway, but are unable to send traffic further.

Yes, but they can ping 192.168.3.222.

600cc wrote:

This might be a really dumb question (and apologies if it is), but are you positive that IPv4 forwarding is enabled in sysctl.conf on the VPN computer?

Yes. See:-

sudo sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens160.stable_secret"
sysctl: reading key "net.ipv6.conf.ens224.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.tun0.stable_secret"
600cc wrote:

Also, on the VPN computer, is your iptables filter table completely empty, or does it have rules to permit established/related traffic (in other words, the return traffic triggered by the outbound traffic)?

Yes, completely empty. See:-

sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
sudo iptables --list -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

Crikey. I completely missed your previous reply. Apologies for that; I wasn't ignoring this thread.

Still, glad it's all working now. And that HMA page looks handy. I've bookmarked it. Thanks for the link!

The discussion might have continued from here.