Tomato Shibby OpenVPN Configuration

[kevroy314]

Hello!

I've been googling this for the past several hours and haven't found a fix, so I thought I'd just ask.

I had an OpenVPN server running on my Windows 10 machine successfully, but I found that, despite running it as a service and having it start automatically, it wasn't reliably up every time I was away. It also didn't give me access to my LAN, just this machine for VNC purposes. I figured I'd try to move the configuration to my Tomato router (ASUS RT-AC68P) running Shibby v3.1-132 AIO-64K. I've been really happy with this router configuration, but I just can't seem to get the OpenVPN server to work as expected.

I transferred all of the certs/keys and got it so that my phone (over 4G) could connect, but no matter what I do, I seem to always end up in one of two states:

* The phone connects, but there is no internet connection anymore. I can't ping anything (even what I assumed would be a gateway address, 10.8.0.1) except for the local IP (10.8.0.6 - assigned automatically). The connection doesn't show any errors in the logs. This happens in most configurations.
* The phone connects, I get internet but cannot ping anything within the LAN. This also lead to the rest of the LAN losing internet until I restarted (possibly put it in a bad state). This seems to happen when "Push LAN to clients" and "Direct clients to redirect Internet traffic" are disabled.

I've fiddled with all of the settings as much as I know how to, but I'm clearly missing something about how to set this up properly. I've found tons of forum posts and articles showing how it should be set up, and as far as I can tell, my config matches the recommendations. What could I be missing?

Another aside - when I'm on the LAN (not on 4G), I can't connect at all. The logs claim that it expects a connection to the external IP, not the internal (192.168.2.1) address. I'm not sure how to allow connections from both. I don't think this will end up mattering though as I'm hoping to access the whole LAN via the router at once - so computers on the LAN shouldn't need to connect.

I'm a newb to all this, so I apologize if I'm missing some fundamentals. Any tips/suggestions would be very helpful.

[TinCanTech]

Have you read the HOWTO:
https://openvpn.net/index.php/open-sour ... howto.html

[kevroy314]

Sorry for the slow reply, I wanted to make sure I had, in fact, read that article you linked. It didn't contain anything I didn't already think I know (or at least hadn't already seen/been familiar with), so it hasn't helped me resolve this issue.

Any other suggestions?

[kevroy314]

FYI to anyone who checks this post, I'm going to try this:

https://community.openvpn.net/openvpn/w ... gh-the-vpn

Will report back results.

[kevroy314]

I ended up switching to a TAP adapter and everything worked great. I wish I had a solution that worked on android though. Still open to suggestions on that!

[TinCanTech]

See this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

If TAP works then TUN will, if you follow that guide carefully.