VPN ok - But can only access SOME local devices? *frustrating*

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
cotwild
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 12, 2019 8:16 am

VPN ok - But can only access SOME local devices? *frustrating*

Post by cotwild » Fri Jul 12, 2019 8:31 am

Dear community
After try&error for almost 2 days I hope to find a solution with your help here.

I got a working VPN Server on a OpenWrt [18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)], connecting with OpenVPN for Android. I did disalbe TLSAuth, as I didn't get this working for now...

But the main problem is... I can ping / access only some devices from my local network (same IP range), from within that network I can ping/access all devices...

Here some details and configs:

Networks:
VPN: 192.168.10.0
Private Network: 192.168.5.0
Accessible devices: 192.168.5.1 (Router with OpenVPN) / 192.168.5.11 (NAS) / 192.168.5.4 (Switch) / 192.168.5.162 (Home PC)
Inaccessible devices: 192.168.5.16 (Home Server)

My /etc/config/openvpn

Code: Select all

config openvpn 'myvpn'
        option enabled '1'
        option proto 'udp4'
        option log '/tmp/openvpn.log'
        option verb '3'
        option ca '/etc/openvpn/certs/ca.crt'
        option cert '/etc/openvpn/certs/server.crt'
        option key '/etc/openvpn/certs/server.key'
        option dh '/etc/openvpn/certs/dh4096.pem'
        option server '192.168.10.0 255.255.255.0'
        option cipher 'AES-256-CBC'
        option auth 'SHA512'
#       option tls_auth '/etc/openvpn/certs/tlsauth.key 0'
#       option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-12
        option port '1194'
        option keepalive '10 120'
#       option tls_server '1'
#       option tls_version_min '1.2'
        list push 'redirect-gateway def1'
        list push 'route 192.168.5.0 255.255.255.0'
        list push 'dhcp-option DNS 192.168.5.16'
        list push 'dhcp-option DNS 8.8.8.8'
        list push 'block-outside-dns'
        option dev 'tun0'
#       option route_gateway '192.168.5.1'
My /etc/config/network (only vpn part)

Code: Select all

config interface 'VPN0'
        option proto 'none'
        option auto '1'
        option ifname 'tun0'
        option delegate '0'
My /etc/config/firewall

Code: Select all

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option dest_port '1194'
        option src '*'
        option proto 'udp'
        
        config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'VPN0'
        option forward 'REJECT'

config forwarding
        option src 'vpn'
        option dest 'wan'

config forwarding
        option src 'vpn'
        option dest 'lan'
I am also able to ping the Server (192.168.5.16) from the OpenWRT Diagnostics Site to see if there is any iptables rule on the server preventing access from 192.168.5.1 (OpenVPN Server). The inaccessible server is a Ubuntu 16.04 server with several services...

Any idea what I could be missing or doing wrong??

Thanks a lot for your help.
Dave

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: VPN ok - But can only access SOME local devices? *frustrating*

Post by novaflash » Fri Jul 12, 2019 9:23 am

Sorry, try one of the other boards on this forum. This is clearly an open source OpenVPN implementation, and not the OpenVPN Access Server product.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply