Page 1 of 1

VPN ok - cannot access SOME local devices? *frustrating* *weird*

Posted: Sat Jul 13, 2019 10:00 am
by cotwild
Dear community
After try&error for almost 2 days I hope to find a solution with your help here.

I got a working VPN Server on a OpenWrt [18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)], connecting with OpenVPN for Android. I did disalbe TLSAuth, as I didn't get this working for now...

But the main problem is... I can ping / access only some devices from my local network (same IP range), from within that network I can ping/access all devices...

Here some details and configs:

Private Network:
Accessible devices: (Router with OpenVPN) / (NAS) / (Switch) / (Home PC)
Inaccessible devices: (Home Server)

My /etc/config/openvpn
[oconf]config openvpn 'myvpn'
option enabled '1'
option proto 'udp4'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/certs/ca.crt'
option cert '/etc/openvpn/certs/server.crt'
option key '/etc/openvpn/certs/server.key'
option dh '/etc/openvpn/certs/dh4096.pem'
option server ''
option cipher 'AES-256-CBC'
option auth 'SHA512'
# option tls_auth '/etc/openvpn/certs/tlsauth.key 0'
option port '1194'
option keepalive '10 120'
# option tls_server '1'
# option tls_version_min '1.2'
list push 'redirect-gateway def1'
list push 'route'
list push 'dhcp-option DNS'
list push 'dhcp-option DNS'
list push 'block-outside-dns'
option dev 'tun0'
# option route_gateway ''[/oconf]

My /etc/config/network (only vpn part)

Code: Select all

config interface 'VPN0'
        option proto 'none'
        option auto '1'
        option ifname 'tun0'
        option delegate '0'
My /etc/config/firewall

Code: Select all

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option dest_port '1194'
        option src '*'
        option proto 'udp'
        config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'VPN0'
        option forward 'REJECT'

config forwarding
        option src 'vpn'
        option dest 'wan'

config forwarding
        option src 'vpn'
        option dest 'lan'
I am also able to ping the Server ( from the OpenWRT Diagnostics Site to see if there is any iptables rule on the server preventing access from (OpenVPN Server). The inaccessible server is a Ubuntu 16.04 server with several services... Over VPN I can ping my desktop pc, where I can ping the server againg... (same network) Am I missing something?

Any idea what I could be missing or doing wrong??

Thanks a lot for your help.