After try&error for almost 2 days I hope to find a solution with your help here.
I got a working VPN Server on a OpenWrt [18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)], connecting with OpenVPN for Android. I did disalbe TLSAuth, as I didn't get this working for now...
But the main problem is... I can ping / access only some devices from my local network (same IP range), from within that network I can ping/access all devices...
Here some details and configs:
Networks:
VPN: 192.168.10.0
Private Network: 192.168.5.0
Accessible devices: 192.168.5.1 (Router with OpenVPN) / 192.168.5.11 (NAS) / 192.168.5.4 (Switch) / 192.168.5.162 (Home PC)
Inaccessible devices: 192.168.5.16 (Home Server)
My /etc/config/openvpn
Code: Select all
config openvpn 'myvpn'
option enabled '1'
option proto 'udp4'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/certs/ca.crt'
option cert '/etc/openvpn/certs/server.crt'
option key '/etc/openvpn/certs/server.key'
option dh '/etc/openvpn/certs/dh4096.pem'
option server '192.168.10.0 255.255.255.0'
option cipher 'AES-256-CBC'
option auth 'SHA512'
# option tls_auth '/etc/openvpn/certs/tlsauth.key 0'
# option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-12
option port '1194'
option keepalive '10 120'
# option tls_server '1'
# option tls_version_min '1.2'
list push 'redirect-gateway def1'
list push 'route 192.168.5.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.5.16'
list push 'dhcp-option DNS 8.8.8.8'
list push 'block-outside-dns'
option dev 'tun0'
# option route_gateway '192.168.5.1'
Code: Select all
config interface 'VPN0'
option proto 'none'
option auto '1'
option ifname 'tun0'
option delegate '0'
Code: Select all
config rule
option name 'Allow-OpenVPN-Inbound'
option target 'ACCEPT'
option dest_port '1194'
option src '*'
option proto 'udp'
config zone
option name 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'VPN0'
option forward 'REJECT'
config forwarding
option src 'vpn'
option dest 'wan'
config forwarding
option src 'vpn'
option dest 'lan'
Any idea what I could be missing or doing wrong??
Thanks a lot for your help.
Dave