VPN ok - cannot access SOME local devices? *frustrating* *weird*

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
cotwild
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 12, 2019 8:16 am

VPN ok - cannot access SOME local devices? *frustrating* *weird*

Post by cotwild » Sat Jul 13, 2019 10:00 am

Dear community
After try&error for almost 2 days I hope to find a solution with your help here.

I got a working VPN Server on a OpenWrt [18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)], connecting with OpenVPN for Android. I did disalbe TLSAuth, as I didn't get this working for now...

But the main problem is... I can ping / access only some devices from my local network (same IP range), from within that network I can ping/access all devices...

Here some details and configs:

Networks:
VPN: 192.168.10.0
Private Network: 192.168.5.0
Accessible devices: 192.168.5.1 (Router with OpenVPN) / 192.168.5.11 (NAS) / 192.168.5.4 (Switch) / 192.168.5.162 (Home PC)
Inaccessible devices: 192.168.5.16 (Home Server)

My /etc/config/openvpn
[oconf]config openvpn 'myvpn'
option enabled '1'
option proto 'udp4'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/certs/ca.crt'
option cert '/etc/openvpn/certs/server.crt'
option key '/etc/openvpn/certs/server.key'
option dh '/etc/openvpn/certs/dh4096.pem'
option server '192.168.10.0 255.255.255.0'
option cipher 'AES-256-CBC'
option auth 'SHA512'
# option tls_auth '/etc/openvpn/certs/tlsauth.key 0'
# option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-12
option port '1194'
option keepalive '10 120'
# option tls_server '1'
# option tls_version_min '1.2'
list push 'redirect-gateway def1'
list push 'route 192.168.5.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.5.16'
list push 'dhcp-option DNS 8.8.8.8'
list push 'block-outside-dns'
option dev 'tun0'
# option route_gateway '192.168.5.1'[/oconf]

My /etc/config/network (only vpn part)

Code: Select all

config interface 'VPN0'
        option proto 'none'
        option auto '1'
        option ifname 'tun0'
        option delegate '0'
My /etc/config/firewall

Code: Select all

config rule
        option name 'Allow-OpenVPN-Inbound'
        option target 'ACCEPT'
        option dest_port '1194'
        option src '*'
        option proto 'udp'
        
        config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'VPN0'
        option forward 'REJECT'

config forwarding
        option src 'vpn'
        option dest 'wan'

config forwarding
        option src 'vpn'
        option dest 'lan'
I am also able to ping the Server (192.168.5.16) from the OpenWRT Diagnostics Site to see if there is any iptables rule on the server preventing access from 192.168.5.1 (OpenVPN Server). The inaccessible server is a Ubuntu 16.04 server with several services... Over VPN I can ping my desktop pc, where I can ping the server againg... (same network) Am I missing something?

Any idea what I could be missing or doing wrong??

Thanks a lot for your help.
Dave

Post Reply