Hello,
I am experiencing some issues setting up an openvpn client with openwrt (CHAOS CALMER 15.05.1, r48532).
I want to connect the router to a pfsense openvpn on which other clients are connected. And then route the clients behind the router - the LAN - through the vpn.
The problem is that I cannot ping the VPN server from the router.
The router gets 10.16.10.6 and the server has 10.16.10.1.
The other clients (mostly debian servers) can access to each others but not the router.
I have followed this guide : wiki.openwrt.org/doc/howto/vpn.openvpn
ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.16.10.6 P-t-P:10.16.10.6 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:84 (84.0 B)The openvpn config :
client
persist-key
persist-tun
tls-client
auth SHA1
ca /lib/uci/upload/cbid.openvpn.myvpn.ca
cert /lib/uci/upload/cbid.openvpn.myvpn.cert
cipher AES-128-CBC
comp-lzo yes
dev tun
key /lib/uci/upload/cbid.openvpn.myvpn.key
port 1194
proto udp
remote serverIP
remote-cert-tls server
tls-auth /etc/openvpn/tls.key 1
verb 3and the firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option forward 'REJECT'
option output 'ACCEPT'
option name 'wan2'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan2'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan2'
option src 'lan'
config zone 'vpn'
option name 'vpn'
option network 'vpn0'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding 'vpn_forwarding_lan_in'
option src 'vpn'
option dest 'lan'
config forwarding 'vpn_forwarding_lan_out'
option src 'lan'
option dest 'vpn'Does anyone have any clue ?
Thanks
(Last edited by carre.fabien on 30 Jun 2017, 14:16)