Hi, how to setup firewall to access LAN from VPN? I have set by the picture and i have no access.
Hello, I am having the same issue. I am able to connect to my Turris OpenVPN server using an Android OpenVPN client app, but Iâm not able to access LAN devices while connected.
Trying to ping and SSH into the router IP address with no success.
Packet forwarding between âlanâ and âvpn_turrisâ is necessary but not enough. Routing must be also configured. There are two ways:
By LuCI
- Install the luci-app-openvpn package.
- Go to Services -> OpenVPN.
- Switch to the Advanced mode.
- Select the âVPNâ configuration category.
- Add as many âpushâ rules as you need. Select âcustomâ here and write something like âroute 192.168.1.0 255.255.255.0â to route all traffic to your LAN over the OpenVPN interface.
Manually
Edit /etc/config/openvpn and append âlist âpush route 192.168.1.0 255.255.255.0ââ or similar commands at the end of the âconfig openvpn âserver_turrisââ configuration section.
1 Like
Hello,
The âpushâ rules are automatically added to the âserver_turrisâ configuration by the Foris OpenVPN plugin, right? âlist push route 192.168.1.0 255.255.255.0â
Regards
Yes, one rule for exactly 192.168.1.0 should be added automatically if you set up OpenVPN in Foris. If it is missing for some reason or if the LAN has another address range it has to be added manually.
Ok. If I understand correctly, the Omnia firewall and OpenVPN configurations should be set properly after using the Foris plugin to setup the OpenVPN server. After doing this, if a client successfully connects to the server, yet is unable to ping the LAN address, what could possibly cause this?
Could you provide your /etc/config/openvpn please? Itâs strange if it doesnât workâŚ
I had to add the option âclient-to-clientâ in order to allow access to LAN devices.
Iâm currently away from my network. I can upload the configuration later today.
The option âclient-to-clientâ is intended to interconnect clients (without participation of the kernel) and shouldnât be necessary for access to the LAN.
Hey, Iâm sorry for wasting your time with this issue.
I performed a factory reset on my omnia this afternoon. Now, the OpenVPN plugin works as it should. No need to include âclient-to-clientâ to the config file.
Thanks for your responses.
1 Like
Weird I also had to set client-t-client to access lan devices.
I had forwarding set correctly vpn->lan,wan & lan->wan,vpn but it didnt work with that.
I tried stopping network and turris_server. Also tried prging the config and even uninstalling openvpn in foris & deleting CA. Still have to have client-to-client to access lan devices. Factory reset is no go for me.
FYI
Not only did I perform a factory reset, but I also upgraded my new mSATA memory.