Openvpn set up from scratch - No access

openvpn

#1

Hi

I had Openvpn working with iPhone + iPad clients.
Had to send back my router to Turris for maintenance (faulty 5Ghz Wifi). Got it back today. Restored but no luck with Openvpn clients… So I deleted all Openvpn config and started from scratch with the UI.

config openvpn ‘server_turris’
option enabled ‘1’
option port ‘1194’
option proto ‘udp’
option dev ‘tun_turris’
option ca ‘/etc/ssl/ca/openvpn/ca.crt’
option crl_verify ‘/etc/ssl/ca/openvpn/ca.crl’
option cert ‘/etc/ssl/ca/openvpn/01.crt’
option key ‘/etc/ssl/ca/openvpn/01.key’
option dh ‘/etc/dhparam/dh-default.pem’
option server ‘10.69.69.0 255.255.255.0’
option ifconfig_pool_persist ‘/tmp/ipp.txt’
option duplicate_cn ‘0’
option keepalive ‘10 120’
option compress ‘lzo’
option persist_key ‘1’
option persist_tun ‘1’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
option mute ‘20’
list push ‘route 192.168.69.0 255.255.255.0’
list push ‘redirect-gateway def1’
list push ‘dhcp-option DNS 8.8.8.8’
list push ‘dhcp-option DNS 8.8.4.4’

Note: The configuration with the UI had a 'list push ‘dhcp-option DNS 10.69.69.1’ which was not working.

Firewall rules (No change to them - created automatically from the UI)
config zone ‘vpn_turris’
option enabled ‘1’
option name ‘vpn_turris’
option input ‘ACCEPT’
option forward ‘REJECT’
option output ‘ACCEPT’
option masq ‘1’
list network ‘vpn_turris’

config rule ‘vpn_turris_rule’
option enabled ‘1’
option name ‘vpn_turris_rule’
option target ‘ACCEPT’
option proto ‘udp’
option src ‘wan’
option dest_port ‘1194’

config forwarding ‘vpn_turris_forward_lan_in’
option enabled ‘1’
option src ‘vpn_turris’
option dest ‘lan’

config forwarding ‘vpn_turris_forward_lan_out’
option enabled ‘1’
option src ‘lan’
option dest ‘vpn_turris’

config forwarding ‘vpn_turris_forward_wan_out’
option enabled ‘1’
option src ‘vpn_turris’
option dest ‘wan’

Created a config for my iPhone and uploaded to Openvpn on the phone.
Switched off Wifi on the phone to be on 4G.
iPhone client connects fine.
However I can’t ping any internal address 192.168.69.0/24 not even the gw 192.168.69.1 and can’t browse any www sites.
Chose the option to route all traffic via tun for the client.

Openvpn version on Turris
OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08
Originally developed by James Yonan
Copyright © 2002-2018 OpenVPN Inc sales@openvpn.net

Checked a number of posts in the forum. Can’t see what might be wrong…
Been 3h on this and none the wiser…

Anyone can spot something obviously wrong?