That’s different guy, who has interface named OpenVPN
For the completness, my firewall config:
to allow incoming openvpn traffic from wan:
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '1194'
option name 'OpenVPN'
to create vpn_ovpn zone and allow forwarding to/from lan:
config zone
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option name 'vpn_ovpn'
option network 'openvpn'
config forwarding
option dest 'lan'
option src 'vpn_ovpn'
config forwarding
option dest 'vpn_ovpn'
option src 'lan'
Again, it was created through luci. The only thing I didn’t create through luci was openvpn config, because the options for creating the profile were something completely different than I had in my old config - so I just copied the old config over.
Everything was working, the traffic was passing through, except for DNS responses. Because there was no firewall rule that would block 53/tcp or 53/udp and the dnsmasq was listening on 0.0.0.0:53, there had to be something else.
It turned out that dnsmasq didn’t know about the tun0 interface. As I mentioned in the previous post, the hotplug scripts calls /etc/init.d/dnsmasq start
. I tried to run it by hand, but it finished immediately and not much happened. Only running /etc/init.d/dnsmasq restart
had an effect.