Setup NAT Loopback openvpn Turris Luci

After searching the whole internet for a fix on NAT Loopback openvpn:
So i could make a VPN connection from my home LAN to Turris and from the WAN to Turris i finally figured it out.

First you create the default configs using the Turris webadmin openVPN.
You should be able to create a VPN connection using WAN (If you can not please search this forum).

If you can connect using WAN and can not create a VPN connection from LAN go to Luci.
Go to Traffic Rules:
In luci go to network > firewall > rules
http://192.168.1.1/cgi-bin/luci/admin/network/firewall/rules
Make sure you have a rule called ‘vpn_turris_rule’ and it is set
Source zone: Any Zone
Destination zone: Device
(the rest you can keep default)

Now go to:
http://192.168.1.1/cgi-bin/luci/admin/network/firewall/forwards
In luci go to network > firewall > port forwards

Now create a new rule
Name: VPN_Loopback
Protocol: UDP
External zone: WAN
External port: 1194
Internal zone: LAN
Internal ip: (Ip of your router (192.168.1.1))
Internal port: 1194

Click on add, > save and apply and then EDIT THE RULE!
Source IP address: give it your LAN subnet!! So click custom and type manualy:
192.168.1.0/24
Make sure Enable NAT Loopback is turned ON!

Enjoy your NAT Loopback…
And yes this will also work on other services hosted on your Turris :wink:

Succes!

1 Like

Thanks, I will try this.

Unfortunately it’s not working for me. The difference in my setup ist that I’m using my VPN Server on a Synology NAS (connected with IP 192.168.1.107 to Turris Omnia) and my port is UDP 443. I used your description with port 443, the rest unchanged. Is there something else I have to change?

I also tried doing these changes:
http://192.168.1.1/cgi-bin/luci/admin/network/firewall/forwards
In luci go to network > firewall > port forwards

Name: VPN_Loopback
Protocol: UDP
External zone: WAN
External port: 443
Internal zone: LAN
Internal ip: 192.168.1.107
Internal port: 443

still not working… any ideas?

I finally found time to test this and it was not working either.

It seems all that was needed was to create a forward rule from VPN/443 => LAN/myIP/443 like I did for WAN traffic. I don’t know why I did not think of this before.

Do not forget to restrict the rule to dst ip == your public IP. Else all the HTTPS traffic when you are connected to the VPN will be redirected to your server.