[SOLVED] OpenVPN access local network devices

Hi guys,
i have issue with accessing devices in local network, when i’am connected to my Omnia over OpenVPN.
I am able to connect to my Omnia through WAN on standard port 1194 and i can see connected computer in OpenVPN log.
The problem is, when i try login through SSH or ping to computer, which is in local network (connected wireless on radio0). And second issue, cannot acces internet connection (which in some point worked, but after some changes stopped). My guess is wrong DHCP.
I already spent on this many hours, tried many configurations with starting from scratch, read all threads on this forum, but cann’t get it working.
I followed these steps, to setup OpenVPN: https://wiki.openwrt.org/doc/howto/vpn.openvpn
Local IP of Omnia is 8.8.1.1 and local computers gets 8.8.1.10/60

cat /etc/config/openvpn

config openvpn 'myvpn'
option enabled '1'
option verb '3'
option port '1194'
option proto 'udp'
option log-append '/tmp/openvpn-append.log'
option status '/tmp/openvpn-status.log'
option dev 'tun'
option server '10.8.0.0 255.255.255.0'
option keepalive '10 120'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/turris-doma.crt'
option key '/etc/openvpn/turris-doma.key'
option dh '/etc/openvpn/dh2048.pem'
list push 'dhcp-option DNS 8.8.8.8'
list push 'route 8.8.1.0 255.255.255.0'
list push 'redirect-gateway def1'

cat /etc/config/network

config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'

cat /etc/config/firewall

config rule 'Allow_OpenVPN_Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'

config zone 'vpn'
option name 'vpn'
option network 'vpn0'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'

config forwarding 'vpn_forwarding_lan_in'
option src 'vpn'
option dest 'lan'

config forwarding 'vpn_forwarding_lan_out'
option src 'lan'
option dest 'vpn'

config forwarding 'vpn_forwarding_wan'
option src 'vpn'
option dest 'wan'
1 Like

option forward ‘REJECT’

Must be ACCEPT.

See this tutorial with Google Translate:
http://www.s474n.com/project-turris-zprovozneni-openvpn-serveru/

Below is are the entries I have in the network & firewall configuration files:

/etc/config/network

config interface 'openvpn'
	option ifname 'tun0'
	option proto 'none'

/etc/config/firewall

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '1194'
	option name 'OpenVPN'

config zone
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option name 'vpn_ovpn'
	option network 'openvpn'

config forwarding
	option dest 'lan'
	option src 'vpn_ovpn'

config forwarding
	option dest 'wan'
	option src 'vpn_ovpn'

config forwarding
	option dest 'vpn_ovpn'
	option src 'lan'

option client_to_client '1'
and option topology 'subnet'
might be right config option you are looking for :slight_smile :slight_smile:

Check the configs from my configuration (and i can access any lan service/machine without any problems )
Kterak jsem si rozchodil (aspon doufam) openVPN (it is in czech, but configs might help, also that streamlined guide linked there was for me ‘save-the-day’ , especially firewall rules section ) …

Your fw rules seems to be defined okey (including the zone forwarding). To have some stats in luci for correspond vpn zone , https://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup#tab__logging (without that it looks like no traffic at all)

Thanks for all your answers. I tried all settings from you, but nothing worked for me. I have noticed, that in OpenVPN log is message, which says:

IP packet with unknown IP version=0 seen

after some Google research, i found this file: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/errlevel.h#L58
and setup:

option verb ‘1’

which should be "file link errors from main event loop"
After that only this error shows up every second, after connecting to Omnia / maybe that’s the issue?! I was not able to find any information about this error. Any clue?

PS (for Czech guys): překladač nepotřebuju :slight_smile:

Ok, i feel so stupid now. I was looking for the issue in Omnia, but the issue was at the client, with some manual settings for connection. After setup connection to default settings, everything works.
Thanks :wink:

1 Like

I’m having the same problem (IP packet with unknown IP version=0 seen). Can you please tell me how you solved it? Which manual settings did cause this? Thanks

I don’t exactly remember which setting cause the problem. I just set all to default in Network manager -> Advanced Options like this: