You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clients are able to connect and ping the tun0 IP, however cannot connect to anything on the lan. The problem appears to be the firewall script is unable to resolve tun0 interface, so skips rules that requiring that interface.
To work around the problem, I have to manually insert the following iptables rules:
iptables -t nat -A POSTROUTING -o tun0 -j zone_vpn_postrouting
iptables -t nat -A PREROUTING -i tun0 -j zone_vpn_prerouting
iptables -A INPUT -i tun0 -j zone_vpn_input
iptables -A OUTPUT -o tun0 -j zone_vpn_output
iptables -I FORWARD 9 -i tun0 -j zone_vpn_forward
Once those rules have been inserted, everthing works perfectly!
This issue may relate to [[https://bugs.lede-project.org/index.php?do=details&task_id=1024|External LinkFS#1024]]
Further details
This is the 'vpn0' entry in /etc/config/networks:
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
The text was updated successfully, but these errors were encountered:
I believe I'm also seeing this issue, though I haven't verified the firewall rules/behavior. I also see the behavior that clients cannot ping LAN addresses.
On my system, OpenVPN worked after initial install, but not after reboot. I discovered that restarting OpenVPN with /etc/init.d/openvpn restart made it work again. That suggests initscript ordering problems, but is not conclusive.
My current workaround is to add this to rc.local: sleep 60
/etc/init.d/openvpn restart
I looked at my issue more closely and it appears to be different from the original report: different OpenWRT version, no error seen from /etc/init.d/firewall restart no change in iptables -L output between broken and restarted/working OpenVPN. I'll open a new issue on the GitHub packages project.
porjo:
I have setup Openvpn using TUN server method, as per https://wiki.openwrt.org/doc/howto/vpn.openvpn
Clients are able to connect and ping the tun0 IP, however cannot connect to anything on the lan. The problem appears to be the firewall script is unable to resolve tun0 interface, so skips rules that requiring that interface.
root@LEDE:/etc/config# /etc/init.d/firewall restart
Warning: Section 'vpn' cannot resolve device of network 'vpn0'
To work around the problem, I have to manually insert the following iptables rules:
iptables -t nat -A POSTROUTING -o tun0 -j zone_vpn_postrouting
iptables -t nat -A PREROUTING -i tun0 -j zone_vpn_prerouting
iptables -A INPUT -i tun0 -j zone_vpn_input
iptables -A OUTPUT -o tun0 -j zone_vpn_output
iptables -I FORWARD 9 -i tun0 -j zone_vpn_forward
Once those rules have been inserted, everthing works perfectly!
This issue may relate to [[https://bugs.lede-project.org/index.php?do=details&task_id=1024|External LinkFS#1024]]
Further details
This is the 'vpn0' entry in /etc/config/networks:
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
The text was updated successfully, but these errors were encountered: