Menu
What's new
By:
Filters Better Search

OpenVPN Issue connecting to LAN Device

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wishmaster1965

Wishmaster1965

Regular Contributor
My Setup

LAN.jpg


I have OpenVPN setup as Both so I can have Diversion being used when I am mobile

So on my phone I can see the windows 10 box but the Sat Linux box no.....

The Sat linux box has a web site, no firewall and can be accessed by the Win10 box but not when on openvpn on my phone.

I have the client config set to 'push "route 192.168.1.0 255.255.255.0"'

iptables Output

Code: 
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:1194
YazFiINPUT  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
logdrop    all  --  anywhere             anywhere             state INVALID
PTCSRVWAN  all  --  anywhere             anywhere
PTCSRVLAN  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state NEW
ACCEPT     all  --  anywhere             anywhere             state NEW
OVPN       all  --  anywhere             anywhere             state NEW
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     ipv6 --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ipttolan   all  --  anywhere             anywhere
iptfromlan  all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
YazFiDNSFILTER_DOT  tcp  --  anywhere             anywhere             tcp dpt:853
YazFiFORWARD  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
other2wan  all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere             state INVALID
SECURITY   all  --  anywhere             anywhere
NSFW       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT
OVPN       all  --  anywhere             anywhere             state NEW
DNSFILTER_DOT  tcp  --  anywhere             anywhere             tcp dpt:853
logdrop    all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ACCESS_RESTRICTION (0 references)
target     prot opt source               destination

Chain DNSFILTER_DOT (1 references)
target     prot opt source               destination
REJECT     all  --  anywhere            !RT-AC88U-EB98.HOME   reject-with icmp-port-unreachable

Chain FUPNP (0 references)
target     prot opt source               destination

Chain INPUT_ICMP (0 references)
target     prot opt source               destination

Chain INPUT_PING (0 references)
target     prot opt source               destination

Chain NSFW (1 references)
target     prot opt source               destination

Chain OVPN (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PControls (0 references)
target     prot opt source               destination
logdrop    all  --  anywhere             anywhere

Chain PTCSRVLAN (1 references)
target     prot opt source               destination

Chain PTCSRVWAN (1 references)
target     prot opt source               destination

Chain SECURITY (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
logdrop    tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/RST
RETURN     icmp --  anywhere             anywhere             icmp echo-request limit: avg 1/sec burst 5
logdrop    icmp --  anywhere             anywhere             icmp echo-request
RETURN     all  --  anywhere             anywhere

Chain YazFiDNSFILTER_DOT (1 references)
target     prot opt source               destination

Chain YazFiFORWARD (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
YazFiREJECT  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
YazFiREJECT  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain YazFiINPUT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             base-address.mcast.net/4
ACCEPT     udp  --  anywhere             anywhere             multiport dports bootps,ntp
ACCEPT     icmp --  anywhere             anywhere
YazFiREJECT  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             base-address.mcast.net/4
ACCEPT     udp  --  anywhere             anywhere             multiport dports bootps,ntp
ACCEPT     icmp --  anywhere             anywhere
YazFiREJECT  all  --  anywhere             anywhere

Chain YazFiREJECT (4 references)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain default_block (0 references)
target     prot opt source               destination

Chain iptfromlan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan

Chain ipttolan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
RETURN     all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (10 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain other2wan (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
logdrop    all  --  anywhere             anywhere


What am I missing for me to see the linux site on my phone on openvpn ?
 
Last edited:
When dumping iptables, please include the full options, as NOT doing so often leaves out useful information.

Code: 
iptables -vnL INPUT
iptables -vnL FORWARD
iptables -vnL OVPN

IIRC, the router automatically push's the local network to the OpenVPN client (not that adding it yourself is going to do any harm). Also, unless Diversion is on a different IP network, using Both is unnecessary. If that was the case, you'd have to be push'ing that other IP network explicitly.

All that said, on the face of it, I see no reason if both the targets are on the same IP network and one is accessible, and the other isn't, and the latter doesn't even have a firewall, that it shouldn't be working. Not unless the Linux box doesn't have a default gateway specified (which seems highly unlikely).

Is the Linux box at least pingable? Maybe the specific application being targeted is sensitive to the source IP (e.g., it will only accept the 192.168.1.0/24 and public networks).
 
P.S. I just noticed you said you have the *client* config set to 'push "route 192.168.1.0 255.255.255.0"'. Only the *server* can push routes (to the client). IOW, the server informs the client about the IP network(s) available over the tunnel.
 
Server config is where I push the settings from.

Might need a bit more testing from my side.
 
You must log in or register to reply here.

Similar threads

v.y.k
iptables pkts & bytes numbers are too low on Merlin 3004.388
Replies
13
Views
677
v.y.k
v.y.k
L
merlin default iptables. why are there strange logdrops for specific pattens and ips?
Replies
3
Views
745
ColinTaylor
C
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
1K
octopus
octopus
M
AdGuardHome IPTables blocking TLS port 853 from other hosts
Replies
3
Views
274
dave14305
dave14305
Similar threads
Thread starter Title Forum Replies Date
J Asus RT-AC68R /w latest Merlin 386.12 firmware - Openvpn client issue Asuswrt-Merlin 2
Wishmaster1965 Solved OpenVPN Server Issue Asuswrt-Merlin 5
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 37
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 740 (members: 27, guests: 713)
Top