Objective
Routing packet between LAN zones of both side.
Topology
Server Side
- Domain name lookup with DDNS
Client Side
- DHCP via Wi-Fi Hot-Spot with LTE cell-phone
- There is no public IP for Wi-Fi Spot ( the LTE back-end is a NAT network)
Installed Packages
Server Side
- collectd-mod-openvpn - 5.8.1-1
- luci-app-openvpn - git-19.167.54309-1d599a7-1
- openvpn-easy-rsa - 3.0.4-1
- openvpn-mbedtls - 2.4.5-4.2
openvpn-openssl - 2.4.5-4.2
Client Side
- collectd-mod-openvpn - 5.8.1-1
- luci-app-openvpn - git-19.156.63894-115c4e3-1
- luci-i18n-openvpn-en - git-19.167.54309-1d599a7-1
- openvpn-easy-rsa - 3.0.4-1
- openvpn-mbedtls - 2.4.5-4.2
Configuration
Firewall - accept forward
Server Side
- TLS key direction pair
- Use CCD file for configuring OpenVPN's internal routing table
Server Side CCD (clinet config dir)
Client Side
Troubleshooting
- cat /tmp/openvpn.log
- logread
- MULTI: bad source address from client [192.168.43.199], packet dropped
- Refer to
- These errors occur because OpenVPN doesn't have an internal route for 192.168.43.199
- Use client-config-dir and create a ccd file for your client containing
the iroute option to tell OpenVPN that the 192.168.100.0/24 network is
available behind this client.
- How to know the client's name
Reference
- https://openwrt.org/docs/guide-user/network/routing_in_openvpn
- https://forum.openwrt.org/t/access-to-an-openvpn-client-on-my-lan/40687/3
- https://blog.cavebeat.org/2018/03/openvpn-routed-client-config-for-openwrt/