LAN access through OpenWRT OpenVPN server

UCI way.
Router address is (default gateway for every PC in the network). The task is providing access for VPN client to the LAN.

Now, copy next files from openwrt router to the client (e.g. using WinSCP):
Next part are copy of chapter:
Create the VPN interface (named vpn0):

Allow incoming client connections by opening the server port (default 1194) in our firewall:

Create firewall zone (named vpn) for the new vpn0 network. By default, it will allow both incoming and outgoing connections being created within the VPN tunnel. Edit the defaults as required. This does not (yet) allow clients to access the LAN or WAN networks, but allows clients to communicate with services on the router and may allow connections between VPN clients if your OpenVPN server configuration allows:

(Optional) If you plan to allow clients to connect to computers within your LAN, you’ll need to allow traffic to be forwarded between the vpn firewall zone and the lan firewall zone:

And you’ll probably want to allow your LAN computers to be able to initiate connections with the clients, too.

(Optional) Similarly, if you plan to allow clients to connect the internet (WAN) through the tunnel, you must allow traffic to be forwarded between the vpn firewall zone and the wan firewall zone:

Commit the changes:

Now that you have finished your basic configuration, start up OpenVPN:

So, your /etc/config/firewall shoud look like this (you can replace it with):

The client config:

Finally, I have added permanent route to the router’s subnet:

Please note, in case of every new vpn-client (I have single one) the server will provide a new gateway. Second client gets instead of, third client will get and so on (the mask is /30). In this way it’s strongly recommended to push the route from server as shown in the last line of server config (/etc/config/openvpn):

This behaviour can be reached using uci:


Здравствуйте!, не генерирует ключи для клиента на сервере, все время пишет: ...Please edit the vars script to reflect your configuration, then source it with "source ./vars". Как сгенерировать? чтобы не удалило существующие сертификаты и ключи?
Пишет же "source ./vars". Перейдите в /etc/openvpn/easy-rsa2.0 и выполните команду "source ./vars", затем снова ./build-key cliXXX
Чтобы установить OpenVPN-сервер/клиент на Zyxel Keenetic Omni (Черный) по инструкции распакуйте на флешку файл и в поле "Сценарий initrc" укажите /opt/etc/init.d/doinstall

Җавап калдыру

All fields are required. Your email address will not be published.