Firewall fails to load properly for Openvpn
Username: Ian B
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=1278
-
x86_64 device
-
LEDE 17.01.1
-
Openvpn 2.4.4-2
I have setup Openvpn using TUN server method, as per
https://wiki.openwrt.org/doc/howto/vpn.openvpn
Clients are able to connect and ping the tun0 IP, however cannot connect to anything on the lan. The problem appears to be the firewall script is unable to resolve tun0 interface, so skips rules that requiring that interface.
root@LEDE:/etc/config# /etc/init.d/firewall restart Warning: Section 'vpn' cannot resolve device of network 'vpn0'
To work around the problem, I have to manually insert the following iptables rules:
iptables -t nat -A POSTROUTING -o tun0 -j zone_vpn_postrouting iptables -t nat -A PREROUTING -i tun0 -j zone_vpn_prerouting iptables -A INPUT -i tun0 -j zone_vpn_input iptables -A OUTPUT -o tun0 -j zone_vpn_output iptables -I FORWARD 9 -i tun0 -j zone_vpn_forward
Once those rules have been inserted, everthing works perfectly!
This issue may relate to
External LinkFS#1024
Further details
This is the ‘vpn0’ entry in /etc/config/networks:
config interface 'vpn0' option ifname 'tun0' option proto 'none' option auto '1'