[FS#1278] Firewall fails to load properly for Openvpn
LEDE Bugs
lede-bugs at lists.infradead.org
Mon Jan 15 22:45:24 PST 2018
A new Flyspray task has been opened. Details are below.
User who did this - Ian Bishop (porjo)
Attached to Project - OpenWrt/LEDE Project
Summary - Firewall fails to load properly for Openvpn
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - - x86_64 device
- LEDE 17.01.1
- Openvpn 2.4.4-2
I have setup Openvpn using TUN server method, as per https://wiki.openwrt.org/doc/howto/vpn.openvpn
Clients are able to connect and ping the tun0 IP, however cannot connect to anything on the lan. The problem appears to be the firewall script is unable to resolve tun0 interface, so skips rules that requiring that interface.
root at LEDE:/etc/config# /etc/init.d/firewall restart
Warning: Section 'vpn' cannot resolve device of network 'vpn0'
To work around the problem, I have to manually insert the following iptables rules:
iptables -t nat -A POSTROUTING -o tun0 -j zone_vpn_postrouting
iptables -t nat -A PREROUTING -i tun0 -j zone_vpn_prerouting
iptables -A INPUT -i tun0 -j zone_vpn_input
iptables -A OUTPUT -o tun0 -j zone_vpn_output
iptables -I FORWARD 9 -i tun0 -j zone_vpn_forward
Once those rules have been inserted, everthing works perfectly!
This issue may relate to [[https://bugs.lede-project.org/index.php?do=details&task_id=1024|External LinkFS#1024]]
----
**Further details**
This is the 'vpn0' entry in /etc/config/networks:
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
option auto '1'
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1278
More information about the lede-bugs
mailing list