This article provides instructions on overcoming routing issues when running OpenVPN server and OpenVPN client on the router at the same time.
The OpenVPN server running on your router can provide a secure connection to your home network while you're away. If you need to access the router itself or any of your home network devices from afar, the OpenVPN server is a great solution. More information on setting up an OpenVPN server is available in the following article: OpenVPN Server Setup.
You may want to run an OpenVPN client on your router to encrypt your connection to the internet and prevent your Internet Service Provider (ISP) from snooping on your traffic and DNS requests (which in some countries is now legal for ISPs to monetize) as well as meddling with DNS requests or HTTP traffic. In order to use an OpenVPN client on your router, you would need to obtain credentials to a corresponding OpenVPN server. Your connection to the OpenVPN server is encrypted, preventing your ISP from snooping/meddling on your traffic. A wide variety of commercial OpenVPN providers exist. Once you install/run an OpenVPN client on your router, it's best to route all your traffic via an OpenVPN tunnel.
If you use the OpenVPN client on your router which sends all traffic by default over OpenVPN tunnel, you might have a problem setting up the OpenVPN server on the same router (because the OpenVPN server will receive the traffic on WAN gateway, but will send it out via OpenVPN tunnel which your remote device wouldn't expect). This article helps you overcome this issue.
luci-app-vpn-policy-routing). Enable the
vpn-policy-serviceservice from Web UI or
uci set openvpn.vpnserver.proto='tcp' uci commit openvpn if [ -s /etc/config/vpn-policy-routing ]; then uci set vpn-policy-routing.config.output_chain_enabled='1' uci add_list vpn-policy-routing.config.ignored_interface='vpnserver' uci add vpn-policy-routing policy uci set vpn-policy-routing.@policy[-1]=policy uci set vpn-policy-routing.@policy[-1].comment='OpenVPN Server' uci set vpn-policy-routing.@policy[-1].interface='wan' uci set vpn-policy-routing.@policy[-1].local_ports='1194' uci commit vpn-policy-routing fi
vpnclientwith the firewall zone for your VPN Client, refer to the tail of
uci add firewall forwarding uci set firewall.@forwarding[-1].src='vpnserver' uci set firewall.@forwarding[-1].dest='vpnclient' uci commit firewall
/etc/init.d/openvpn restart /etc/init.d/vpn-policy-routing reload