How to connect OpenWRT router (TP-LINK TL-WR842N v5) to OpenVPN (pfSense)?

E

Egor2021-12-16 16:01:27

openvpn

Egor, 2021-12-16 16:01:27

There is a pfSense server with a public IP.
It has a WAN interface (em0) 89.219.*.* and a LAN interface (em1) 10.10.1.254 configured.
OpenVPN was configured (a CA and a couple of certificates were previously created) with the following settings (what is missing is the default):

Server mode: Remote Access (SSL/TLS)
Protocol: UDP
Device mode: tun
Interface: WAN
Local port: 1194
IPv4 Tunnel Network: 10.10.2.0/24
Redirect IPv4 Gateway: false
IPv4 Local network(s): 192.168.99.0/24
Inter-client communication: true
Dynamic IP: true
Topology: Subnet

It turns out the following server1.conf file in the /etc/openvpn directory:

Exported configs for clients (example for one):

dev tun
persist-tun
persist-key
ncp-disable
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 89.219.*.* 1194 udp4
lport 0
verify-x509-name "openvpn-server" name
remote-cert-tls server
compress lzo

<ca>
***
</ca>
<cert>
***
</<cert>
<key>
***
</key>
key-direction 1
<tls-auth>
***
</tls-auth>

Started setting up the router.
I took the firmware from openwrt for v5.
Then I updated it to this one (assembly with openVPN):
Firmware from w3bsit3-dns.com

Created a rule:

I set everything to openWRT (connection, interfaces, added a firewall rule so that there was access from the vpn zone to lan and back).
Next, the scenario is as follows:
I connect the device to the local network of the router (192.168.99.0/24) and connect from another side to openVPN (via the GUI on Windows). Through the created tunnel, I now need access not only to the router, but also to this LAN.

traceroute to openwrt.org (139.59.209.225), 30 hops max, 38 byte packets
 1  10.10.2.1  3.125 ms
 2  89.219.*.*  8.114 ms
 3  195.93.153.17  4.460 ms
 4  37.208.42.201  4.321 ms
 5  178.210.33.91  4.508 ms
 6  178.210.33.90  57.400 ms
 7  5.187.73.31  93.662 ms
 8  80.81.195.151  103.901 ms
 9  138.197.250.134  102.582 ms
10  *
11  *
12  139.59.209.225  104.398 ms

In pfSense, both the computer and the router are visible. There are available via virtual ip addresses (even on the web interface of the router), but how to further ping devices in the router's local network has no idea. Those. ping to 192.168.99.* does not work from Windows. What am I doing wrong and what should I check?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Drno, 2021-12-16
@Drno

In Mikrotik, this is configured in the ip>routes menu, that is, the
LAN must know through which gateway it needs to go ...
Something like 192.168.99.0/24 >> gateway such and such ....
Well, on PFSense too. for the return packet to arrive

M

Muhammad, 2015-07-16
@muhammad_97

As it turned out, I was right. Service providers did not load. Fixed bootFramework method. It was:

public function bootFramework()
{
  ...
  require_once $autoloadFile;

  $app = require_once $startFile;
  ...
}

It became:

public function bootFramework()
{
  ...
  require_once $autoloadFile;

  $app = require_once $startFile;

  $app->boot(); // загружаем сервис-провайдеры
  ...
}

P

Pavel Gogolinsky, 2015-07-15
@gogolinsky

Where is the $resolver variable set?