Skip to main content
Super User

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • I applied the config forwarding from lan to wan in my /etc/config/firewall. Afterwards iptables -L are showing similiar rules to what you posted for wan. But the local network on 192.168.178.0/24 (local network with OpenWRT Router as a client) is still not reachable from 192.168.1.0/24 (local network behind OpenWRT router). Do you have any idea?
    – jelhan
    Commented Feb 23, 2014 at 13:51
  • I updated the questition with output of iptables -L --verbose. It is in state without applying your suggestion. Hope that helps.
    – jelhan
    Commented Feb 23, 2014 at 14:08
  • @jelhan: As MariusMatutiae's answer reminded me, I missed the part where the machines on 192.168.178.0/24 need to reply via the OpenWrt router. I've expanded my answer with a few recommendations.
    – Marcks Thomas
    Commented Feb 23, 2014 at 15:50
  • Working now fine also with option masq 1 so I could configure all in UCI. Thank you very much. One last question, just for interest: On which rule does the vpn router now decide which package should be passed through VPN?
    – jelhan
    Commented Feb 24, 2014 at 10:00
  • @jelhan: With some trickery, OpenVPN creates a default route via 'anon-43-130.vpn.ipredator.se' on tun1337. All destinations not matching a specific route are forwarded over VPN. '46.246.43.130 on br-wan' is one such route (you use the regular internet connection to contact the VPN server itself), as is 192.168.178.0/24. You can add more if you don't want to use VPN for specific IPs.
    – Marcks Thomas
    Commented Feb 24, 2014 at 12:27