Changes To Turtle UCI Config For OpenVPN-AS

September 2, 2016
September 2, 2016
lan turtle openvpn uci openwrt

As noted here the default plug-n-play configuration for OpenVPN Access Server doesn’t work.

The problem is with the network config for uci. There are no default firewall rules for handling vpn traffic. Without them the turtle won’t pass traffic from the vpn interface to the br-lan interface.

You can correct this by adding the following to /etc/config/firewall on the turtle. Put it in around line 26, before the lines that start with config rule:

config zone
    option  name            'vpn'
    list    network         'vpn'
    option  input           ACCEPT
    option  output          ACCEPT
    option  forward         REJECT

config forwarding
    option  src             vpn
    option  dest            wan

After doing so, run the following:

/etc/init.d/network restart

This will bounce the interfaces and reset the firewall rules. With these instructions in place, you’ll be able to reach the network on the far side of the turtle.

NOTE (2016/09/06): An earlier version of this article (and a corresponding forum post) mistakenly configured the lan interface instead of the wan interface. On the LAN Turtle the RJ45 port is wan.