I'm new to the EdgeRouter and am still learning quite a bit. I recently setup OpenVPN successfully and am able to connect and get an IP. However, I'm not able to ping my local LAN or from LAN to VPN IP. I followed a couple of guides and have my push route set to my LAN subnet of 192.168.41.0/24. The VPN subnet is 192.168.42.0/24. I also set the name-server to 192.168.41.1 (router IP). Currently I don't have the replace-default-route set as it is not giving me internet access due to above issue. My guess is this is firewall related, but the guides don't have any additional firewall related settings besides allowing port 1194 on WAN_Local. I've attempted several other settings, but have not been successful as of yet. I'm sure it is something simple I just have missed. Any help would be appreciated.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description OpenVPN
destination {
port 1194
}
log disable
protocol udp
}
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
description OpenVPN
local-port 1194
mode server
server {
name-server 192.168.41.1
push-route 192.168.41.0/24
subnet 192.168.42.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/host.pem
dh-file /config/auth/dhp.pem
key-file /config/auth/host.key
}
}
switch switch0 {
address 192.168.41.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
lan-interface eth1
rule 1 {
description Plex
forward-to {
address 192.168.41.27
}
original-port 32400
protocol tcp_udp
}
wan-interface eth0
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.41.0/24 {
default-router 192.168.41.1
dns-server 192.168.41.1
dns-server 4.2.2.3
lease 86400
start 192.168.41.20 {
stop 192.168.41.79
}
static-mapping FS01 {
ip-address 192.168.41.28
mac-address 00:50:56:82:55:1d
}
static-mapping Plex01 {
ip-address 192.168.41.27
mac-address 00:50:56:82:24:e3
}
static-mapping vCenter01 {
ip-address 192.168.41.25
mac-address 00:0c:29:74:0b:c2
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
listen-on vtun0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name edgerouter
login {
user ***** {
authentication {
encrypted-password $6$gpHBl7mPas9CSv7$fUHH821JB/1DSJORJ5tVU5s21EoB8v72K6t73TkNwvWBnIIYVvo1c1lmbxAILXxUWY8BES0bllITeOTRA91Rc0
plaintext-password ""
}
full-name *****
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
traffic-analysis {
dpi enable
export enable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */