[minchinghowrt]

I'm testing openvpn on my MX4300 running v3.0-r58627 std (11/02/24) on it.
I have connected my MX4300 to my main router for test purpose.

MX4300(192.168.10.123, connect WAN port to my router) <-> main router (with WAN) 192.168.10.1 <-> test laptop 192.168.10.10

I tested around 10 times, it only worked twice (which proves my configuration was correct). When I use Wireshark to monitor my traffic (with filter ip.addr == 192.168.10.123 ), I see no traffic when openvpn fails to connect. but, I still can connect to MX4300's web interface through the same ip address.

I tried to change openvpn protocol from UDP to TCP and it does not really help. Does anyone try Openvpn on MX4300 with the latest release build? I'm not sure it is my laptop causes the problem or there is something wrong on the router.

[egc]

I do not have any K6.1/K6.6 router let alone your specific router so I cannot say anything about your specific router

But the proper way to setup OpenVPN is detailed in the OpenVPN guides which are a sticky in the Advanced Networking forum

[dpp3530]

All of your devices are in the same subnet (assuming you used a mask of /24 or 255.255.25.0), so your laptop can access the MX4300's GUI since it can go straight to it.

For example, my ISP gives me a WAN address of 100.7.x.x/24 (it's DHCP so it changes, but it's always a /24 bitmask). My internal network from my main router is 192.168.6.x/24. I would give the internal LAN on the MX4300 a completely different subnet, such as 10.10.10.x/24. In my hypothetical scenario, the WAN port on the MX4300 would get a 192.168.6.x IP address (yours would get a 192.168.10.x based on your description), and in my case I could hardcode it or give it a DHCP reservation, such as 192.168.6.254.

Now from the laptop, I'd make the VPN endpoint 192.168.6.254. Once the laptop connects to it, I should be able to hit http://10.10.10.1 (the LAN IP of the MX4300). I'd also put something like another laptop on the LAN side of the MX4300 with a file share or FTP server, something I could use to test access to resources on the LAN.

Personally, I have OpenVPN on my main router and I test after every build update by connecting my laptop to the access point on my phone so I'm going through T-Mobile, then I connect to my router via dynamic DNS entry, and see if I can access my network file share. I'd rather make sure it works when I'm sitting at home than when I'm on the road trying to connect back.

[minchinghowrt]

I already used Ip range: 10.8.0.0/24.
I think the problem is I did not see any attempt to connect to the device happens when I check Wireshark log.
This is a test setup before I replace the main router. we need internet to get paycheck and I don't want to ruin it. :p

[dpp3530]

Again, please check the thread that egc indicated. You also have no indication of your actual configuration on the client or the MX4300.

[Alozaros]

To me its very unclear what the OP is testing...if you are trying to run VPN server or just client to a VPN provider...it seams you are struggling but in both cases(client/server) follow the egc advise to read the guides...
also testing with WShk should be done not on the 192.168.10.123 WAN as VPN would be on different
IP either the internal VPN range or the External IP that it is connected to...so that is why it is important to provide more details what you are trying...but anyway read the guide and come back..
also i rather test it whit TCPDUMP...router side..if so...

[minchinghowrt]

Thank you for your feedback.

TL;DR
The problem seems relating to how I test it. After I set port forwarding on my main router to forward 1194 to my MX4300 and use a phone
hotspot for my computer (without wifi or ethernet). It works reliably.


I thought I can just test my MX4300 and laptop under the same ip range. In theory, it should be like their "wan ip" even both of them have 192.168.10.x. Within MX4300, I set the ip range to 192.168.100.x and the VPN ip range was set to 10.8.0.0. I use my laptop 192.168.10.10 connect to MX4300's WAN port IP, which is 192.168.10.123, using open VPN. Hope my laptop will be able to access anything underneath MX4300 with 192.168.100.x ip address. I must miss something and it was not working reliably for me. As I said, it did work twice that my laptop can get into MX4300 and access other device using 192.168.100.x ip underneath MX4300.


Min-Ching Ho

[egc]

From the first page of the OpenVPN Server setup guide in bold :

[GuitsBoy]

I guess it's already been confirmed to be an issue with the testing method and overlapping subnets. For what it's worth, I can confirm OpenVPN is working in the latest three builds on my MX4300s. I'm remoted into my home PC from work over the OpenVPN connection right now. Its been working very well.