Open VPN Routed mode, can’t connect to Lan

I’ve been struggling this for a while now and hoping someone can help me get this sorted.
I have been using Roadwarrior Bridged Tap mode for a while now but wanted to set up a new server to test Tun Routed mode but am unable to get it routing to internal LAN

Network 192.168.30.x /23
Sub 255…255.254
Netserver 7.4 – VPN server and sat behind a Sonicwall TZ300

Steps taken so far:

Hardware – Dell Laptop for now with 1 nic (Green interface)
Fresh install of Nethserver 7.4
Set Network static address on (Green)


Set routed mode




Create the Roadwarrior user accounts
Download the config file place in config location.
Config portforwarding on router to internal vpn server address
I connect in with Open VPN client all connects fine I get ip of
I can access internet
I can ping VPN server with reply
But I can’t connect or ping anything else on the Lan?
And this is where I’m stumped.
I’m guessing the issue is with routing from external 192.168.100.x to internal 192.168.30.x
iptable is as follows:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface UG 0 0 0 enp0s29u1u4 U 1002 0 0 enp0s29u1u4 U 0 0 0 enp0s29u1u4 UG 0 0 0 tunrw UH 0 0 0 tunrw

Firewall Log
Apr 12 13:26:17 TestVPN kernel: Shorewall:sfilter:DROP:IN=tunrw OUT=tunrw MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=8679 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=146
Apr 12 13:26:22 TestVPN kernel: Shorewall:sfilter:DROP:IN=tunrw OUT=tunrw MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=8680 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=147

Open vpn log shows the following error
TestVPN kernel: Shorewall:sfilter:DROP:IN=tunrw OUT=tunrw MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5508 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=11

@mrMarkus was kindly offering his input and has also replicated the issue.
Anyone else running a similar setup that can solve my headache?

A static route on the gateway should solve the issue.


As @mrmarkuz suggests, in your router/gateway put a static route that redirects all calls to range to your VPN server (I suppose it’s

A question, Why as netmask of your OpenVPN range?

1 Like

thank you just got to work out how to add a Route in Sonicwall

@saitobenkei VPN routed ip range is on main lan is on

why on a /23 for lan you ask :wink: i haven’t got my head around vlan setup yet

1 Like

Found a thread:

1 Like

If your VPN Range is so put /24 in your static route, not /23 I have wrongly written in my previous post :slight_smile:

1 Like

Cheers. Will carry out some weekend testing and keep you posted.


i added the route as per the documentation.

using the following config:



and…success i can now access internet ping laptop on network.

one slight hitch i have nas drive on this network to test and i can’t connect to it anyone see a reason for this its on

ok just tried to ping my device from inside the lan and no reply

Update turns out the Nas just needed a 're boot awesome work @mrmarkuz and @saitobenkei thanks for sticking with me I can now access all internal devices and web interfaces. This will allow some of our remote IOS users access too now which will be a big help. Great work team!


Hello @Matthew99 could you share the solution to your problem because I currently have the same problem with my vpn that was working perfectly but a week ago I presented the same error.

I can connect to my vpn but I can only access the Nethserver server but not any LAN resources.

I hope you can help me.

hi @Maicol_Munoz

if i remember correctly i had to create a static route as suggested by @MrMuecke and screenshots above.

you need to create an object for the subnet you have as your routed mode address and then add a static route to that destination.

1 Like