@improbablecat 

NAT loopback should work by default, I have an ER707-M2 in the lab, I will test. With the ER8411 it works.

  @improbablecat 

You are right, OpenVPN and NAT loopback does not work with ER707-M2

  @MR.S 

Thanks for checking! Do you have an idea on how I can work around this? I wasn't planning on running my own DNS server.

  @improbablecat 

There is no way around this, I use always on VPN on phones but use OpenVPN on a Raspberry Pi 5 and when I am on lan I use DNS via NextDNS and redirect to OpenVPN LAN ip when I am connected to WiFi. Now this option comes to Omada soon  so then I don't have to use NextDNS to redirect to a local ip. Unfortunately you can't log in with OpenVPN on LAN IP to router so you have to have a server on LAN to do that.

  @MR.S 

So if I'd run my OpenVPN server seperately on my network, in a Docker container for example, this just might work? Or do you mean that logging in on a local lan with OpenVPN doesn't work at all?

Do you know where I can find more regarding the DNS coming to Omada? And do you have any idea of the timeline for that?

  @improbablecat 

Yes, it works if you run an OpenVPN server connected to the LAN, but to get the best speed, I use NextDNS and redirect to the LAN interface on the Raspberry Pi when I'm connected to WiFi. DNS is coming to Omada now, it's already in beta on the controller but there's still no beta for routers, so within a couple of months I think we'll have DNS on Omada.

  @MR.S 

Well, I have everything running on Docker on my old laptop (Home Assistant mainly). Then I'd add OpenVPN as a container there. This setup isn't stable enough for me to run my DNS on. It sometimes dies and stuff, so I'd much rather have the VPN on there than my DNS.

I've also tried to locally connect to the OpenVPN instance, but I don't think I was able to find the right IP on which the OpenVPN server was running through my router. I wasn't able to connect in any way it seems. Is the IP this one which I found in the routing table?

  @improbablecat 

I don't think you can connect to the OpenVPN ip pool if that's what you're trying to do. OpenVPN on the router can only connect to the WAN interface that you've defined in the OpenVPN setup.

  @MR.S 

I'm actually trying to connect to the OpenVPN server locally, with the local OpenVPN server IP. Then it won't work either way right? Cause even if you'd have a DNS, the local IP of OpenVPN still wouldn't be reachable. Or is it just running on the router itself (192.168.0.1) on port 1194? So I can connect locally without the need for a NAT loopback.

  @improbablecat 

I don't know anything about docker and stuff like that, but I connect to the vpn on my PI lan interface. When I'm on the LAN and when I'm on the WAN I connect to the router's WAN interface. I then port forward the necessary ports to the VPN server running on the Pi.
I use DNS for this. For example, the dns can be like this
from WAN = myvpn,server,net 35.15.4.12
from LAN = myvpn,server,net 192.168.54.12