Debugging connectivity problem involving VPN

I recently setup a home assistant server on my home lan. As far as local networking is concerned, It seems to be working fine - I have it set up with a reserved dhcp address from my router. The issue is that I would like to be able to see and control home assistant when I am away from home using my existing open vpn setup (detailed below). I’m looking for help debugging the connection problem, as I am running out of ideas.

I setup this VPN several years ago. It consists of a Raspberry PI running an OpenVPN server in tun mode, sitting behind a router that forwards vpn connection requests to the OpenVPN Server. Routing rules on the OpenVPN Server and Router bridge the two subnets. The other machines on the LAN are not VPN clients, but the routing rules on the server and router have enabled me to acccess them remotely from over the VPN without needing to do anything special to these machines. I have been successfully using this VPN to access various machines on my home LAN for years now.

The problem is, I don’t seem to be able to see the HassIO server from over the VPN. Pings do not return like they do for other devices. Below is an illustration of the connectivity problem.

LAN/VPN Connectivity Status.

VPN CLIENT           ROUTER      OVPNServer       MediaPC     NAS       HASSIO
                     <============== LAN 10.10.1.x/24 ========================>
<==== OVPN TUNNEL 172.31.1.x/24 =======>
<--conn working -------->
<--conn working (ssh/ping/etc) -------->
<--conn working (ssh/ping/etc) ---------------------->
<--conn working (ssh/ping/etc) -------------------------------->
<--conn NOT working (ssh/ping/etc) ---------------------------------------->

I have tried using tcpdump to watch traffic, and I can see the ICMP req packets being relayed at the OVPNServer. For other devices, I can also see the reply messages coming back. HassIO is not sending a reply and I’m not sure why. Locally, when I send pings to HassIO I get responses. I’ve had trouble debugging at the HassIO level since I’m not sure how to acccess the underlying OS (or if it is even possible) from a network connection. I’m wondering if there is something security related being implemented in HassIO causing the problem.

I apologize if this situation has been addressed before and I just have not yet found it digging through forum posts. Below is my network configuration. Again, any suggestions for debugging or potential causes of the problem would be appreciated.

Network Configuration

  • Router

    • OpenWRT

    • br-lan:

    • eth0: xx.xx.xx.xx (public ip)

    • routing table

      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         xx.xx.xx.xx         UG    0      0        0 eth0   U     0      0        0 br-lan
      xx.xx.xx.xx   U     0      0        0 eth0   UG    0      0        0 br-lan
    • IP Tables forwards VPN connections to OVPNServer (verified, working)

  • OVPNServer

    • eth0:

    • tun0:

    • tun0: P-t-P

    • routing table:

      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 eth0   U     0      0        0 eth0   UG    0      0        0 tun0 UH    0      0        0 tun0
    • /etc/openvpn/server.conf

      # IP address of the interface OpenVPN should listen on (optional)
      proto tcp
      port 1194
      dev tun
      ca /etc/openvpn/ca.crt
      cert /etc/openvpn/xx.crt
      key /etc/openvpn/xx.key
      dh /etc/openvpn/xx.pem
      # OpenVPN Subnet - server will take
      push "route"
      push "dhcp-option DNS"
      # Tell Client to route all traffic through VPN
      push "redirect-gateway"
      # Allow clients to see each other
      # Allow multiple clients to connect with the same cert/key files
      # Less secure but you have to manage less keys
      # Ping every 10 seconds, client is gone if no response afer 120s
      keepalive 10 120
      verb 1
      log-append /var/log/openvpn.log
  • HassIO

    • IP:
    • Gateway: