Hello everyone, i have a little problem and I wish someone would give me help
I have a TD-W8970 with openWRT 18.06. i would like create 2 wifi network
wifi1 -> for navigate without vpn
wifi2 -> for navigate with vpn
I have openVPN correctly installed and with wifi2 i can navigate on internet. the problem is with wifi1. with the my actual configuration i can't navigate.
Here my configuration.. can someone tell me where i wrong?
Network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6d:2980:e639::/48'
config atm-bridge 'atm'
option payload 'bridged'
option nameprefix 'dsl'
option vci '35'
option vpi '8'
option encaps 'vc'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'wan'
option ifname 'dsl0'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 '1'
option peerdns '0'
list dns '103.86.96.100'
list dns '103.86.99.100'
config device 'wan_dev'
option name 'dsl0'
option macaddr 'e8:94:f6:5e:0d:8d'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 2 4 5 6t'
config interface 'lan_prot'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config interface 'ovpn'
option proto 'none'
option ifname 'tun0'
config interface 'lan_unprot'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
Firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option forward 'REJECT'
option output 'ACCEPT'
option name 'lan_prot'
option input 'ACCEPT'
option network 'lan_prot'
config zone
option output 'ACCEPT'
option name 'lan_unp'
option input 'ACCEPT'
option network 'lan_unprot'
option forward 'REJECT'
config zone 'openvpn'
option forward 'REJECT'
option network 'ovpn'
option output 'ACCEPT'
option name 'ovpnfw'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'LanProt-DNS'
option src 'lan_prot'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
option name 'LanProt-DHCP'
option src 'lan_prot'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
option name 'LanUnProt-DHCP'
config forwarding
option dest 'wan'
option src 'ovpnfw'
config forwarding
option dest 'ovpnfw'
option src 'lan_prot'
config forwarding
option dest 'wan'
option src 'lan_unprot'
config forwarding
option dest 'wan'
option src 'lan_unp'
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option noresolv '0'
list server '103.86.96.100'
list server '103.86.99.100'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'lan_prot'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'lan_prot'
config dhcp 'lan_unprot'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'lan_unprot'
Wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option encryption 'psk-mixed'
option key '1234678912345678'
option ssid 'GiGaNet_Prot'
option network 'lan_prot'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'psk-mixed'
option key '1234678912345678'
option ssid 'GiGaNet_Unp'
option network 'lan_unprot'