ok, come back with the result on openwrt, same issue for accessing the google.com.
just flash out the openwrt fireware to the device and install & configure the openvpn client. not able to access google, but youtube.com works with "your connection to this site is not secure", the difference between them is , google cer is used for accessing youtube and facebook cert is used for accessing google.com.
{
"kernel": "6.6.30",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 0",
"model": "FriendlyElec NanoPi R5S",
"board_name": "friendlyarm,nanopi-r5s",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r26379-1082c6556e",
"target": "rockchip/armv8",
"description": "OpenWrt SNAPSHOT r26379-1082c6556e"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00:4b2e:e3db::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
config device
option name 'eth1'
option macaddr '6a:9f:87:2d:35:08'
config device
option name 'eth2'
option macaddr '6a:9f:87:2d:35:08'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0'
option macaddr '6a:9f:87:2d:35:07'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config interface 'tun0'
option proto 'none'
option device 'tun0'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'tun0'
list device 'tun0'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.21.110/24 brd 192.168.21.255 scope global eth0
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
inet 10.8.0.2/16 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.21.1 dev eth0 src 192.168.21.110
10.8.0.0/16 dev tun0 scope link src 10.8.0.2
20.254.162.75 via 192.168.21.1 dev eth0
128.0.0.0/1 via 10.8.0.1 dev tun0
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.21.0/24 dev eth0 scope link src 192.168.21.110
local 10.8.0.2 dev tun0 table local scope host src 10.8.0.2
broadcast 10.8.255.255 dev tun0 table local scope link src 10.8.0.2
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
local 192.168.1.1 dev br-lan table local scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.1
local 192.168.21.110 dev eth0 table local scope host src 192.168.21.110
broadcast 192.168.21.255 dev eth0 table local scope link src 192.168.21.110
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2408:820c:8fa8:d0b0:689f:87ff:fe2d:3507/64 scope global dynamic noprefixroute
valid_lft 259077sec preferred_lft 172677sec
inet6 fe80::689f:87ff:fe2d:3507/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd00:4b2e:e3db::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::689f:87ff:fe2d:3508/64 scope link
valid_lft forever preferred_lft forever
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 500
inet6 fe80::7da3:ed54:1d4:3553/64 scope link flags 800
valid_lft forever preferred_lft forever
default from 2408:820c:8fa8:d0b0::/64 via fe80:0:f4:1c:71:1b:93:80 dev eth0 metric 512
2408:820c:8fa8:d0b0::/64 dev eth0 metric 256
unreachable 2408:820c:8fa8:d0b0::/64 dev lo metric 2147483647
fd00:4b2e:e3db::/64 dev br-lan metric 1024
unreachable fd00:4b2e:e3db::/48 dev lo metric 2147483647
fd33:2ef2:cff7::/64 from 2408:820c:8fa8:d0b0::/64 via fe80::1832:af6d:c742:37b3 dev eth0 metric 512
fe80::/64 dev br-lan metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev tun0 metric 256
local ::1 dev lo table local metric 0
anycast 2408:820c:8fa8:d0b0:: dev eth0 table local metric 0
local 2408:820c:8fa8:d0b0:689f:87ff:fe2d:3507 dev eth0 table local metric 0
anycast fd00:4b2e:e3db:: dev br-lan table local metric 0
local fd00:4b2e:e3db::1 dev br-lan table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev tun0 table local metric 0
local fe80::689f:87ff:fe2d:3507 dev eth0 table local metric 0
local fe80::689f:87ff:fe2d:3508 dev br-lan table local metric 0
local fe80::7da3:ed54:1d4:3553 dev tun0 table local metric 0
multicast ff00::/8 dev br-lan table local metric 256
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev tun0 table local metric 256
0: from all lookup local
32766: from all lookup main
lrwxrwxrwx 1 root root 16 May 21 10:29 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 May 26 11:25 /tmp/resolv.conf
-rw-r--r-- 1 root root 53 May 26 11:25 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 53 May 26 11:25 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 192.168.21.1
search VS020
Server: 1.1.1.1
Address: 1.1.1.1:53
Non-authoritative answer:
Name: google.com
Address: 142.250.187.206
Non-authoritative answer:
Name: google.com
Address: 2a00:1450:4009:81e::200e
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
Name: google.com
Address: 46.82.174.69
Non-authoritative answer: