Comfast CF-E538AC & OpenWrt

Dear All;

I hope this will be the correct forum. I'm in a crossroad with this router; I'm not able to modify the configuration and I have a lack of kowledge to create a build for it.

I have bought a comfast CF-E538AC:

The router has 8MB/64MB and has been compiled with a openwrt build (ramips/mt7620/). I have the root password, so I can connect to the router via SSH and change configurations.

The main issue I have is related with the firewall, I have set up the router with the build in comfast webpage as a AP (like shown in this video:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix 'fd1a:161f:534f::/48'

config interface 'lan'
        option type 'bridge'
        option force_link '1'
        option proto 'static'
        option netmask ''
        option ip6assign '60'
        option ifname 'eth0.2 eth0.1'
        option ipaddr ''
        option macaddr '20:0d:b0:75:4c:60'

config eth0.1 'def_lan'

config ap 'workmode'

config interface 'wan'
        option macaddr '20:0d:b0:75:4c:61'
        option proto 'dhcp'
        option type 'bridge'

config eth0.2 'def_wan'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '5 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config 20:0d:b0:75:4c:60 'def_lan_macaddr'

config 20:0d:b0:75:4c:61 'def_wan_macaddr'

config 20:0d:b0:75:4c:64 'def_wlan0_macaddr'

config 20:0d:bc:75:4c:6b 'def_sta_macaddr'

I can connect to it and I can see the computers in my network:, but I cannot connect to my work VPN. I have tried to change the /etc/config/firewall configuration, but it does not appear to be applied; I have changed some parameters to test and no one appears to work despite I have done uci commit... The Iptables shows:


I'm also evaluating to create a firmware for this router, but I need a lot of time. May someone could help me in order to modify the firewall configuration in order to allow the router the vpn passthrough and also to build a openWRT firmware for this router.... (this is the current firmware:; do you think that I could use this one?

Thanks in advance