Destination port unreachable from where to where?
When I ping google.com on a computer, terminal shows this error. But when I do ping google.com inside the raspberry pi router, I see no problem.
Destination port unreachable from where to where?
When I ping google.com on a computer, terminal shows this error. But when I do ping google.com inside the raspberry pi router, I see no problem.
Well, we should start by looking at this -- your LAN address is not correct.
This should be an RFC1918 address.
I have changed it to 192.168.1.15. Still same issue. When VPN is off, internet does not work on the computer but it does work inside the raspberry pi.
I don't want to bypass anything. I want everything to go through this vpn.
Basically, I want to use VPN so I can mask my location. That's all. So whenever I am connected to work computer, I want them to know that I am connected from xyz location.
It looks like you don't have your VPN assigned to a firewall zone. Assign tun0 to your wan zone.
Also -- this is really important: change the wan zone INPUT to reject! This is critical because your router is currently exposed to the internet.
Can you please help me with the config? How do I do both of them?
let's see the output of this:
uci show firewall.@zone[1]
root@OpenWrt:/etc/config# uci show firewall.@zone[1]
firewall.cfg03dc81=zone
firewall.cfg03dc81.name='wan'
firewall.cfg03dc81.input='ACCEPT'
firewall.cfg03dc81.output='ACCEPT'
firewall.cfg03dc81.forward='REJECT'
firewall.cfg03dc81.masq='1'
firewall.cfg03dc81.mtu_fix='1'
firewall.cfg03dc81.network='wan' 'wan6' 'wwan'
uci set firewall.@zone[1].input='REJECT'
uci set firewall.@zone[1].network='wan' 'wan6' 'wwan' 'tun0'
uci commit firewall
/etc/init.d/firewall restart
I did this. This is the result. I still have the same problem
root@OpenWrt:/etc/config# uci show firewall.@zone[1]
firewall.cfg03dc81=zone
firewall.cfg03dc81.name='wan'
firewall.cfg03dc81.output='ACCEPT'
firewall.cfg03dc81.forward='REJECT'
firewall.cfg03dc81.masq='1'
firewall.cfg03dc81.mtu_fix='1'
firewall.cfg03dc81.network='wan' 'wan6' 'wwan' 'tun0'
firewall.cfg03dc81.input='REJECT'
what happens if you ping 8.8.8.8?
root@OpenWrt:/etc/config# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=120 time=134.652 ms
64 bytes from 8.8.8.8: seq=1 ttl=120 time=134.153 ms
64 bytes from 8.8.8.8: seq=2 ttl=120 time=118.831 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 118.831/129.212/134.652 ms
username@username-HP-ProBook-640-G1:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.15 icmp_seq=1 Destination Port Unreachable
From 192.168.1.15 icmp_seq=2 Destination Port Unreachable
From 192.168.1.15 icmp_seq=3 Destination Port Unreachable
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms
your problem is DNS related.
Set a public DNS such as 8.8.8.8 on the router.
You need to add tun0 to the wan zone as a device not a network.
list device 'tun0'
Or you can do it the old way and create a dummy network to associate a network name with the device.
(in /etc/config/network)
config interface 'vpn'`
option device 'tun0'
option proto 'none'
then add 'vpn' to the list of networks in the wan zone.
How do I do that? Sorry for asking noob questions.
Hi u/psherman. It's working now. The answer by u/mk24 solved the problem. I will clean it up and post the clean solution so others who run into the same issue can solve it. Thanks
Hi mk24, thanks for your response. I did the 2nd part
config interface 'vpn'`
option device 'tun0'
option proto 'none
This worked. However your first part:
You need to add tun0 to the wan zone as a device not a network.
How would I do that if I were to do that?
It's an either or choice-- don't do both. The first way would be to add the list device
line to the wan zone section of /etc/config/firewall.
Great. I totally neglected making the device/network for the VPN, so when we assigned tun0 as a network to the wan firewall zone, it didn't actually do anything. Doh! Good catch @mk24!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.