Hi So i did a fresh install of 19.07.7, all default in dhcp and web do work fine. I then follow different guide from vpn provider, but i mostly end up with only the terminal can ping any site and do curl. I do get the proper intit sequence completed and the ip from the vpn, but i cannot access any webpage in browser.
From the official guide client-luci , with no kill switch give same. Or following provider guide :
here a pretty straight foward guide: https://support.purevpn.com/article-categories/getting-started/router/openwrt-router
Or this one Uber easy with inport the .ovpn / set the interface /set the fw zone
https://hide.me/en/vpnsetup/openwrt/openvpn/
Vpn log show is connecting fine with no error. But firefox can't get anything..
If i set the Ntwk / interface/ Lan - use custom dns : 8.8.8.8 : nothing
When i set : WAN > Edit > Advanced Settings. Uncheck the Use DNS servers advertised by peer parameter and set 4.2.2.2 value for Use custom DNS server. nothing more
If i try : Network / Firewall / Wan - edit - Advances setting / Covered device =tun0
nothing more. did couple of reboot at each step. vpn in udp1194 or tcp443 is same
try to put the firewall / zone Lan -edit : Allow Forward to destination : at only the vpn interface. instead of wan and the vpn interf.. but still no change.
Here my /etc/config/network
ig interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7e:7cdc:5666::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.40.1'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
list dns '4.2.2.2'
option peerdns '0'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'oVpn'
option ifname 'tun0'
option proto 'none'
option delegate '0'
and on the /etc/config/firewall i got :
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
list device 'tun0'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
config rule allow icmpv6-input ....
allow-icmpv6-forward .... all default
allow-ipsec .... allow isakmp...
-----
config zone
option network 'oVpn'
option name 'vpn_FW'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
config forwarding
option dest 'vpn_FW'
option src 'lan'
thanks for any hint !