Help setup OpenWrt VPN with single port TL-WR802N

mmm no

CleanShot 2022-10-21 at 22.48.56@2x732×362 24.8 KB

CleanShot 2022-10-21 at 22.49.26@2x1160×596 48.3 KB

CleanShot 2022-10-21 at 22.49.50@2x636×616 36.1 KB

removing eth0 from br-lan , how I do that?
I was going to the LAN interface the inside this set devices to unspecific (removing br-lan checkbox), all with Luci.

That's your main router. When you initially connect the PC to the OpenWrt router by Ethernet you need to be sure to disconnect the PC wifi from the house network since they are both 192.168.1.1. During initial configuration, only the PC and the OpenWrt router should be connected to each other, with no other network involved.

don't make any changes yet... let's review the current status of the configuration files.

same as this check Help setup OpenWRT VPN with Single Port TL-WR802N - #31 by asyba

@mk24 - we've been working at this for a little bit... I don't understand why there isn't upstream connectivity, but we should be well beyond the issue of an overlapping subnet.

zero changes??

wrong link here Help setup OpenWRT VPN with Single Port TL-WR802N - #29 by asyba

Is that what the OpenWrt firewall GUI looks like now? Granted I almost never use LuCI any more.

what is the output of ip route?

no... that was from the main router... I asked if there were any things in the upstream firewall that could interfere with this device getting on the network such as MAC filters or firewall rules.

root@OpenWrt:~# ip route
default via 192.168.1.1 dev eth0  src 192.168.1.105 
192.168.1.0/24 dev eth0 scope link  src 192.168.1.105 
192.168.10.0/24 dev br-lan scope link  src 192.168.10.1 
root@OpenWrt:~# 

• Failure to name the wan network wan in lower case.

I did a fresh install adn all VPN settings and packs are not installed now.
but after wan lowercases I didt do a fresh install.. yet..

ping from tpilink to openwrt router fails, not sure if its normal or not

CleanShot 2022-10-21 at 23.03.01@2x996×882 79.8 KB

the wan network interface is lowercase now (and consistent in all 3 critical files), if the config files here are current:

strange , ethernet and wifi MAC are the same

CleanShot 2022-10-21 at 23.18.02@2x2106×956 127 KB

This seems to indicate a proper route is established.

Just to make 100% certain that we are looking at the latest and greatest config files, please post your current network and firewall files.

root@OpenWrt:~# ifconfig

br-lan    Link encap:Ethernet  HWaddr 54:AF:97:89:0D:26  

          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0

          inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link

          inet6 addr: fd70:13bf:2451::1/60 Scope:Global

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9872 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4997 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1270297 (1.2 MiB)  TX bytes:1676607 (1.5 MiB)



eth0      Link encap:Ethernet  HWaddr 54:AF:97:89:0D:26  

          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:10982 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3227 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1604561 (1.5 MiB)  TX bytes:245718 (239.9 KiB)

          Interrupt:5 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

          RX packets:1793 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1793 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:149778 (146.2 KiB)  TX bytes:149778 (146.2 KiB)



wlan0     Link encap:Ethernet  HWaddr 54:AF:97:89:0D:26  

          inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9892 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5552 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1411283 (1.3 MiB)  TX bytes:2088394 (1.9 MiB)



root@OpenWrt:~# cat /etc/config/wireless 



config wifi-device 'radio0'

	option type 'mac80211'

	option path 'platform/10300000.wmac'

	option channel '1'

	option band '2g'

	option htmode 'HT40'

	option country 'AR'

	option cell_density '0'



config wifi-iface 'default_radio0'

	option device 'radio0'

	option network 'lan'

	option mode 'ap'

	option ssid 'GALA1'

	option encryption 'psk2'


	option key '4237345fj'







root@OpenWrt:~# cat /etc/config/dhcp



config dnsmasq

	option domainneeded '1'

	option boguspriv '1'

	option filterwin2k '0'

	option localise_queries '1'

	option rebind_protection '1'

	option rebind_localhost '1'

	option local '/lan/'

	option domain 'lan'

	option expandhosts '1'

	option nonegcache '0'

	option authoritative '1'

	option readethers '1'

	option leasefile '/tmp/dhcp.leases'

	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

	option nonwildcard '1'

	option localservice '1'

	option ednspacket_max '1232'



config dhcp 'lan'

	option interface 'lan'

	option start '100'

	option limit '150'

	option leasetime '12h'

	option dhcpv4 'server'

	option dhcpv6 'server'

	option ra 'server'

	list ra_flags 'managed-config'

	list ra_flags 'other-config'



config dhcp 'wan'

	option interface 'wan'

	option ignore '1'



config odhcpd 'odhcpd'

	option maindhcp '0'

	option leasefile '/tmp/hosts/odhcpd'

	option leasetrigger '/usr/sbin/odhcpd-update'

	option loglevel '4'








root@OpenWrt:~# cat /etc/config/firewall 



config defaults

	option input 'ACCEPT'

	option output 'ACCEPT'

	option forward 'REJECT'

	option synflood_protect '1'



config zone

	option name 'lan'

	option input 'ACCEPT'

	option output 'ACCEPT'

	option forward 'ACCEPT'

	list network 'lan'



config zone

	option name 'wan'

	option input 'REJECT'

	option output 'ACCEPT'

	option forward 'REJECT'

	option masq '1'

	option mtu_fix '1'

	list network 'wan'



config forwarding

	option src 'lan'

	option dest 'wan'



config rule

	option name 'Allow-DHCP-Renew'

	option src 'wan'

	option proto 'udp'

	option dest_port '68'

	option target 'ACCEPT'

	option family 'ipv4'



config rule

	option name 'Allow-Ping'

	option src 'wan'

	option proto 'icmp'

	option icmp_type 'echo-request'

	option family 'ipv4'

	option target 'ACCEPT'



config rule

	option name 'Allow-IGMP'

	option src 'wan'

	option proto 'igmp'

	option family 'ipv4'

	option target 'ACCEPT'



config rule

	option name 'Allow-DHCPv6'

	option src 'wan'

	option proto 'udp'

	option dest_port '546'

	option family 'ipv6'

	option target 'ACCEPT'



config rule

	option name 'Allow-MLD'

	option src 'wan'

	option proto 'icmp'

	option src_ip 'fe80::/10'

	list icmp_type '130/0'

	list icmp_type '131/0'

	list icmp_type '132/0'

	list icmp_type '143/0'

	option family 'ipv6'

	option target 'ACCEPT'



config rule

	option name 'Allow-ICMPv6-Input'

	option src 'wan'

	option proto 'icmp'

	list icmp_type 'echo-request'

	list icmp_type 'echo-reply'

	list icmp_type 'destination-unreachable'

	list icmp_type 'packet-too-big'

	list icmp_type 'time-exceeded'

	list icmp_type 'bad-header'

	list icmp_type 'unknown-header-type'

	list icmp_type 'router-solicitation'

	list icmp_type 'neighbour-solicitation'

	list icmp_type 'router-advertisement'

	list icmp_type 'neighbour-advertisement'

	option limit '1000/sec'

	option family 'ipv6'

	option target 'ACCEPT'



config rule

	option name 'Allow-ICMPv6-Forward'

	option src 'wan'

	option dest '*'

	option proto 'icmp'

	list icmp_type 'echo-request'

	list icmp_type 'echo-reply'

	list icmp_type 'destination-unreachable'

	list icmp_type 'packet-too-big'

	list icmp_type 'time-exceeded'

	list icmp_type 'bad-header'

	list icmp_type 'unknown-header-type'

	option limit '1000/sec'

	option family 'ipv6'

	option target 'ACCEPT'



config rule

	option name 'Allow-IPSec-ESP'

	option src 'wan'

	option dest 'lan'

	option proto 'esp'

	option target 'ACCEPT'



config rule

	option name 'Allow-ISAKMP'

	option src 'wan'

	option dest 'lan'

	option dest_port '500'

	option proto 'udp'

	option target 'ACCEPT'



root@OpenWrt:~# 







root@OpenWrt:~# cat /etc/config/network



config interface 'loopback'

	option device 'lo'

	option proto 'static'

	option ipaddr '127.0.0.1'

	option netmask '255.0.0.0'



config globals 'globals'

	option ula_prefix 'fd70:13bf:2451::/48'



config device

	option name 'br-lan'

	option type 'bridge'



config interface 'lan'

	option proto 'static'

	option netmask '255.255.255.0'

	option ip6assign '60'

	option ipaddr '192.168.10.1'

	option device 'br-lan'



config switch

	option name 'switch0'

	option reset '1'

	option enable_vlan '0'



config interface 'wan'

	option proto 'dhcp'

	option device 'eth0'




root@OpenWrt:~# 

I'm not seeing the problem. Do you have any other hosts on the 192.168.1.0/24 network (aside from the main router)? Can you try pinging one of those hosts?

@mk24 the latest config files look fine to me. Can you find anything wrong? I feel like I must be missing something given that the upstream connectivity isn't working, despite a valid IP address via DHCP from the upstream router (and the route to go along with it) and the OpenWrt lan is not overlapping.