I have a Tplink CPE210 antenna with Openwrt V19.07
ADSL Router ===> Tplink CPE210 ===> Laptop…
I have the OpenVPN client installed in the Tplink which connects to the VPN server through my ADSL router. According to what I see in the System log it is connected. The problem is that I want to share that connection through the Tplink access point, that everyone who connects via Wi-Fi has access to all services.
They could explain to me what I should do, or how to configure, any suggestion on how to do it.
The settings that I have made I have been guided by this link https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci
But I can't get it to work.
Thank you very much in advance
Ivan
Have you configured the firewall zones correctly?
Did you study the alternative openvpn client setup guide using LuCI linked at the bottom of the wiki page?
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; iptables-save -c; uci export openvpn; \
head -n -0 /etc/openvpn/*.conf; head -n -0 /etc/openvpn/*.ovpn; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
Greetings thank you very much for responding so quickly. It took me a while to answer a little since the information you requested was prepared and the time difference between us.
I don't have much experience using Openwrt, although I have general knowledge of Linux.
I don't know if you are familiar with the Tplink CPE210 Version 1. Now the device has 2 physical network input. But it is actually Eth0.1 LAN and Eth0.2 WAN.
What happens is that this device is powered by the Eth0.1 LAN through a Poe.
Now I would like to use only a network wire which must connect by Eth0.1
ADSL ===> Eth0.1 LAN ===> Wifi Output ===> Wifi Laptop, smart TV…
I tried to change the entry Eth0.1 for WAN and Eth0.2 for LAN on the Switch, but I lost the connection with the device. I don't know if this is possible to do.
Well, having the Eth0.1 LAN cable connected to my ADSL I get the VPN client to connect to my Server VPN provider. But in the Tplink's Wifi, my devices cannot connect to the VPN Server, however, I have access to the Internet.
If I connect the two Eth0.1 LAN and Eth0.2 WAN cables to the ADSL router it does the same to me as with a single network wire. (my interest is to use a single network wire).
I don't have much knowledge of Firewall. I think that the problem is here, but I'm not sure.
I attach all the information you requested.
-----------------------------------------------------
OpenWrt 19.07.2, r10947-65030d81f3
-----------------------------------------------------
root@OpenWrt:~# uci export network; uci export wireless; \
>
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0e:8c0c:af3b::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option gateway '192.168.100.100'
option ipaddr '192.168.100.1'
list dns '191.225.241.120'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 0t'
config interface 'tun0'
option ifname 'tun0'
option proto 'none'
option auto '0'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ar934x_wmac'
option htmode 'HT20'
option channel '4'
option txpower '27'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key '12345678*'
option ssid 'MyWiFi'
option encryption 'psk2'
root@OpenWrt:~# uci export dhcp; uci export firewall; \
>
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 tun0'
list device 'tun0'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
root@OpenWrt:~# head -n -0 /etc/firewall.user; iptables-save -c; uci export openvpn; \
>
# Generated by iptables-save v1.8.3 on Fri May 1 20:18:08 2020
*nat
:PREROUTING ACCEPT [275:63563]
:INPUT ACCEPT [41:2922]
:OUTPUT ACCEPT [96:6743]
:POSTROUTING ACCEPT [96:6743]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[275:63563] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[275:63563] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[0:0] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
[96:6743] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[54:3890] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
[54:3890] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[275:63563] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Fri May 1 20:18:08 2020
# Generated by iptables-save v1.8.3 on Fri May 1 20:18:08 2020
*mangle
:PREROUTING ACCEPT [752:128536]
:INPUT ACCEPT [518:67895]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [586:142244]
:POSTROUTING ACCEPT [586:142244]
[0:0] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri May 1 20:18:08 2020
# Generated by iptables-save v1.8.3 on Fri May 1 20:18:08 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
[174:20554] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[346:47421] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[302:43029] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[39:2028] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[44:4392] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
[174:20554] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[416:122602] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[345:117692] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[71:4910] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[0:0] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[39:2028] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[71:4910] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[44:4392] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[44:4392] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[71:4910] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[71:4910] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[44:4392] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
[0:0] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[0:0] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_ACCEPT -i eth0.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Fri May 1 20:18:08 2020
package openvpn
config openvpn ' MiConexion'
option config '/etc/openvpn/MiConexion.ovpn'
option enabled '1'
only this I could not find.
root @ OpenWrt: ~ # head -n -0 /etc/openvpn/*.conf; \
head: /etc/openvpn/*.conf: No such file or directory
# Automatically generated OpenVPN client config file
# Generated on Tue Apr 28 16:41:26 2020 by nauta
# Default Cipher
cipher AES-256-CBC
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=MyUserName
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE= MyUserName@mi.proveedor.com
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST= mi.proveedor.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=0
# OVPN_ACCESS_SERVER_ORGANIZATION=PROVEEDOR
setenv FORWARD_COMPATIBLE 1
client
proto tcp
remote mi.proveedor.com
port 443
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass /etc/openvpn/password.auth
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
# Extra user-defined configuration
cipher AES-256-CBC
## -----BEGIN RSA SIGNATURE-----
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
root@OpenWrt:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.100.1/24 brd 192.168.100.255 scope global br-lan
valid_lft forever preferred_lft forever
default via 192.168.100.100 dev br-lan
192.168.100.0/24 dev br-lan scope link src 192.168.100.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.100.0 dev br-lan table local scope link src 192.168.100.1
local 192.168.100.1 dev br-lan table local scope host src 192.168.100.1
broadcast 192.168.100.255 dev br-lan table local scope link src 192.168.100.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
root@OpenWrt:~# ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
lrwxrwxrwx 1 root root 16 Feb 27 16:05 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 May 1 20:12 /tmp/resolv.conf
-rw-r--r-- 1 root root 43 May 1 20:13 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 191.225.241.120
thank you very much again for your interest in helping me
attentively
Ivan
excuse any error in the language, I am speak Spanish and help me with google for my translation
Greetings thanks for your quick response.
I am not sure if the Firewall is well configured.
Well I have been guided by this link to make the configuration, I do not know if I have done it correctly or if I am missing something, or I made a mistake.
I'm still studying and reviewing the settings.
Thanks for your reply.
Ivan
Hello,
connect from wifi to avoid losing the connection, because when you swap the interfaces the lan port will be wan and it will not offer dhcp, but will request.
Fix the lan
config interface 'lan'
option type 'bridge'
option ifname 'eth0.2'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.1'
Then the wan:
config interface 'wan'
option ifname 'eth0.1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.1'
option proto 'dhcpv6'
In dhcp remove the ignore 1 from lan stanza.
You may want to change the wan zone input and forward policies from ACCEPT to REJECT.
Thank you for your help and advice.
Check the link again https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
Download a PDF, which you have not previously seen How to set up OpenVPN Client
on HH5a with OpenWrt 19.07.
I will try to configure it step by step through this guide.
But first I'll try to change Eth0.1 to WAN
Then I tell you how it went.
Thank you
Greetings Bill888.
Again, thanks for your message.
Check the link again https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
Download a PDF, which you have not previously seen How to set up OpenVPN Client
on HH5a with OpenWrt 19.07.
I was reading this guide, I consider it great, excellent work. I am studying it and I am going to restart my Tplink, to do the configuration again from scratch, using this guide.
I assume that its authorship is given since it was written by "Bill"
Thank you
Ivan
Then I tell him how it was ...
Why would I do that?
Solved
Trendy greeting
The configuration that I had made for the first time, had been consulted by the first link that I published on the web and other publications that I was also consulted. But I had not seen this PDF document.
With this document I tell you that I managed to configure my Tplink CPE210 as an OpenVPN client quickly and easily. Thanks to bill for this contribution.
Many thanks to Trendy and Bill888 for their help.
Sincerely, Ivan
Please mark as Solved.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.