IP still showing after vpn setup. (openvpn/expressvpn)

Trying to setup an arcadyan ar7516 (openwrt with openvpn setup) router with express vpn.
openvpn starts and initialises but when checking my ip it still shows my local ip of the original modem (smarthub)

the ar7516 is connected via ethernet to smarthub* (similar to the BT smarthub)

ultimately I want to connect the ar7516 to the smarthub and anything connected to the ar7516 ethernet ports to be protected by vpn.

OpenWrt 18.06.1, r7258-5eb055306f
 -----------------------------------------------------
root@OpenWrt:~# # OpenVPN log and status
root@OpenWrt:~# service log restart; service openvpn restart; sleep 10; logread -e openvpn; pgrep -f
 -a openvpn
Sun Feb  3 13:36:14 2019 daemon.err openvpn(expressvpn)[2348]: event_wait : Interrupted system call (code=4)
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: /sbin/route del -net 10.54.0.1 netmask 255.255.255.255
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: /sbin/route del -net 78.129.231.93 netmask 255.255.255.255
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: Closing TUN/TAP interface
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: /sbin/ifconfig tun0 0.0.0.0
Sun Feb  3 13:36:14 2019 daemon.notice openvpn(expressvpn)[2348]: SIGTERM[hard,] received, process exiting
Sun Feb  3 13:36:15 2019 daemon.warn openvpn(expressvpn)[2544]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Sun Feb  3 13:36:15 2019 daemon.warn openvpn(expressvpn)[2544]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: TCP/UDP: Preserving recently used remote address: [AF_INET]78.129.231.93:1195
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: Socket Buffers: R=[159744->319488] S=[159744->319488]
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: UDP link local: (not bound)
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: UDP link remote: [AF_INET]78.129.231.93:1195
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: TLS: Initial packet from [AF_INET]78.129.231.93:1195, sid=1958524d 791b1e41
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: VERIFY OK: nsCertType=SERVER
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-206-1a, emailAddress=support@expressvpn.com
Sun Feb  3 13:36:15 2019 daemon.notice openvpn(expressvpn)[2544]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-206-1a, emailAddress=support@expressvpn.com
Sun Feb  3 13:36:16 2019 daemon.notice openvpn(expressvpn)[2544]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb  3 13:36:16 2019 daemon.notice openvpn(expressvpn)[2544]: [Server-206-1a] Peer Connection Initiated with [AF_INET]78.129.231.93:1195
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: SENT CONTROL [Server-206-1a]: 'PUSH_REQUEST' (status=1)
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.54.0.1,comp-lzo no,route 10.54.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.54.1.250 10.54.1.249,peer-id 133,cipher AES-256-GCM'
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: compression parms modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: route options modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: peer-id set
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: adjusting link_mtu to 1629
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: OPTIONS IMPORT: data channel crypto options modified
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: NCP: overriding user-set keysize with default
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: TUN/TAP device tun0 opened
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: TUN/TAP TX queue length set to 100
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb  3 13:36:17 2019 daemon.notice openvpn(expressvpn)[2544]: /sbin/ifconfig tun0 10.54.1.250 pointopoint 10.54.1.249 mtu 1500
Sun Feb  3 13:36:19 2019 daemon.notice openvpn(expressvpn)[2544]: /sbin/route add -net 78.129.231.93 netmask 255.255.255.255 gw 192.168.1.254
Sun Feb  3 13:36:19 2019 daemon.notice openvpn(expressvpn)[2544]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.54.1.249
Sun Feb  3 13:36:19 2019 daemon.notice openvpn(expressvpn)[2544]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.54.1.249
Sun Feb  3 13:36:19 2019 daemon.notice openvpn(expressvpn)[2544]: /sbin/route add -net 10.54.0.1 netmask 255.255.255.255 gw 10.54.1.249
Sun Feb  3 13:36:19 2019 daemon.notice openvpn(expressvpn)[2544]: Initialization Sequence Completed
2544 /usr/sbin/openvpn --syslog openvpn(expressvpn) --status /var/run/openvpn.expressvpn.status --cd /etc/openvpn --config /etc/openvpn/my_expressvpn_uk_-_berkshire_udp.ovpn
root@OpenWrt:~#
root@OpenWrt:~# # Runtime network and firewall configuration
root@OpenWrt:~# ip a; ip r; ip ru; iptables-save
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 00:00:00:00:00:01 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::200:ff:fe00:1/64 scope link
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:00:00:00:00:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdbd:db2d:b27::1/60 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::200:ff:fe00:1/64 scope link
       valid_lft forever preferred_lft forever
6: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 00:00:00:00:00:01 brd ff:ff:ff:ff:ff:ff
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:00:00:00:00:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.66/24 brd 192.168.1.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::200:ff:fe00:2/64 scope link
       valid_lft forever preferred_lft forever
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    link/[65534]
    inet 10.54.1.250 peer 10.54.1.249/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::5cea:d564:4b87:e664/64 scope link
       valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.54.1.249 dev tun0
default via 192.168.1.254 dev wlan0  src 192.168.1.66
10.54.0.1 via 10.54.1.249 dev tun0
10.54.1.249 dev tun0 scope link  src 10.54.1.250
78.129.231.93 via 192.168.1.254 dev br-lan
128.0.0.0/1 via 10.54.1.249 dev tun0
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.1.0/24 dev wlan0 scope link  src 192.168.1.66
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
# Generated by iptables-save v1.6.2 on Sun Feb  3 13:36:25 2019
*nat
:PREROUTING ACCEPT [4:1585]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [1:40]
:postrouting_expressvpn_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_expressvpn_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_expressvpn_postrouting - [0:0]
:zone_expressvpn_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i wlan0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_expressvpn_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o wlan0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_expressvpn_postrouting
-A zone_expressvpn_postrouting -m comment --comment "!fw3: Custom expressvpn postrouting rule chain" -j postrouting_expressvpn_rule
-A zone_expressvpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_expressvpn_prerouting -m comment --comment "!fw3: Custom expressvpn prerouting rule chain" -j prerouting_expressvpn_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun Feb  3 13:36:25 2019
# Generated by iptables-save v1.6.2 on Sun Feb  3 13:36:25 2019
*mangle
:PREROUTING ACCEPT [22:2479]
:INPUT ACCEPT [19:982]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25:18709]
:POSTROUTING ACCEPT [25:18709]
-A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone expressvpn MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Feb  3 13:36:25 2019
# Generated by iptables-save v1.6.2 on Sun Feb  3 13:36:25 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_expressvpn_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_expressvpn_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_expressvpn_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_expressvpn_dest_ACCEPT - [0:0]
:zone_expressvpn_dest_REJECT - [0:0]
:zone_expressvpn_forward - [0:0]
:zone_expressvpn_input - [0:0]
:zone_expressvpn_output - [0:0]
:zone_expressvpn_src_REJECT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wlan0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_expressvpn_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wlan0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_expressvpn_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wlan0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_expressvpn_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_expressvpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_expressvpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_expressvpn_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
-A zone_expressvpn_forward -m comment --comment "!fw3: Custom expressvpn forwarding rule chain" -j forwarding_expressvpn_rule
-A zone_expressvpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_expressvpn_forward -m comment --comment "!fw3" -j zone_expressvpn_dest_REJECT
-A zone_expressvpn_input -m comment --comment "!fw3: Custom expressvpn input rule chain" -j input_expressvpn_rule
-A zone_expressvpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_expressvpn_input -m comment --comment "!fw3" -j zone_expressvpn_src_REJECT
-A zone_expressvpn_output -m comment --comment "!fw3: Custom expressvpn output rule chain" -j output_expressvpn_rule
-A zone_expressvpn_output -m comment --comment "!fw3" -j zone_expressvpn_dest_ACCEPT
-A zone_expressvpn_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to expressvpn forwarding policy" -j zone_expressvpn_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o wlan0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o wlan0 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i wlan0 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Feb  3 13:36:25 2019
root@OpenWrt:~#
root@OpenWrt:~# # Persistent network, firewall and OpenVPN configuration
root@OpenWrt:~# uci show network; uci show firewall; uci show openvpn
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdbd:db2d:0b27::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 8t'
network.wwan=interface
network.wwan.proto='dhcp'
network.expressvpn=interface
network.expressvpn.proto='none'
network.expressvpn.ifname='tun0'
network.expressvpn.auto='1'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].network='wan wan6 wwan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[2]=zone
firewall.@zone[2].name='expressvpn'
firewall.@zone[2].network='expressvpn'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='expressvpn'
firewall.@forwarding[0].src='lan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='lan'
openvpn.custom_config=openvpn
openvpn.custom_config.config='/etc/openvpn/my_expressvpn_uk_-_berkshire_udp.ovpn'
openvpn.sample_server=openvpn
openvpn.sample_server.port='1194'
openvpn.sample_server.proto='udp'
openvpn.sample_server.dev='tun'
openvpn.sample_server.ca='/etc/openvpn/ca.crt'
openvpn.sample_server.cert='/etc/openvpn/server.crt'
openvpn.sample_server.key='/etc/openvpn/server.key'
openvpn.sample_server.dh='/etc/openvpn/dh1024.pem'
openvpn.sample_server.server='10.8.0.0 255.255.255.0'
openvpn.sample_server.ifconfig_pool_persist='/tmp/ipp.txt'
openvpn.sample_server.keepalive='10 120'
openvpn.sample_server.compress='lzo'
openvpn.sample_server.persist_key='1'
openvpn.sample_server.persist_tun='1'
openvpn.sample_server.user='nobody'
openvpn.sample_server.status='/tmp/openvpn-status.log'
openvpn.sample_server.verb='3'
openvpn.sample_client=openvpn
openvpn.sample_client.client='1'
openvpn.sample_client.dev='tun'
openvpn.sample_client.proto='udp'
openvpn.sample_client.remote='my_server_1 1194'
openvpn.sample_client.resolv_retry='infinite'
openvpn.sample_client.nobind='1'
openvpn.sample_client.persist_key='1'
openvpn.sample_client.persist_tun='1'
openvpn.sample_client.user='nobody'
openvpn.sample_client.ca='/etc/openvpn/ca.crt'
openvpn.sample_client.cert='/etc/openvpn/client.crt'
openvpn.sample_client.key='/etc/openvpn/client.key'
openvpn.sample_client.compress='lzo'
openvpn.sample_client.verb='3'
openvpn.expressvpn=openvpn
openvpn.expressvpn.enabled='1'
openvpn.expressvpn.config='/etc/openvpn/my_expressvpn_uk_-_berkshire_udp.ovpn'
openvpn.expressvpn.verb='7'
openvpn.expressvpn.proto='tcp'
root@OpenWrt:~# head -n -0 /etc/openvpn/*.ovpn
dev tun
fast-io
persist-key
persist-tun
nobind
remote uk-berkshire-ca-version-2.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass /etc/openvpn/expressvpn.auth
auth-nocache


VPN can change your public IP-address, but it doesn't replace your local IP-address.
You should use internet services, such as https://ipleak.net/, to determine your public address.

had a look at ipleak.net and it shows my public ip address as well as location,and also tells me that I have leakage both on webRTC and DNS.

https://www.expressvpn.com/what-is-my-ip shows my public IP, as well as ISP and location.

Use traceroute to make sure your traffic goes via VPN.

You can fix it disabling WebRTC in your browser.

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.