Hi,
I installed OpenWRT on my WR841N V13 and everything seems to work ok. I like it and definitely I'll keep it on my Rounter.
But, unfortunately, I'm having a problem and don't know exactly how to solve it.
I need to connect from my laptop (when connected to my Router) to a VPN from my company.
The protocol used is L2TP over IPSec.
My Firewall rules are:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
list proto 'all'
option name 'Block Hue Out'
list src_ip '10.10.10.100'
option dest 'wan'
option target 'DROP'
option src 'lan'
list src_mac 'EC:B5:FA:07:0A:56'
config rule
option name 'Block 6-Ipad Out'
list proto 'all'
option src 'lan'
list src_mac '58:E6:BA:F3:58:E5'
list src_ip '10.10.10.152'
option target 'DROP'
option dest 'wan'
option enabled '0'
config rule
option name 'Block 6-Iphone Out'
list proto 'all'
option src 'lan'
list src_mac '58:E6:BA:F3:58:E5'
list src_ip '10.10.10.152'
option dest 'wan'
option target 'DROP'
option enabled '0'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'Raspberry VPN'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_ip '10.10.10.160'
option dest_port '443'
Thanks
LE: The VPN is connected the problem is that when I'm trying to connect to the jump box I can't
I'f I'm switching to my phone internet I'm able to connect to the VPN (as over Wifi with OpenWRT) but also to connect to the jump box