I used openwrt on my GL.iNet150. I used the openvpn script from ipredator website to configure openvpn. All is working fine so far.
My final goal would be to use the physical switch to disable/enable the openvpn tunnel but the first problem is, that if I disable the openvpn via webinterface or /etc/init.d/openvpn stop, I am not able to browse to the internet (not via ip and not via fqdn).
Sounds like there's a kill switch in-use, preventing connectivity if the tunnel is down. If I recall correctly, there's a 'Force VPN' checkbox somewhere, which you'll need to untick.
thank you for the hint. I learned a lot when I implemented and checked the uci show parameter.
Unfortunately after implementing the settings I am not able to browse to the internet, regardless of using /etc/openvpn/vpnclient.sh up or down. I am not even able to ping 8.8.8.8.
Unfortunately OpenWrt web interface doesn't make difference between the process and the result because OpenVPN service doesn't interact with network service.
The log you posted indicates that the connection is not established yet and there's even a failed authentication attempt leading to an unfinished re-connection attempt:
A successuful connection attempt should end with the message:
# Fix configuration
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci set firewall.lan.forward="ACCEPT"
uci set firewall.wan.input="REJECT"
uci set firewall.wan.masq="1"
uci set firewall.wan.mtu_fix="1"
uci set firewall.lan_wan="forwarding"
uci set firewall.lan_wan.src="lan"
uci set firewall.lan_wan.dest="wan"
uci set firewall.lan_wan.enabled="0"
uci commit firewall
/etc/init.d/firewall restart
uci -q delete openvpn.IPredator.script_security
uci -q delete openvpn.IPredator.up
uci -q delete openvpn.IPredator.down
uci commit openvpn
/etc/init.d/openvpn restart
# Kill switch
cat << "EOF" > /etc/openvpn/killswitch.sh
#!/bin/sh
if pgrep openvpn
then
uci set firewall.lan_wan.enabled="1"
/etc/init.d/openvpn stop &
else
uci set firewall.lan_wan.enabled="0"
/etc/init.d/openvpn start &
fi
/etc/init.d/firewall restart &
EOF
chmod +x /etc/openvpn/killswitch.sh
This will keep the state of LAN to WAN forwarding until you run the script or reboot.
There was a fatal flaw in the original concept, that the OpenVPN down script is not guaranteed to be invoked upon the service stop action.