Openconnect there is a connection but no Internet

root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd6a:7360:002c::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth0.1'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.@device[1]=device
network.@device[1].name='eth0.2'
network.@device[1].macaddr='cc:d8:43:9e:e1:b8'
network.wan=interface
network.wan.device='eth0.2'
network.wan.proto='dhcp'
network.wan.metric='10'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='4 2 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='1 6t'
network.oc=interface
network.oc.proto='openconnect'
network.oc.vpn_protocol='anyconnect'
network.oc.server='test.org'
network.oc.port='443'
network.oc.serverhash='sha1:01aa42b9513cdc21363b1429d3fba65515fc3432'
network.oc.username='xxxx'
network.oc.password='xxxxxx'
network.oc.mtu='1406'
network.@route[0]=route
network.@route[0].interface='wan'
network.@route[0].gateway='192.168.10.1'
network.@route[0].target='192.168.7.239/32'
root@OpenWrt:~#

Enable the default gateway on the vpn interface and create a static route for the vpn server as described here.

The interface (network) has not been added to the zone.

This is the third time I've seen this. You are most likely using a fork, because this is not a valid OpenWrt option and I have tested it on many versions.

default dev vpn-oc scope link
default via 192.168.10.1 dev eth0.2 src 192.168.10.128 metric 10
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.7.0/24 dev vpn-oc scope link
192.168.7.239 via 192.168.10.1 dev eth0.2 metric 10
192.168.10.0/24 dev eth0.2 scope link metric 10

You must use the server's public IP.

the domain is not allowed?

No, use nslookup to resolve it. It's static, I hope...

now the pings have gone, the traceroute shows that the traffic is going through the VPN but the Internet is not available on the devices
traceroute to google.com (64.233.161.139), 30 hops max, 46 byte packets
1 192.168.7.1 (192.168.7.1) 106.790 ms 107.205 ms 107.338 ms
2 109.107.157.3 (109.107.157.3) 107.398 ms 107.490 ms 107.349 ms
3 router.novoserve.com (89.105.199.33) 123.653 ms 112.381 ms 110.960 ms
4 * * *
5 185.147.12.171 (185.147.12.171) 108.663 ms 185.147.12.251 (185.147.12.251) 109.578 ms er9-oum.infra.novoserve.net (185.147.12.75) 109.143 ms
6 185.147.12.210 (185.147.12.210) 109.072 ms 185.147.12.209 (185.147.12.209) 108.217 ms 185.147.12.210 (185.147.12.210) 108.614 ms
7 br2-nik.infra.novoserve.net (185.147.12.126) 108.745 ms 185.147.12.160 (185.147.12.160) 108.893 ms br2-nik.infra.novoserve.net (185.147.12.126) 108.423 ms
8 72.14.209.194 (72.14.209.194) 116.428 ms 185.147.12.65 (185.147.12.65) 108.435 ms 72.14.209.194 (72.14.209.194) 110.472 ms
9 * 172.253.71.198 (172.253.71.198) 109.462 ms *
10^C
root@OpenWrt:~# traceroute 2ip.ru
traceroute to 2ip.ru (195.201.201.32), 30 hops max, 46 byte packets
1 192.168.7.1 (192.168.7.1) 107.078 ms 107.628 ms 107.810 ms
2 109.107.157.3 (109.107.157.3) 109.219 ms 107.906 ms 107.964 ms
3 router.novoserve.com (89.105.199.33) 305.751 ms 112.512 ms 110.498 ms
4 * * *
5 185.147.12.141 (185.147.12.141) 108.614 ms er9-oum.infra.novoserve.net (185.147.12.97) 108.415 ms 185.147.12.173 (185.147.12.173) 108.398 ms
6 185.147.12.208 (185.147.12.208) 108.231 ms 185.147.12.209 (185.147.12.209) 108.470 ms 185.147.12.208 (185.147.12.208) 108.019 ms
7 185.147.13.189 (185.147.13.189) 108.070 ms 213-133-121-169.clients.your-server.de (213.133.121.169) 107.966 ms 107.991 ms
8 * * *
9 core4.fra.hetzner.com (213.239.245.18) 114.722 ms 113.720 ms core1.fra.hetzner.com (213.239.203.157) 114.423 ms
10 core22.fsn1.hetzner.com (213.239.224.113) 119.838 ms core23.fsn1.hetzner.com (213.239.224.65) 118.456 ms core22.fsn1.hetzner.com (213.239.224.181) 118.304 ms
11 ex9k1.dc13.fsn1.hetzner.com (213.239.245.242) 118.580 ms ex9k1.dc13.fsn1.hetzner.com (213.239.245.238) 118.514 ms 118.523 ms
12 2ip.ru (195.201.201.32) 119.314 ms !C 118.799 ms !C 118.583 ms !C
root@OpenWrt:~#

That's because the interface is not assigned to the newly created firewall zone as stated above.

I apologize for my impudence. Could you tell me what to do? I honestly don't fully understand it, I've just been struggling with it for over a week now.

Run these commands (copy/paste the whole block).

uci add_list firewall.@zone[2].network='oc'
uci commit firewall
/etc/init.d/firewall restart

thank you very much it turned out to be working

1 Like

root@OpenWrt:~# /etc/init.d/firewall restart
Section @defaults[0] specifies unknown option 'fullcone'
that's what the console gave out, is that okay?

1 Like
uci del firewall.@defaults[0].fullcone
uci commit firewall
/etc/init.d/firewall restart

Please reset router configuration, and stop telling lies like

And post output if

ubus call system board

Nothing moves without it, you should have learned by now you cannot cheat immortalwrt via openwrt guides.