Ok, I know there is a lot of topics about openvpn configuration, but i cant make my dedicated vpn interface working.
My router is a x86 N5105, without native vlan, so i followed some guides, to create interfaces, and make openvpn tun0 instance working. But it seems the DHCP from the VPN interface is not working. The devices cant connect via wifi, and tested via cable and the interface dont seems to be working.
root@calango:~# uci show network;uci show wireless; \
> uci show firewall; uci show dhcp; \
> ip -4 addr ; ip -4 ro ; ip -4 ru; \
tables-save; \
h> iptables-save; \
> head -n -0 /etc/firewall.user; \
/etc/> ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.globals.packet_steering='1'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].stp='1'
network.@device[0].ports='eth1' 'eth2'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='10.99.99.1'
network.lan.force_link='0'
network.lan.ip4table='local'
network.lan.ip6table='local'
network.lan.ip6class='wan_6'
network.lan.ip6assign='64'
network.lan.netmask='255.252.0.0'
network.wan=interface
network.wan.device='eth0'
network.wan.proto='pppoe'
network.wan.username=
network.wan.password
network.wan.peerdns='0'
network.wan.ip6assign='128'
network.wan.dns='1.1.1.1' '1.0.0.1'
network.wan.service='Linq'
network.wan.ipv6='1'
network.wan_6=interface
network.wan_6.proto='dhcpv6'
network.wan_6.reqprefix='auto'
network.wan_6.reqaddress='try'
network.wan_6.peerdns='0'
network.wan_6.dns='2606:4700:4700::1111' '2606:4700:4700::1001'
network.wan_6.device='@wan'
network.@device[1]=device
network.@device[1].name='eth0'
network.tor=interface
network.tor.proto='static'
network.tor.ipaddr='10.10.99.1'
network.tor.force_link='0'
network.tor.delegate='0'
network.tor.netmask='255.255.255.128'
network.tor.device='br-tor'
network.@device[2]=device
network.@device[2].name='wlan0-1'
network.@device[3]=device
network.@device[3].type='bridge'
network.@device[3].name='br-tor'
network.@device[3].ports='wlan0-1'
network.@device[3].bridge_empty='1'
network.vpn=interface
network.vpn.proto='static'
network.vpn.device='br-vpn'
network.vpn.netmask='255.255.255.128'
network.vpn.ipaddr='10.6.0.1'
network.vpn.force_link='0'
network.@device[4]=device
network.@device[4].type='bridge'
network.@device[4].name='br-vpn'
network.@device[4].bridge_empty='1'
network.@device[4].ports='eth3' 'tun0'
network.wan_vpn=interface
network.wan_vpn.device='tun0'
network.wan_vpn.hostname='*'
network.wan_vpn.ifname='tun0'
network.wan_vpn.proto='none'
network.wan_vpn.delegate='0'
network.@device[5]=device
network.@device[5].name='tun0'
wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.path='pci0000:00/0000:00:1c.0/0000:01:00.0'
wireless.radio0.band='2g'
wireless.radio0.cell_density='0'
wireless.radio0.country='BR'
wireless.radio0.htmode='HE20'
wireless.radio0.channel='7'
wireless.default_radio0=wifi-iface
wireless.default_radio0.device='radio0'
wireless.default_radio0.network='lan'
wireless.default_radio0.mode='ap'
wireless.default_radio0.encryption='sae-mixed'
wireless.default_radio0.key=''
wireless.default_radio0.ssid=''
wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.path='pci0000:00/0000:00:1c.0/0000:01:00.0+1'
wireless.radio1.band='5g'
wireless.radio1.country='BR'
wireless.radio1.cell_density='0'
wireless.radio1.noscan='1'
wireless.radio1.htmode='HE40'
wireless.radio1.channel='auto'
wireless.default_radio1=wifi-iface
wireless.default_radio1.device='radio1'
wireless.default_radio1.network='lan'
wireless.default_radio1.mode='ap'
wireless.default_radio1.encryption='sae-mixed'
wireless.default_radio1.key=''
wireless.default_radio1.ssid=''
wireless.wifinet2=wifi-iface
wireless.wifinet2.device='radio0'
wireless.wifinet2.mode='ap'
wireless.wifinet2.ssid='TOR_CA'
wireless.wifinet2.encryption='sae-mixed'
wireless.wifinet2.key=''
wireless.wifinet2.network='tor'
wireless.wifinet2.isolate='1'
wireless.wifinet3=wifi-iface
wireless.wifinet3.device='radio1'
wireless.wifinet3.mode='ap'
wireless.wifinet3.key='
wireless.wifinet3.network='vpn'
wireless.wifinet3.ssid='TOCA_VPN'
wireless.wifinet3.encryption='psk-mixed'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@defaults[0].flow_offloading='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].name='tor_ca'
firewall.@zone[1].network='tor'
firewall.@zone[2]=zone
firewall.@zone[2].name='wan'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].network='wan' 'wan6' 'wan_6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[3].name='Allow-DHCPv6 (547-546)'
firewall.@rule[3].src_port='547'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-DHCPv6 (546-547)'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].proto='udp'
firewall.@rule[4].src_port='546'
firewall.@rule[4].dest_port='547'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[4].src='wan'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-MLD'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].src_ip='fe80::/10'
firewall.@rule[5].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Input'
firewall.@rule[6].src='wan'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-ICMPv6-Forward'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='*'
firewall.@rule[7].proto='icmp'
firewall.@rule[7].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[7].limit='1000/sec'
firewall.@rule[7].family='ipv6'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-IPSec-ESP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].proto='esp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-ISAKMP'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='500'
firewall.@rule[9].proto='udp'
firewall.@rule[9].target='ACCEPT'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.@rule[10]=rule
firewall.tor_nft=include
firewall.tor_nft.path='/etc/nftables.d/tor.sh'
firewall.tcp_int=redirect
firewall.tcp_int.name='Intercept-TCP'
firewall.tcp_int.src_dport='0-65535'
firewall.tcp_int.dest_port='9040'
firewall.tcp_int.proto='tcp'
firewall.tcp_int.family='any'
firewall.tcp_int.target='DNAT'
firewall.tcp_int.src='tor_ca'
firewall.adblock_lan53=redirect
firewall.adblock_lan53.name='Adblock DNS (lan, 53)'
firewall.adblock_lan53.src='lan'
firewall.adblock_lan53.proto='tcp udp'
firewall.adblock_lan53.src_dport='53'
firewall.adblock_lan53.dest_port='53'
firewall.adblock_lan53.target='DNAT'
firewall.pbr=include
firewall.pbr.fw4_compatible='1'
firewall.pbr.type='script'
firewall.pbr.path='/usr/share/pbr/pbr.firewall.include'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[1].src='tor_ca'
firewall.@zone[3]=zone
firewall.@zone[3].name='wan_vpn'
firewall.@zone[3].input='REJECT'
firewall.@zone[3].output='ACCEPT'
firewall.@zone[3].forward='REJECT'
firewall.@zone[3].masq='1'
firewall.@zone[3].mtu_fix='1'
firewall.@zone[3].network='wan_vpn'
firewall.@zone[4]=zone
firewall.@zone[4].name='vpn'
firewall.@zone[4].input='REJECT'
firewall.@zone[4].output='ACCEPT'
firewall.@zone[4].forward='REJECT'
firewall.@zone[4].network='vpn'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].src='vpn'
firewall.@forwarding[2].dest='wan_vpn'
firewall.@rule[11]=rule
firewall.@rule[11].name='Allow-VPN-Input-DHCPv4'
firewall.@rule[11].family='ipv4'
firewall.@rule[11].proto='udp'
firewall.@rule[11].src='vpn'
firewall.@rule[11].src_port='68'
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].dest_port='67'
dhcp.lan=dhcp
dhcp.lan.dhcpv4='server'
dhcp.lan.interface='lan'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.force='1'
dhcp.lan.start='20'
dhcp.lan.ra='hybrid'
dhcp.lan.dhcpv6='hybrid'
dhcp.lan.ndp='hybrid'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.leasefile='/var/lib/odhcpd/dhcp.leases'
dhcp.odhcpd.leasetrigger='/usr/lib/unbound/odhcpd.sh'
dhcp.odhcpd.maindhcp='1'
dhcp.odhcpd.loglevel='4'
dhcp.tor=dhcp
dhcp.tor.interface='tor'
dhcp.tor.dhcpv4='server'
dhcp.tor.leasetime='12h'
dhcp.tor.force='1'
dhcp.tor.limit='50'
dhcp.tor.start='20'
dhcp.vpn=dhcp
dhcp.vpn.interface='vpn'
dhcp.vpn.leasetime='12h'
dhcp.vpn.force='1'
dhcp.vpn.start='20'
dhcp.vpn.limit='50'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 10.99.99.1/14 brd 10.99.255.255 scope global br-lan
valid_lft forever preferred_lft forever
9: br-tor: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 10.10.99.1/25 brd 10.10.99.127 scope global br-tor
valid_lft forever preferred_lft forever
10: br-vpn: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 10.6.0.1/25 brd 10.6.0.127 scope global br-vpn
valid_lft forever preferred_lft forever
15: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
inet 45.191.204.31 peer 100.64.128.1/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
default via 100.64.128.1 dev pppoe-wan proto static
10.6.0.0/25 dev br-vpn proto kernel scope link src 10.6.0.1
10.10.99.0/25 dev br-tor proto kernel scope link src 10.10.99.1
100.64.128.1 dev pppoe-wan proto kernel scope link src 45.191.204.31
0: from all lookup local
10000: from 10.99.99.1 lookup local
20000: from all to 10.99.99.1/14 lookup local
32765: from all iif br-vpn lookup vpn
32766: from all lookup main
32767: from all lookup default
90008: from all iif lo lookup local
-ash: iptables-save: not found
head: /etc/firewall.user: No such file or directory
lrwxrwxrwx 1 root root 16 Jan 2 21:24 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 126 Jan 29 18:24 /tmp/resolv.conf
-rw-r--r-- 1 root root 43 Jan 29 18:24 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 54 Jan 29 18:24 resolv.conf.auto
==> /etc/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-01-29T18:24:31-03:00
nameserver 127.0.0.1
nameserver ::1
search
==> /tmp/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-01-29T18:24:31-03:00
nameserver 127.0.0.1
nameserver ::1
search
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver 45.65.220.23
nameserver 8.8.8.8
