OpenVPN is up and running, I still cannot access some of the sites, IP unchanged

Dear Forum, I've tried to cofigure the ExpressVPN with OpenVPN on OpenWRT 18.06. I followed the instructions exactly on this post https://enterpriseadmins.blogspot.com/2017/08/how-to-setup-expressvpn-using-openvpn.html
Everything went smoothly, and I finally got the message "Initialization sequence completed". I can see the OpenVPN is up and runnning in the status.

However, when I try to access some of the websites, they are still blocked. my IP is still unchanged.

Do I miss anyghing here?

Those instructions look incomplete/out-of-date imho. There is likely to be a problem with the firewall configuration.

Someone else may be able to suggest a newer guide for ExpressVPN. Otherwise, refer to OpenWrt Guides for generic openvpn client instructions:
https://openwrt.org/docs/guide-user/start

fwiw, you could try my openvpn client setup guide for HH5a. I've never tested it with Expressvpn but no reason why it should not work if the file paths within the .ovpn file are correct. Reset the router to return openwrt settings to defaults before you start!
https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
Works with TPlink C50v4 and Linksys EA6350v3 OpenWrt 19.07 snapshot too.

Collect the diagnostics from OpenWrt after establishing the VPN connection:

ip address show; ip route show; ip rule show; iptables-save

Check my manual in sections corresponding firewall and network configuration. You can also configure kill-switch to prevent traffic leakage. https://airvpn.org/forums/topic/20303-airvpn-configuration-on-openwrt-preventing-traffic-leakage-outside-tunnel/

Here is the info,please help

IP ADRESS SHOW
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.1.1/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether 24:f5:a2:c2:3e:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::26f5:a2ff:fec2:3e58/64 scope link
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether 26:f5:a2:c2:3e:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::24f5:a2ff:fec2:3e58/64 scope link
       valid_lft forever preferred_lft forever
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
6: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 3e:14:f1:5b:41:a0 brd ff:ff:ff:ff:ff:ff
7: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether e6:6d:2c:7a:01:8e brd ff:ff:ff:ff:ff:ff
8: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
9: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
13: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/void
14: imq0: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
15: imq1: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
16: mlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 24:f5:a2:c2:3e:5b brd ff:ff:ff:ff:ff:ff
17: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 26:f5:a2:c2:3e:58 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2001:f40:909:fb8b::1/64 scope global dynamic noprefixroute
       valid_lft 208911sec preferred_lft 122511sec
    inet6 fdc8:744:71b2::1/60 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::24f5:a2ff:fec2:3e58/64 scope link
       valid_lft forever preferred_lft forever
18: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 26:f5:a2:c2:3e:58 brd ff:ff:ff:ff:ff:ff
19: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 24:f5:a2:c2:3e:58 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::26f5:a2ff:fec2:3e58/64 scope link
       valid_lft forever preferred_lft forever
21: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp
    inet 202.187.141.233 peer 202.187.128.1/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
    inet6 2001:f40:918::7717/128 scope global dynamic noprefixroute
       valid_lft 208911sec preferred_lft 122511sec
    inet6 fe80::1d77:5975:b189:1b89/10 scope link
       valid_lft forever preferred_lft forever
26: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
    link/ether 24:f5:a2:c2:3e:5a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::26f5:a2ff:fec2:3e5a/64 scope link
       valid_lft forever preferred_lft forever
27: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
    link/ether 24:f5:a2:c2:3e:59 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::26f5:a2ff:fec2:3e59/64 scope link
       valid_lft forever preferred_lft forever
36: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none
    inet 10.123.0.46 peer 10.123.0.45/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a7d3:630c:f867:e565/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

IP ROUTE SHOW

0.0.0.0/1 via 10.123.0.45 dev tun0
default via 202.187.128.1 dev pppoe-wan proto static
10.123.0.1 via 10.123.0.45 dev tun0
10.123.0.45 dev tun0 proto kernel scope link src 10.123.0.46
45.56.152.72 via 202.187.128.1 dev pppoe-wan
128.0.0.0/1 via 10.123.0.45 dev tun0
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
202.187.128.1 dev pppoe-wan proto kernel scope link src 202.187.141.233

IP RULE SHOW

0:      from all lookup local
1001:   from all iif pppoe-wan lookup main
2001:   from all fwmark 0x100/0x3f00 lookup 1
2061:   from all fwmark 0x3d00/0x3f00 blackhole
2062:   from all fwmark 0x3e00/0x3f00 unreachable
32766:  from all lookup main
32767:  from all lookup default

IPTABLES-SAVE
# Generated by iptables-save v1.6.2 on Fri Aug 30 08:28:28 2019
*nat
:PREROUTING ACCEPT [29:1886]
:INPUT ACCEPT [29:1886]
:OUTPUT ACCEPT [117:10016]
:POSTROUTING ACCEPT [3:440]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.107/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.107/32 -p udp -m udp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Forward446 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: Forward446 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.201/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: Forward447 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.201/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: Forward447 (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p tcp -m tcp --dport 445 -m comment --comment "!fw3: HTTPS (reflection)" -j DNAT --to-destination 192.168.1.107:443
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p udp -m udp --dport 445 -m comment --comment "!fw3: HTTPS (reflection)" -j DNAT --to-destination 192.168.1.107:443
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p tcp -m tcp --dport 446 -m comment --comment "!fw3: Forward446 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p udp -m udp --dport 446 -m comment --comment "!fw3: Forward446 (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p tcp -m tcp --dport 447 -m comment --comment "!fw3: Forward447 (reflection)" -j DNAT --to-destination 192.168.1.201:3389
-A zone_lan_prerouting -s 192.168.1.0/24 -d 202.187.141.233/32 -p udp -m udp --dport 447 -m comment --comment "!fw3: Forward447 (reflection)" -j DNAT --to-destination 192.168.1.201:3389
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 445 -m comment --comment "!fw3: HTTPS" -j DNAT --to-destination 192.168.1.107:443
-A zone_wan_prerouting -p udp -m udp --dport 445 -m comment --comment "!fw3: HTTPS" -j DNAT --to-destination 192.168.1.107:443
-A zone_wan_prerouting -p tcp -m tcp --dport 446 -m comment --comment "!fw3: Forward446" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p udp -m udp --dport 446 -m comment --comment "!fw3: Forward446" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 447 -m comment --comment "!fw3: Forward447" -j DNAT --to-destination 192.168.1.201:3389
-A zone_wan_prerouting -p udp -m udp --dport 447 -m comment --comment "!fw3: Forward447" -j DNAT --to-destination 192.168.1.201:3389
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Fri Aug 30 08:28:28 2019
# Generated by iptables-save v1.6.2 on Fri Aug 30 08:28:28 2019
*mangle
:PREROUTING ACCEPT [2907:243870]
:INPUT ACCEPT [2874:234186]
:FORWARD ACCEPT [33:9684]
:OUTPUT ACCEPT [3083:406337]
:POSTROUTING ACCEPT [3132:416477]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_wan - [0:0]
:mwan3_iface_out_wan - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_ifaces_out - [0:0]
:mwan3_policy_balanced - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_policy_wan_wanb - [0:0]
:mwan3_policy_wanb_only - [0:0]
:mwan3_policy_wanb_wan - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A FORWARD -o eth1.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_out
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
-A mwan3_iface_in_wan -i pppoe-wan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
-A mwan3_iface_out_wan -o pppoe-wan -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
-A mwan3_ifaces_out -m mark --mark 0x0/0x3f00 -j mwan3_iface_out_wan
-A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_wan_wanb -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_wanb_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
-A mwan3_policy_wanb_wan -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00
-A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
-A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
-A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
-A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
-A mwan3_rules -p tcp -m multiport --sports 0:65535 -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -m comment --comment https -j mwan3_rule_https
-A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_balanced
COMMIT
# Completed on Fri Aug 30 08:28:28 2019
# Generated by iptables-save v1.6.2 on Fri Aug 30 08:28:28 2019
*filter
:INPUT ACCEPT [13:937]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth1.2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth1.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth1.2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A forwarding_rule -i ppp+ -j ACCEPT
-A forwarding_rule -o ppp+ -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -p igmp -m comment --comment "!fw3: ubus:igmpproxy[instance1] rule 2" -j ACCEPT
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -d 224.0.0.0/4 -p udp -m comment --comment "!fw3: ubus:igmpproxy[instance1] rule 1" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Zone wan to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p igmp -m comment --comment "!fw3: ubus:igmpproxy[instance1] rule 0" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_ACCEPT -i eth1.2 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_src_ACCEPT -i pppoe-wan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Fri Aug 30 08:28:28 2019

thanks, will try that

Your ISP provides dual stack.

To prevent IPv6 traffic leak, you have the following options:

  • Redirect both IPv4 and IPv6.
    • Requires your VPN provider to support IPv6.
  • Disable IPv6.

Also make sure you have no DNS leak.

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client

Thanks vgaetera, and sorry for the late reply. I've only got sometime recently to retried the config. with my old configuration, I took your advice, disabled the WAN6 chanel, after which I lost the internet connection. OpenVPN is up and runing, there must be something wrong with interface and firewall setting problem.

Tried your firewall and interface setting with HH5a, but in the firewall "zone forwardings" section, I cannot select "VPN_FW"as the "allow forwad to destination zones",even I select it somehow it cannot be saved. So, it's showing lan--->Reject. In this way, with or withour OpenVPN service is up and running, I did not have the internet connection at all.

What router are you using?

Did you reset openwrt (Luci->System->Backup/flash firmware->Perform Reset), and then follow all steps as instructed in my guide, or are you trying to modify your earlier openvpn client installation using portions of my guide?

Perhaps you can upload the contents of the /etc/config/firewall configuration file?