Thanks for taking the time to help
BusyBox v1.35.0 (2022-10-14 22:44:41 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 22.03.2, r19803-9a599fee93
-----------------------------------------------------
root@OpenWrt:~# /etc/init.d/log restart; /etc/init.d/openvpn restart; sleep 10
root@OpenWrt:~# logread -e openvpn; netstat -l -n -p | grep -e openvpn
Wed Nov 2 02:26:00 2022 daemon.err openvpn(myvpn)[2308]: event_wait : Interrupted system call (code=4)
Wed Nov 2 02:26:00 2022 daemon.notice openvpn(myvpn)[2308]: net_route_v4_del: 10.8.0.0/24 via 10.8.0.2 dev [NULL] table 0 metric -1
Wed Nov 2 02:26:00 2022 daemon.notice openvpn(myvpn)[2308]: Closing TUN/TAP interface
Wed Nov 2 02:26:00 2022 daemon.notice openvpn(myvpn)[2308]: net_addr_ptp_v4_del: 10.8.0.1 dev tun0
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[2308]: /usr/libexec/openvpn-hotplug down myvpn tun0 1500 1621 10.8.0.1 10.8.0.2 init
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[2308]: SIGTERM[hard,] received, process exiting
Wed Nov 2 02:26:01 2022 daemon.warn openvpn(myvpn)[8092]: WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
Wed Nov 2 02:26:01 2022 daemon.warn openvpn(myvpn)[8092]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: OpenVPN 2.5.7 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_route_v4_best_gw query: dst 0.0.0.0
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_route_v4_best_gw result: via 192.168.100.1 dev wan
Wed Nov 2 02:26:01 2022 daemon.warn openvpn(myvpn)[8092]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: Diffie-Hellman initialized with 2048 bit key
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_route_v4_best_gw query: dst 0.0.0.0
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_route_v4_best_gw result: via 192.168.100.1 dev wan
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: TUN/TAP device tun0 opened
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_iface_mtu_set: mtu 1500 for tun0
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_iface_up: set tun0 up
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_addr_ptp_v4_add: 10.8.0.1 peer 10.8.0.2 dev tun0
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: /usr/libexec/openvpn-hotplug up myvpn tun0 1500 1621 10.8.0.1 10.8.0.2 init
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: net_route_v4_add: 10.8.0.0/24 via 10.8.0.2 dev [NULL] table 0 metric -1
Wed Nov 2 02:26:01 2022 daemon.warn openvpn(myvpn)[8092]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: UDPv4 link local (bound): [AF_INET][undef]:1149
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: UDPv4 link remote: [AF_UNSPEC]
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: MULTI: multi_init called, r=256 v=256
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: IFCONFIG POOL IPv4: base=10.8.0.4 size=62
Wed Nov 2 02:26:01 2022 daemon.notice openvpn(myvpn)[8092]: Initialization Sequence Completed
udp 0 0 0.0.0.0:1149 0.0.0.0:* 8092/openvpn
root@OpenWrt:~# pgrep -f -a openvpn
8092 /usr/sbin/openvpn --syslog openvpn(myvpn) --status /var/run/openvpn.myvpn.status --cd /var/etc --config openvpn-myvpn.conf --up /usr/libexec/openvpn-hotplug up myvpn --down /usr/libexec/openvpn-hotplug down myvpn --script-security 2
root@OpenWrt:~# ip address show; ip route show table all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP qlen 1000
link/ether 5c:02:14:b0:96:b1 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5e02:14ff:feb0:96b1/64 scope link
valid_lft forever preferred_lft forever
3: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 5c:02:14:30:32:3b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.68/24 brd 192.168.100.255 scope global wan
valid_lft forever preferred_lft forever
inet6 2806:2f0:61e0:758:5e02:14ff:fe30:323b/64 scope global dynamic noprefixroute
valid_lft 258972sec preferred_lft 172572sec
inet6 2806:2f0:61e0:758::1/128 scope global dynamic noprefixroute
valid_lft 242780sec preferred_lft 156380sec
inet6 fe80::5e02:14ff:fe30:323b/64 scope link
valid_lft forever preferred_lft forever
4: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 5c:02:14:b0:96:b1 brd ff:ff:ff:ff:ff:ff
5: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 5c:02:14:b0:96:b1 brd ff:ff:ff:ff:ff:ff
6: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 5c:02:14:b0:96:b1 brd ff:ff:ff:ff:ff:ff
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 5c:02:14:b0:96:b1 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.1/24 brd 192.168.26.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd24:902b:33c::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::5e02:14ff:feb0:96b1/64 scope link
valid_lft forever preferred_lft forever
11: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 5c:02:14:b0:96:b3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5e02:14ff:feb0:96b3/64 scope link
valid_lft forever preferred_lft forever
12: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 5c:02:14:b0:96:b2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5e02:14ff:feb0:96b2/64 scope link
valid_lft forever preferred_lft forever
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
link/[65534]
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::8061:b8af:b3b3:4a59/64 scope link flags 800
valid_lft forever preferred_lft forever
default via 192.168.100.1 dev wan src 192.168.100.68
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 scope link src 10.8.0.1
192.168.26.0/24 dev br-lan scope link src 192.168.26.1
192.168.100.0/24 dev wan scope link src 192.168.100.68
local 10.8.0.1 dev tun0 table local scope host src 10.8.0.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.26.0 dev br-lan table local scope link src 192.168.26.1
local 192.168.26.1 dev br-lan table local scope host src 192.168.26.1
broadcast 192.168.26.255 dev br-lan table local scope link src 192.168.26.1
broadcast 192.168.100.0 dev wan table local scope link src 192.168.100.68
local 192.168.100.68 dev wan table local scope host src 192.168.100.68
broadcast 192.168.100.255 dev wan table local scope link src 192.168.100.68
default from 2806:2f0:61e0:758::1 via fe80::1 dev wan metric 512
default from 2806:2f0:61e0:758::/64 via fe80::1 dev wan metric 512
2806:2f0:61e0:758::/64 dev wan metric 256
unreachable 2806:2f0:61e0:758::/64 dev lo metric 2147483647
fd24:902b:33c::/64 dev br-lan metric 1024
unreachable fd24:902b:33c::/48 dev lo metric 2147483647
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wan metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev tun0 metric 256
local ::1 dev lo table local metric 0
anycast 2806:2f0:61e0:758:: dev wan table local metric 0
local 2806:2f0:61e0:758::1 dev wan table local metric 0
local 2806:2f0:61e0:758:5e02:14ff:fe30:323b dev wan table local metric 0
anycast fd24:902b:33c:: dev br-lan table local metric 0
local fd24:902b:33c::1 dev br-lan table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wan table local metric 0
anycast fe80:: dev wlan1 table local metric 0
anycast fe80:: dev tun0 table local metric 0
local fe80::5e02:14ff:fe30:323b dev wan table local metric 0
local fe80::5e02:14ff:feb0:96b1 dev br-lan table local metric 0
local fe80::5e02:14ff:feb0:96b1 dev eth0 table local metric 0
local fe80::5e02:14ff:feb0:96b2 dev wlan0 table local metric 0
local fe80::5e02:14ff:feb0:96b3 dev wlan1 table local metric 0
local fe80::8061:b8af:b3b3:4a59 dev tun0 table local metric 0
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev br-lan table local metric 256
multicast ff00::/8 dev wlan0 table local metric 256
multicast ff00::/8 dev wan table local metric 256
multicast ff00::/8 dev wlan1 table local metric 256
multicast ff00::/8 dev tun0 table local metric 256
root@OpenWrt:~# ip rule show; ip -6 rule show; nft list ruleset
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
0: from all lookup local
32766: from all lookup main
table inet fw4 {
chain input {
type filter hook input priority filter; policy accept;
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
udp dport 1194 counter packets 0 bytes 0 accept comment "!fw4: Allow-OpenVPN-Inbound"
iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname "wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
iifname "tun0" jump input_vpn comment "!fw4: Handle vpn IPv4/IPv6 input traffic"
}
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname "wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
iifname "tun0" jump forward_vpn comment "!fw4: Handle vpn IPv4/IPv6 forward traffic"
jump handle_reject
}
chain output {
type filter hook output priority filter; policy accept;
oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
ct state established,related accept comment "!fw4: Allow outbound established and related flows"
oifname "br-lan" jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
oifname "wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
oifname "tun0" jump output_vpn comment "!fw4: Handle vpn IPv4/IPv6 output traffic"
}
chain prerouting {
type filter hook prerouting priority filter; policy accept;
iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
}
chain handle_reject {
meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
reject comment "!fw4: Reject any other traffic"
}
chain syn_flood {
limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
drop comment "!fw4: Drop excess packets"
}
chain input_lan {
jump accept_from_lan
}
chain output_lan {
jump accept_to_lan
}
chain forward_lan {
jump accept_to_wan comment "!fw4: Accept lan to wan forwarding"
jump accept_to_vpn comment "!fw4: Accept lan to vpn forwarding"
jump accept_to_lan
}
chain helper_lan {
}
chain accept_from_lan {
iifname "br-lan" counter packets 66 bytes 5098 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain accept_to_lan {
oifname "br-lan" counter packets 19 bytes 1304 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain input_wan {
meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew"
icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP"
meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 3 bytes 192 accept comment "!fw4: Allow-ICMPv6-Input"
jump reject_from_wan
}
chain output_wan {
jump accept_to_wan
}
chain forward_wan {
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
jump reject_to_wan
}
chain accept_to_wan {
oifname "wan" counter packets 313 bytes 38801 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
}
chain reject_from_wan {
iifname "wan" counter packets 16 bytes 2173 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain reject_to_wan {
oifname "wan" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain input_vpn {
jump accept_from_vpn
}
chain output_vpn {
jump accept_to_vpn
}
chain forward_vpn {
jump accept_to_wan comment "!fw4: Accept vpn to wan forwarding"
jump accept_to_lan comment "!fw4: Accept vpn to lan forwarding"
jump accept_to_vpn
}
chain helper_vpn {
}
chain accept_from_vpn {
iifname "tun0" counter packets 0 bytes 0 accept comment "!fw4: accept vpn IPv4/IPv6 traffic"
}
chain accept_to_vpn {
oifname "tun0" counter packets 2 bytes 152 accept comment "!fw4: accept vpn IPv4/IPv6 traffic"
}
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
}
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
oifname "tun0" jump srcnat_vpn comment "!fw4: Handle vpn IPv4/IPv6 srcnat traffic"
}
chain srcnat_wan {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
}
chain raw_prerouting {
type filter hook prerouting priority raw; policy accept;
}
chain raw_output {
type filter hook output priority raw; policy accept;
}
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
}
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
}
chain mangle_input {
type filter hook input priority mangle; policy accept;
}
chain mangle_output {
type route hook output priority mangle; policy accept;
}
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
iifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
oifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
iifname "tun0" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone vpn IPv4/IPv6 ingress MTU fixing"
oifname "tun0" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone vpn IPv4/IPv6 egress MTU fixing"
}
chain srcnat_vpn {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 vpn traffic"
}
}
root@OpenWrt:~# uci show network; uci show firewall; uci show openvpn
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd24:902b:033c::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.26.1'
network.@device[1]=device
network.@device[1].name='wan'
network.@device[1].macaddr='5c:02:14:30:32:3b'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
network.vpn0=interface
network.vpn0.proto='none'
network.vpn0.auto='1'
network.vpn0.device='tun0'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[2]=zone
firewall.@zone[2].name='vpn'
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].network='vpn0'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-ICMPv6-Forward'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='*'
firewall.@rule[9].proto='icmp'
firewall.@rule[9].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[9].limit='1000/sec'
firewall.@rule[9].family='ipv6'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[10]=rule
firewall.@rule[10].name='Allow-IPSec-ESP'
firewall.@rule[10].src='wan'
firewall.@rule[10].dest='lan'
firewall.@rule[10].proto='esp'
firewall.@rule[10].target='ACCEPT'
firewall.@rule[11]=rule
firewall.@rule[11].name='Allow-ISAKMP'
firewall.@rule[11].src='wan'
firewall.@rule[11].dest='lan'
firewall.@rule[11].dest_port='500'
firewall.@rule[11].proto='udp'
firewall.@rule[11].target='ACCEPT'
firewall.@rule[12]=rule
firewall.@rule[12].name='Allow-OpenVPN-Inbound'
firewall.@rule[12].target='ACCEPT'
firewall.@rule[12].src='*'
firewall.@rule[12].proto='udp'
firewall.@rule[12].dest_port='1194'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='vpn'
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].src='vpn'
firewall.@forwarding[2].dest='lan'
firewall.@forwarding[3]=forwarding
firewall.@forwarding[3].src='lan'
firewall.@forwarding[3].dest='vpn'
openvpn.myvpn=openvpn
openvpn.myvpn.enabled='1'
openvpn.myvpn.verb='3'
openvpn.myvpn.port='1149'
openvpn.myvpn.proto='udp'
openvpn.myvpn.dev='tun'
openvpn.myvpn.server='10.8.0.0 255.255.255.0'
openvpn.myvpn.ca='/etc/openvpn/ca.crt'
openvpn.myvpn.cert='/etc/openvpn/cert.crt'
openvpn.myvpn.key='/etc/openvpn/mykey.key'
openvpn.myvpn.dh='/etc/openvpn/dh2048.pem'
openvpn.myvpn.keepalive='10 120'
openvpn.myvpn.status='/var/log/openvpn-status.log'
openvpn.myvpn.push='route 192.168.26.0 255.255.255.0' 'redirect-gateway def1' 'dhcp-option DNS 192.168.26.1'
root@OpenWrt:~# head -v -n -0 /etc/openvpn/*.conf
head: /etc/openvpn/*.conf: No such file or directory
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~#