OpenVPN (NordVPN) Setup and seemingly working on TP-Link C2600 but not connecting and proving VPN IP

Installing and Using OpenWrt
#1

Hi everyone,

So I followed the steps to specify NordVPN on my now OpenWRT router and it seemed like everything works, below is the system log info regarding the connection:

Sat May  4 14:20:54 2019 daemon.notice openvpn(nordvpn)[2211]: /sbin/ifconfig tun0 10.8.1.11 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
Sat May  4 14:20:54 2019 daemon.notice netifd: Interface 'nordvpntun' is enabled
Sat May  4 14:20:54 2019 daemon.notice netifd: Network device 'tun0' link is up
Sat May  4 14:20:54 2019 daemon.notice netifd: Interface 'nordvpntun' has link connectivity
Sat May  4 14:20:54 2019 daemon.notice netifd: Interface 'nordvpntun' is setting up now
Sat May  4 14:20:54 2019 daemon.notice netifd: Interface 'nordvpntun' is now up
Sat May  4 14:20:54 2019 daemon.notice openvpn(nordvpn)[2211]: /sbin/route add -net 104.200.132.172 netmask 255.255.255.255 gw 192.168.1.254
Sat May  4 14:20:54 2019 daemon.notice openvpn(nordvpn)[2211]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat May  4 14:20:54 2019 daemon.notice openvpn(nordvpn)[2211]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat May  4 14:20:54 2019 daemon.notice openvpn(nordvpn)[2211]: Initialization Sequence Completed
Sat May  4 14:20:54 2019 user.notice firewall: Reloading firewall due to ifup of nordvpntun (tun0)
Sat May  4 14:21:58 2019 daemon.info dnsmasq[529]: read /etc/hosts - 4 addresses

The problem is connecting to the router provides me with my ISP IP address, not the NordVPN address.

What I'm wondering is if this is due to which port I have my ISP modem connected to - Prior to this, I was using the c2600 as a "dumb" switch, nothing more, and I just plugged in the ethernet cables wherever, do I need to specifically choose a port for the ISP modem to go into? If so, which one?

I'm including the contents of a few different files below to give some context as to my setup

network
https://pastebin.com/qVU8VFEr

openvpn
https://pastebin.com/svm9nN1R

firewall
https://pastebin.com/0dDjZym9

I greatly appreciate any help, thanks so much in advance!

Installed OpenWrt on TP-Link Archer c2600 - Wireless access working, no internet when logging in via SSH
#2

Do you mean that you connect some PC on the LAN interface of the router and it acquires IP and other settings from DHCP of the ISP modem ?
What IP does it get?
Your config looks weird

  1. you have defined twice the vpn firewall zone. It could be all combined in one firewall zone, WAN which is already there.
  2. WAN interface has DHCP protocol and LAN interface has static IP with default gateway. Where is the upstream router connected?
2 Likes
#3

Thanks for the reply!

Sorry for the weirdness in the system. Some changes were done via UCI and some just by editing the files.

To answer your questions:

  1. okay I’ll take a look at modifying this when I get back

  2. so I have assigned my OpenWRT router a static ip address and it is connected directly to my ISP modem. The default gateway is the isp modem/router. Unfortunately I know I may suffer some NAT issues but they’ve not caused any significant speed drops on the other devices I’m using them on, and this is just to unlock geo restrictions. I followed the nordvpn guide which was based on the OpenWRT guide

Here’s the link to all the steps I followed

https://nordvpn.com/tutorials/openwrt/

#4

You didn't explain if ISP router is connected to the Openwrt router on the WAN or LAN port.

1 Like
#5

Connected to LAN, changed to WAN and lost all connectivity and I can only connect to the router if I'm directly connected to its wifi connection.

I'm not sure what I should be changing for those settings, I've tried to do a static assignment of a different IP address just to test things out, but that doesn't seem to help and I still am forced to connect to the previous address (192.168.1.253)

If I change the settings to set this as a DHCP server, which I don't think is the best option as my other router is also managing the DHCP services, I end up with a 169.X IP address when, say, connecting another device.

Here's an output of the system log currently

https://pastebin.com/3XXd2zvu

Just to confirm, my ISP modem is connected now directly to the TP Link WAN port.

I apologize for not knowing enough, I'm positive there's just one settings I've messed up on, and I thank you for taking the time to help.

WAN%20settings
WAN settings.jpg938×726 84.8 KB

Sorry - One other thing I'm wondering. For this router, do I need to change the subnet? I know on my GL-AR300M it created a separate subnet to act as a "vpn router" but I have this current one within the same subnet. I'd PREFER to keep them in the same subnet as I would prefer to not run into any issues seeing the devices from 2 separate subnets, but if there's no way around that then there's no way around that.

#6

Just another update, I figured I might have messed something, lots of things, up going through the configuration process so I did a full reset.

I'm now having the issue that I cannot connect anything at all through the WAN port, as soon as I plug my main router (which is also my ISP access) to the WAN port, I cannot access the interface and I cannot connect to the OpenWRT router via wireless, neither the N nor AC network will connect.

#7

What is the LAN IP of the main router and the LAN IP of the OpenWRT?

#8

Main router is 192.168.1.254

OpenWRT is 192.168.1.253 (or, now that I’ve reset it and haven’t modified the IP, 192.168.1.1)

After the reset, without making any changes to the configuration, I get no access when I connect my isp modem to the WAN port, it just fails.

I presume I need to do some work on making some adjustments but I cannot figure out how to easily just make it work

#9

Your main router and the OpenWRT can't be in the same (192.168.1.xxx) subnet.

Change the OpenWRT LAN IP to 192.168.2.1.

Network cable from LAN port of main router to WAN port of Openwrt.

1 Like
#10

That makes a ton of sense. Thanks.

So should I leave the WAN as a DHCP client and change the LAN to the new subnet, will that allow me to access the router when I connect the cable to the WAN? As it is right now I CAN access it when the LAN ip is on the same subnet.

And, after that, what would be the best steps for setting up NordVPN, would this guide still be the best to follow?

Thanks again for all the help. I really appreciate it.

#11

I would leave WAN as DHCP.

Just change the LAN IP to get the Openwrt router internet access.
https://openwrt.org/docs/guide-user/network/lede_as_routerdevice

Choose whatever guide looks easiest to follow.

2 Likes
#12

Okay awesome. Thanks! Fingers crossed.

#13

sorry to be back with another question, but I just came up with a concern - When I had the ethernet connection from my router plugged into the WAN port, the OpenWRT router was wholly inaccessible.

What steps do I need to take in order to access the router when I connect to the WAN port?

As well, what should I specify for the Gateway on the LAN? I can only factor in the gateway of the main router, which is 192.168.1.254, but I can't suss out how that will factor going through different subnets?

Thanks again!

** Another edit, modified the Network file and changed the subnet of the LAN to 192.168.2.1 and rebooted, no access to the interface now. Connected the cable to the WAN port, still no dice =/

Connect to the wireless and I end up with no internet connection, I'm getting served a "169" IP address.

Everything worked prior to that. I just wasn't getting served under a VPN.

I don't know what else to do.

#14

Updates.

I was able to regain access by manually assigning an IP address. So that's something.

Router can access the internet (going into Diagnostics and pinging openwrt works) but anything connected to the wireless just doesn't.

Tried adjusting the gateway to just be the OpenWRT router, no dice. Tried specifying Google DNS servers, no dice.

Seems like I'm not getting fed DHCP and even manually specifying the IP address and trying to modify the DNS settings per device does me no good unfortunately.

So even with all this going I can't fully even test if the VPN portion of things is working, SEEMS like it is based on the Traceroute, but if I can't connect and get internet doesn't help a ton unfortunately :frowning:

Even tested pinging devices on the primary subnet 192.168.1.XXX and that works great. Just CANNOT figure out why I'm not able to serve an IP address to connected wireless clients, and even with a static IP still no access to the internet.

#15

To allow incoming connections from the WAN firewall zone to the device. By default everything is blocked.

Nothing, Openwrt gets the default gateway from the DHCP running on WAN interface.

Please post here the output of the following command, all in one line
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru

1 Like
#16

Results:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd7d:3874:5a29::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1.1'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option dns '192.168.1.254 8.8.8.1'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

config interface 'openvpn'
        option proto 'none'
        option ifname 'eth0'
        option auto '1'
        option type 'bridge'


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'lan'
        option forward 'DROP'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option network 'wan wan6'
        option input 'DROP'
        option forward 'DROP'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option name 'vpn'
        option output 'ACCEPT'
        option network 'openvpn'
        option input 'DROP'
        option forward 'DROP'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option dest 'vpn'
        option src 'lan'


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'US'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'psk2'
        option key '6047256846'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'serenity'
        option encryption 'psk2'
        option key '6047256846'
        option network 'lan'


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option noresolv '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        list dhcp_option '6,103.86.96.100,103.86.99.100'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
10: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.69/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
    inet 10.8.2.7/24 brd 10.8.2.255 scope global tun0
       valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.2.1 dev tun0 
default via 192.168.1.254 dev eth0.2  src 192.168.1.69 
10.8.2.0/24 dev tun0 scope link  src 10.8.2.7 
104.200.132.172 via 192.168.1.254 dev eth0.2 
128.0.0.0/1 via 10.8.2.1 dev tun0 
192.168.1.0/24 dev eth0.2 scope link  src 192.168.1.69 
192.168.2.0/24 dev br-lan scope link  src 192.168.2.1 
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

Also from my other thread, traceroute from the Diagnostics section on the router:

traceroute to openwrt.org (139.59.209.225), 30 hops max, 38 byte packets
 1  10.8.2.1  3.027 ms
 2  104.200.132.190  3.400 ms
 3  104.200.132.142  2.673 ms
 4  173.205.42.93  2.810 ms
 5  154.24.61.69  3.453 ms
 6  154.54.27.161  8.374 ms
 7  64.86.123.93  160.234 ms
 8  62.115.117.49  56.031 ms
 9  *
10  62.115.112.245  146.032 ms
11  80.231.130.105  160.773 ms
12  80.231.154.142  175.105 ms
13  62.115.120.6  155.850 ms
14  195.219.87.13  167.036 ms
15  195.219.87.18  173.663 ms
16  139.59.209.225  163.435 ms

From my Windows 10 machine connected via either Wifi radio

tracert openwrt.org
Unable to resolve target system name openwrt.org.
#17

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

# OpenWrt
uci -q delete network.lan.dns
uci commit network
/etc/init.d/network reload
uci -q delete dhcp.lan.dhcp_option
uci commit dhcp
/etc/init.d/dnsmasq restart

# PC
ipconfig /release
ipconfig /renew
tracert 8.8.8.8
tracert openwrt.org
1 Like
Problems with internet connectivity after setting up VPN-Only Router
#18

Okay so did that and this was the reply after the dnsmasq restar command

udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: no lease, failing

And after that still no internet access

Trace route:

Invalid host name or IP address. Please check your Server Name.

On the router trace route still works as per before

#19

This error message is confusing.

ipconfig /all & route print
tracert 8.8.4.4
tracert google.com
#20

Sorry that last one was taken from my phone.

Here's the results:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-GK4S7NB
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C4-54-44-E8-05-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-10-B3-71-81-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #7
   Physical Address. . . . . . . . . : 22-10-B3-71-81-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-86-07-91-A5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter
   Physical Address. . . . . . . . . : 00-FF-9C-4A-9F-1D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
   Physical Address. . . . . . . . . : 30-10-B3-71-81-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd7d:3874:5a29::91b(Preferred)
   Lease Obtained. . . . . . . . . . : Sunday, May 5, 2019 9:31:03 PM
   Lease Expires . . . . . . . . . . : Thursday, June 12, 2155 3:59:41 AM
   IPv6 Address. . . . . . . . . . . : fd7d:3874:5a29:0:3843:d161:bd7:4a30(Preferred)
   Temporary IPv6 Address. . . . . . : fd7d:3874:5a29:0:554a:f91:37e5:7f77(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3843:d161:bd7:4a30%21(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.137(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 5, 2019 9:31:02 PM
   Lease Expires . . . . . . . . . . : Monday, May 6, 2019 9:31:01 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 120590515
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-D5-6C-6D-C4-54-44-E8-05-11
   DNS Servers . . . . . . . . . . . : fd7d:3874:5a29::1
                                       192.168.2.1
                                       fd7d:3874:5a29::1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 30-10-B3-71-BE-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
===========================================================================
Interface List
 25...c4 54 44 e8 05 11 ......Realtek PCIe GBE Family Controller
 27...12 10 b3 71 81 cc ......Microsoft Wi-Fi Direct Virtual Adapter
 51...22 10 b3 71 81 cc ......Microsoft Wi-Fi Direct Virtual Adapter #7
 13...00 ff 86 07 91 a5 ......TAP-Windows Adapter V9
 17...00 ff 9c 4a 9f 1d ......Kaspersky Security Data Escort Adapter
 21...30 10 b3 71 81 cc ......Qualcomm Atheros AR956x Wireless Network Adapter
 15...30 10 b3 71 be 3a ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.137     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link     192.168.2.137    311
    192.168.2.137  255.255.255.255         On-link     192.168.2.137    311
    192.168.2.255  255.255.255.255         On-link     192.168.2.137    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.2.137    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.2.137    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 21    311 fd7d:3874:5a29::/48      fe80::ee08:6bff:feba:fd40
 21    311 fd7d:3874:5a29::/64      On-link
 21    311 fd7d:3874:5a29::91b/128  On-link
 21    311 fd7d:3874:5a29:0:3843:d161:bd7:4a30/128
                                    On-link
 21    311 fd7d:3874:5a29:0:554a:f91:37e5:7f77/128
                                    On-link
 21    311 fe80::/64                On-link
 21    311 fe80::3843:d161:bd7:4a30/128
                                    On-link
  1    331 ff00::/8                 On-link
 21    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

tracert 8.8.4.4

Tracing route to 8.8.4.4 over a maximum of 30 hops

  1     2 ms     3 ms     1 ms  OpenWrt.lan [192.168.2.1]
  2  OpenWrt.lan [192.168.2.1]  reports: Destination protocol unreachable.```

tracert google.com
Unable to resolve target system name google.com.