Hi all,
I have followed the discussion with Dominik-1980 here and checked it with my configuration because Dominik seems to had similar problems as I have currently but with an older Raspberry version with quite the same application.
Here is my story:
- I installed OpenWrt on a Raspberry 4B and OpenVPN package. I followed tutorials since I have never worked with OpenWrt before.
- I configured Ethernet in DHCP mode because I want to connect it with my DSL fritzbox which is the DHCP server at IP address 192.168.178.1. My idea is to use the Raspberry also on travels as a mobile VPN router. Therefore, I want to avoid to give it a fixed IP address at the Ethernet interface. It shall run out-of-the-box within any local network configuration. At home, I basically want to provide WiFi ( I have a second WiFi router) and VPN WiFi for all devices at the same time. I need VPN WiFi especially for my television which is not capable to run a OpenVPN app or other kind of VPN application.
- I enabled the OpenWrt WiFi connection as WLAN access point. Connection worked pretty well directly from start and established a straight connection between WLAN client (my laptop) to my DSL fritzbox router through ethernet. Therefore, direct routing seems to run without any problems.
- I configured OpenVPN and downloaded certificates and configuration files from my provider CyberGhost who supports all kind of OpenWrt / OpenVPN routers. I could start the OpenVPN instance without out problems from the OpenVPN web interface without any problems (at least I could not identify any problem at the OpenVPN relevant logs)
And here comes my problem:
It tried to configure OpenWrt through Luci in the same way as Dominik did at his issue topic but I failed much earlier at setting up tun0 interface.
When I ran command
ip a
I got the following output
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP group default qlen 1000
link/ether dc:a6:32:9e:26:e0 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether dc:a6:32:9e:26:e2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::dea6:32ff:fe9e:26e2/64 scope link
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:a6:32:9e:26:e0 brd ff:ff:ff:ff:ff:ff
inet 192.168.178.72/24 brd 192.168.178.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fe80::dea6:32ff:fe9e:26e0/64 scope link
valid_lft forever preferred_lft forever
5: **tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500**
** link/none**
Now I wonder how I can manage to make tun0 connected with my VPN server.
This what the commands
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
suggested by trendy gave back my configuration:
{
"kernel": "5.10.90",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.2",
"board_name": "raspberrypi,4-model-b",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r18539-f2c3875dfc",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt SNAPSHOT r18539-f2c3875dfc"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0b:9890:1224::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option name 'tun0'
option ipv6 '0'
config interface 'OpenVPN'
option proto 'none'
option device 'tun0'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option cell_density '0'
option country 'DE'
option htmode 'HT20'
option channel 'auto'
option band '5g'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key 'ThisWasMyPassword'
option ssid 'KeepOutVPN'
option wmm '0'
option encryption 'psk2'
option network 'lan'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'OpenVPN'
option interface 'OpenVPN'
option ignore '1'
list ra_flags 'none'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'tun0'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
option masq '1'
option name 'CyberGVpn'
list network 'OpenVPN'
config forwarding
option src 'CyberGVpn'
option dest 'lan'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.178.72/24 brd 192.168.178.255 scope global br-lan
valid_lft forever preferred_lft forever
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
inet 10.5.4.176/24 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.5.4.1 dev tun0
default via 192.168.178.1 dev br-lan proto static src 192.168.178.72
10.5.4.0/24 dev tun0 proto kernel scope link src 10.5.4.176
128.0.0.0/1 via 10.5.4.1 dev tun0
146.70.39.135 via 192.168.178.1 dev br-lan
192.168.178.0/24 dev br-lan proto kernel scope link src 192.168.178.72
broadcast 10.5.4.0 dev tun0 table local proto kernel scope link src 10.5.4.176
local 10.5.4.176 dev tun0 table local proto kernel scope host src 10.5.4.176
broadcast 10.5.4.255 dev tun0 table local proto kernel scope link src 10.5.4.176
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.178.0 dev br-lan table local proto kernel scope link src 192.168.178.72
local 192.168.178.72 dev br-lan table local proto kernel scope host src 192.168.178.72
broadcast 192.168.178.255 dev br-lan table local proto kernel scope link src 192.168.178.72
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
lrwxrwxrwx 1 root root 16 Jan 11 00:06 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 0 Jan 20 21:47 /tmp/resolv.conf
-rw-r--r-- 1 root root 0 Jan 20 21:47 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 0 Jan 20 21:47 resolv.conf.auto
==> /etc/resolv.conf <==
==> /tmp/resolv.conf <==
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
I would very much appreciate if anybody could help me out with my issue. Thank you in advance!