Hi everyone i don't like posting new topics because with a little time and reading I can work most things out but i'm simply out of options. (im not an IT guy but i know a small amount)
My set up:
Hostname OutdoorRouter
Model EZR33
Architecture Qualcomm Atheros QCA9531 ver 2 rev 0
Firmware VersionEV3108
Kernel Version4.9.152
Mobile Modem EP06ELAR03A08M4G
As you might already know this is a GSM/LTE based router. i have it because i cant get a good wired connection where i am.
Everything is set up and working as it should however when i enable the vpn in openvpn it connects and the interface tun0 is connected but no RX data and very little TX data. i also lose internet when the tunnel is open.
i guess its a routing problem in the firewall. i've tried everything i can think of, i followed many guides with the same result. (vpn up internet down or even worse i lock myself out and have to climb on the roof to reset it.)
a guide to what im doing.
install and start device
opkg update
opkg install openvpn-openssl luci-app-openvpn ca-certificates
enter exrpess vpn ovpn file data or shh in and load it that way
ive uploaded the correct files via winscp and via the gui.
ive tried enabling and disabling PULL
ive finally decided that the VPN settings are correct and it must be sometimes silly im overlooking or firewall/port issue
i could be wrong but interface "wan and "mobile" are in the same firewall group and if i move and add anything to this group i lose internet. my feeling is that the mobile supplies the wan and supplies both Ethernet and wifi over a bridge
ive been at this for 7 weeks almost every day and night. ive gotten to the point where i feel like im doing the same thing over and over.
I NEED SOMEONE WHO KNOWS HOW TO VPN AN LTE CONNECTION. PLEASE
any more info or questions i will be happy to help. Have anyone dont this before with an EZR30 or EZR33.
My only goal is to vpn on the router so i dont need to do it on all my families devices and devices that dont support vpn.
IM WILLING TO PAY IF SOMEONE CAN SHOW ME WHAT IM DOING WRONG
Confing for reference
//NETWORK
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ifname 'eth1'
option ipaddr '192.168.0.2'
config interface 'wan'
option proto 'dhcp'
option ifname 'eth0'
option metric '1'
config interface 'MOBILE'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option metric '3'
config interface 'VPN'
option proto 'none'
option ifname 'tun0'
option auto '1'
// FIREWALL
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 MOBILE'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone
option name 'exp_fw'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'ExpressVPN VPN'
// EXPRESS VPN OPENVPN Config
config openvpn 'express_vpn'
option dev 'tun'
option ifconfig ''
option nobind '1'
option verb '3'
option port '1195'
option ca '/etc/luci-uploads/cbid.openvpn.express_vpn.ca'
option cert '/etc/luci-uploads/cbid.openvpn.express_vpn.cert'
option key '/etc/luci-uploads/cbid.openvpn.express_vpn.key'
option proto 'udp'
option persist_tun '1'
option persist_key '1'
option tun_mtu '1500'
option sndbuf '524288'
option rcvbuf '524288'
option tls_client '1'
option cipher 'AES-256-CBC'
option auth 'SHA512'
option keysize '256'
option tls_auth '/etc/openvpn/tlsauth.key'
option key_direction '1'
option fast_io '1'
option route_delay '2'
option ns_cert_type 'server'
option client '1'
option pull '1'
option remote_random '1'
option auth_user_pass '/etc/openvpn/userpass.txt'
list remote 'uk-berkshire-2-ca-version-2.expressnetw.com 1195'
PS THIS IS THE DEFAULT FIREWALL SETTINGS AS I JUST HAD TO CLIMB UP AND HARD RESET IT