# Configure firewall
uci -q delete firewall.@zone[0].network
uci add_list firewall.@zone[0].network="lan"
uci -q delete firewall.@zone[1].device
uci set firewall.@zone[1].input="ACCEPT"
uci set firewall.@zone[1].forward="ACCEPT"
uci set firewall.@zone[2].input="REJECT"
uci set firewall.@zone[2].output="ACCEPT"
uci set firewall.@zone[2].forward="REJECT"
uci set firewall.@zone[2].mtu_fix="1"
uci add_list firewall.@zone[2].network="tun0"
uci -q delete firewall.@zone[3]
uci set firewall.@forwarding[2].src="lan"
uci set firewall.@forwarding[2].dest="vpn"
uci -q delete firewall.@forwarding[3]
uci commit firewall
/etc/init.d/firewall restart
# Configure DHCP
uci -q delete dhcp.lan.ignore
uci set dhcp.lan.start="100"
uci set dhcp.lan.limit="150"
uci set dhcp.lan.leasetime="1h"
uci commit dhcp
/etc/init.d/dnsmasq restart
# Configure network
uci set network.lan.proto="static"
uci set network.lan.ipaddr="192.168.2.1"
uci set network.lan.netmask="255.255.255.0"
uci commit network
/etc/init.d/network restart
# Restart OpenVPN
sleep 10
/etc/init.d/openvpn restart
And reconnect the upstream cable to the WAN interface.