uci show network; uci show firewall
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd66:7107:2c93::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth1.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.delegate='0'
network.lan.gateway='192.168.8.1'
network.wan=interface
network.wan.proto='static'
network.wan.ipaddr='192.168.8.100'
network.wan.netmask='255.255.255.0'
network.wan.gateway='192.168.8.1'
network.wan.peerdns='0'
network.wan.ifname='eth0.2'
network.wan.delegate='0'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.peerdns='0'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 0t'
network.Wireguard=interface
network.Wireguard.proto='wireguard'
network.Wireguard.auto='0'
network.vpn=interface
network.vpn.ifname='tun0'
network.vpn.proto='none'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].flow_offloading='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan' 'vpn' 'vpn'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-OpenVPN'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest_port='1194'
firewall.@rule[9].proto='tcp udp'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[10]=rule
firewall.@rule[10].name='Allow-OpenVPN'
firewall.@rule[10].src='wan'
firewall.@rule[10].dest_port='1194'
firewall.@rule[10].proto='udp'
firewall.@rule[10].target='ACCEPT'
firewall.@rule[11]=rule
firewall.@rule[11].name='Allow-OpenVPN'
firewall.@rule[11].src='wan'
firewall.@rule[11].dest_port='1194'
firewall.@rule[11].proto='udp'
firewall.@rule[11].target='ACCEPT'
uci delete firewall.@zone[0].network
uci add_list firewall.@zone[0].network="lan"
uci add_list firewall.@zone[0].network="vpn"
uci commit firewall
service firewall restart
Thx, that solved the problem.
route command show me there is an entry now from tun0, but my client log still tells me server timeout`
10:27:23.192 -- ----- OpenVPN Start -----
10:27:23.193 -- EVENT: CORE_THREAD_ACTIVE
10:27:23.195 -- Frame=512/2048/512 mssfix-ctrl=1250
10:27:23.195 -- UNUSED OPTIONS
0 [verb] [3]
2 [nobind]
5 [auth-nocache]
10:27:23.195 -- EVENT: RESOLVE
10:27:23.825 -- Contacting 0.0.255.195:1194 via UDP
10:27:23.829 -- EVENT: WAIT
10:27:23.835 -- Connecting to [x.x.net]:1194 (0.0.255.195) via UDPv4
10:27:33.186 -- Server poll timeout, trying next remote entry...
10:27:33.208 -- EVENT: RECONNECTING
10:27:33.216 -- EVENT: RESOLVE
10:27:33.226 -- Contacting0.0.255.195:1194 via UDP
10:27:33.227 -- EVENT: WAIT
10:27:33.247 -- Connecting to [x.x.net]:1194 (0.0.255.195) via UDPv4
10:27:43.196 -- Server poll timeout, trying next remote entry...
10:27:43.206 -- EVENT: RECONNECTING
10:27:43.209 -- EVENT: RESOLVE
10:27:43.223 -- Contacting 0.0.255.195:1194 via UDP
10:27:43.224 -- EVENT: WAIT
10:27:43.227 -- Connecting to [xxx.net]:1194 (0.0.255.195) via UDPv4
`
Check OpenVPN server log for client connection attempts.
If that's your IP-address, it doesn't look like valid.
nope it is not. I did not want to show it here. I changed ddns and WAN ip.
I removed OpenVPN and I am using wireguard now.