Hi everyone,
I figure it best to make a new post since the initial problems I have been having are resolved.
Right now, my ISP combo modem/router is plugged into the WAN port of my TP-Link Router. I have set up NordVPN successfully and can see via traceroute that it is going through the correct server, and not my ISP.
However, the issue is that now I cannot access the internet, or even get served a DHCP address when connecting wirelessly to the router. Connecting to either radio forces me to need to hardcode an IP and while if I do that I can access the web interface, I cannot access the internet from those devices.
My network setup is:
ISP Modem/Router Combo (192.168.1.254) ----> WAN port of Open WRT Router (LAN port 192.168.2.1) ----> Wireless clients connecting in order to access VPN (192.168.2.X)
Here are the config files
Network
https://pastebin.com/qVU8VFEr
Firewall
https://pastebin.com/0dDjZym9
OpenVPN
https://pastebin.com/svm9nN1R
As for my other setup, I've included the DHCP and DNS tab, Lan, Switch and Wan Interfaces and the interface main page as per attached images:
If there's anything I'm missing, please let me know and I'll get that for you.
TL;DR Summary: NordVPN up and running on my VPN-Only router, no DHCP served to wirelessly connected clients, when assigning static IP addresses, I'm only able to connect to the router management page, no internet.
Thanks as always.
uci -q delete network.lan.gateway
uci commit network
service network restart
1 Like
Awesome. That worked and I’m now able to pull IP addresses.
Unfortunately I still don’t have internet access. Is there something else that could be causing that?
I can still ping from the diagnostics and command line but I can’t get internet when connecting to the router via either wifi radio
From Router diagnostics page:
traceroute to openwrt.org (139.59.209.225), 30 hops max, 38 byte packets
1 10.8.2.1 3.027 ms
2 104.200.132.190 3.400 ms
3 104.200.132.142 2.673 ms
4 173.205.42.93 2.810 ms
5 154.24.61.69 3.453 ms
6 154.54.27.161 8.374 ms
7 64.86.123.93 160.234 ms
8 62.115.117.49 56.031 ms
9 *
10 62.115.112.245 146.032 ms
11 80.231.130.105 160.773 ms
12 80.231.154.142 175.105 ms
13 62.115.120.6 155.850 ms
14 195.219.87.13 167.036 ms
15 195.219.87.18 173.663 ms
16 139.59.209.225 163.435 ms
From windows 10 machine connected to either radio:
tracert openwrt.org
Unable to resolve target system name openwrt.org.
Also, here's the result from the following command:
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7d:3874:5a29::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option dns '192.168.1.254 8.8.8.1'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'openvpn'
option proto 'none'
option ifname 'eth0'
option auto '1'
option type 'bridge'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'lan'
option forward 'DROP'
config zone
option name 'wan'
option output 'ACCEPT'
option network 'wan wan6'
option input 'DROP'
option forward 'DROP'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option output 'ACCEPT'
option network 'openvpn'
option input 'DROP'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'vpn'
option src 'lan'
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'xxxxxxxxxx'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT20'
option country 'US'
option legacy_rates '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'serenity'
option encryption 'psk2'
option key 'xxxxxxxxxx'
option network 'lan'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '1'
option localservice '1'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dhcp_option '6,103.86.96.100,103.86.99.100'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
10: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.69/24 brd 192.168.1.255 scope global eth0.2
valid_lft forever preferred_lft forever
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.2.7/24 brd 10.8.2.255 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.2.1 dev tun0
default via 192.168.1.254 dev eth0.2 src 192.168.1.69
10.8.2.0/24 dev tun0 scope link src 10.8.2.7
104.200.132.172 via 192.168.1.254 dev eth0.2
128.0.0.0/1 via 10.8.2.1 dev tun0
192.168.1.0/24 dev eth0.2 scope link src 192.168.1.69
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default