Spirare
January 12, 2026, 10:31pm
1
Hello all,
I had this working a while ago…that is connecting back to my home network from my DigitalOcean Droplet Server (DODS).
Home Network LAN: 192.168.8.X
Wire Guard tunnel: 10.0.0.2 (home network end point : 10.0.0.1)
From my DO server, I can ping my home router at 192.168.8.1 but can’t reach any devices on the network (ex.: 192.168.8.60)
I have basic network understanding and often get confused when troubleshooting problems…thanks you for your help...I wish to learn!
/etc/config# cat network
config device
option name 'eth0'
option macaddr '................'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.2'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config device
option name 'eth1'
option macaddr '...........'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.8.1'
option device 'br-lan.99'
config interface 'vpn_client'
option proto 'none'
option device 'tun0'
config interface 'WG2Droplet'
option proto 'wireguard'
option private_key '.........................'
list addresses '10.0.0.1'
config wireguard_WG2Droplet
option description 'Spiramentum'
option public_key '..........................'
list allowed_ips '10.0.0.2/32'
option endpoint_host 'www.spiramentum.ca'
option persistent_keepalive '25'
option route_allowed_ips '1'
/etc/config# cat firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option fullcone '1'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'WG2Droplet'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone4 '1'
option fullcone6 '1'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'vpn_client'
config zone
option name 'vpn_client'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'config forwarding
option src 'lan'
option dest 'wan'
option masq '1'
option mtu_fix '1'
list network 'vpn_client'
brada4
January 12, 2026, 10:53pm
2
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network #full file secrets replaced with XYZ
cat /etc/config/dhcp
cat /etc/config/firewall #full file secrets replaced by XYZ
-----------------------------------------------------
FriendlyWrt 23.05.0, r23497-6637af95aa
-----------------------------------------------------
root@R4:~# ubus call system board
{
"kernel": "6.1.55",
"hostname": "R4",
"system": "ARMv8 Processor rev 4",
"model": "FriendlyElec NanoPi R4S",
"board_name": "friendlyelec,nanopi-r4s",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0",
"revision": "r23497-6637af95aa",
"target": "rockchip/armv8",
"description": "OpenWrt 23.05.0 r23497-6637af95aa"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00:ab:cd::/48'
option packet_steering '1'
config device
option name 'eth0'
option macaddr '.....'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.2'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config device
option name 'eth1'
option macaddr '......'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.8.1'
option device 'br-lan.99'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config interface 'vpn_client'
option proto 'none'
option device 'tun0'
config interface 'WG2Droplet'
option proto 'wireguard'
option private_key '........'
list addresses '10.0.0.1'
config wireguard_WG2Droplet
option description 'Spiramentum'
option public_key '........'
list allowed_ips '10.0.0.2/32'
option endpoint_host 'www.xxxxxxxxxx.ca'
option persistent_keepalive '25'
option route_allowed_ips '1'
config interface 'M2'
option proto 'static'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
option defaultroute '0'
option ipaddr '192.168.12.254'
option device 'br-m2'
option type 'bridge'
option auto '0'
config interface 'Spirare_AP'
option proto 'static'
option ipaddr '192.168.9.254'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
option type 'bridge'
option defaultroute '0'
option device 'br-spirare-ap'
list dhcp_option '6,192.168.8.1'
config device
option type '8021q'
option ifname 'br-lan'
option vid '99'
option name 'br-lan.99'
option ipv6 '0'
config device
option type '8021q'
option ifname 'eth1'
option vid '10'
option name 'eth1.10'
option ipv6 '0'
config device
option type '8021q'
option ifname 'eth1'
option vid '20'
option name 'eth1.20'
option ipv6 '0'
config interface 'WebCam'
option proto 'static'
option device 'eth1.20'
option ipaddr '192.168.11.254'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
option auto '0'
config device
option type 'bridge'
option name 'br-spirare-ap'
option ipv6 '0'
config device
option type 'bridge'
option name 'br-m2'
option ipv6 '0'
config interface 'TV'
option proto 'static'
option device 'eth1.10'
option ipaddr '192.168.13.254'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br_tv_ap'
option ipv6 '0'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option noresolv '1'
option port '1053'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
option rebind_protection '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv4 'server'
option leasetime '1h'
list dhcp_option 'option:dns-server,192.168.8.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'M2'
option interface 'M2'
option start '100'
option leasetime '1h'
option limit '50'
list dhcp_option 'option:dns-server,192.168.8.1'
config dhcp 'Spirare_AP'
option interface 'Spirare_AP'
option start '100'
option limit '25'
option leasetime '5m'
list dhcp_option 'option:dns-server,192.168.8.1'
config dhcp 'WebCam'
option interface 'WebCam'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option 'option:dns-server,192.168.8.1'
config dhcp 'TV'
option interface 'TV'
option start '2'
option limit '10'
option leasetime '12h'
list dhcp_option 'option:dns-server,192.168.8.1'
config host
option name 'M2'
option dns '1'
option mac '........'
option ip '192.168.8.2'
config host
option name 'M910q'
option dns '1'
option mac '........'
option ip '192.168.8.30'
config host
option name 'ServerBox'
option dns '1'
option mac '........'
option ip '192.168.8.31'
config host
option name 'NanoPC-T6-Ethernet'
option dns '1'
option ip '192.168.8.33'
option mac '........'
config host
option name 'OMV-1'
option dns '1'
option mac '........'
option ip '192.168.8.60'
config host
option name 'OMV-2'
option dns '1'
option mac '........'
option ip '192.168.8.61'
config host
option name 'OspreyGuest2'
option dns '1'
option mac '........'
option ip '192.168.8.80'
config host
option mac '........'
option name 'OspreyGuest'
option dns '1'
option ip '192.168.8.81'
config host
option name 'NanoPC-T6-WiFi'
option dns '1'
option mac '........'
option ip '192.168.9.33'
config host
option mac '........'
option name 'SergioTab'
option dns '1'
option ip '192.168.9.40'
config host
option name 'SergioS8'
option dns '1'
option mac '........'
option ip '192.168.9.41'
config host
option name 'SergioA14'
option dns '1'
option mac '........'
option ip '192.168.9.42'
config host
option name 'JoanneTab'
option dns '1'
option mac '........'
option ip '192.168.9.50'
config host
option name 'JoanneS5'
option dns '1'
option mac '........'
option ip '192.168.9.51'
config host
option name 'JoanneA14'
option dns '1'
option mac '........'
option ip '192.168.9.52'
config host
option name 'JoannePhone'
option dns '1'
option mac '........'
option ip '192.168.9.53'
config host
option name 'Nano-Pi-M6'
option dns '1'
option mac '........'
option ip '192.168.9.54'
config host
option name 'WeCam'
option dns '1'
option mac '........'
option ip '192.168.9.70'
config host
option mac '........'
option ip '192.168.10.2'
option name 'Spirare-Bullet-2'
option dns '1'
config host
option name 'SergioA14'
option dns '1'
option mac '........'
option ip '192.168.10.42'
config host
option name 'WebCam'
option dns '1'
option mac '........'
option ip '192.168.11.1'
config host
option name 'AndroideTV'
option dns '1'
option mac '........'
option ip '192.168.13.10'
list dhcp_option 'option:dns-server,192.168.8.1'
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option fullcone '1'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'WG2Droplet'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone4 '1'
option fullcone6 '1'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'vpn_client'
config zone
option name 'vpn_client'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'vpn_client'
config rule
option dest 'wan'
option dest_port '53 853 5353'
option name 'Block-Public-DNS'
option src 'TV'
option target 'REJECT'
list proto 'tcp'
list proto 'udp'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option src 'Spirare_AP'
option dest_port '53 67 68'
option target 'ACCEPT'
option name 'Allow_Spirare_AP-DNS-DHCP'
list dest_ip '192.168.8.1'
config rule
option name 'Allow_Spirare_AP-Access-2-Jellyfin'
option src 'Spirare_AP'
list dest_ip '192.168.8.60'
option target 'ACCEPT'
option dest 'lan'
config rule
option name 'Allow_TV-DNS-DHCP'
option src 'TV'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'Allow_TV-Access-2-Jellyfin'
option src 'TV'
option dest 'lan'
list dest_ip '192.168.8.60'
option target 'ACCEPT'
config rule
option name 'Allow_M2-DNS-DHCP'
option src 'M2'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'Allow_WebCam-DNS-DHCP'
option src 'Webcam'
option target 'ACCEPT'
option dest_port '53 67 68'
option enabled '0'
config rule
option name 'Allow_WebCamNTP'
option src 'Webcam'
list src_ip '192.168.11.1'
option src_port '123'
option dest 'lan'
option target 'ACCEPT'
list dest_ip '192.168.8.1'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
config rule
option name 'Reject-IPv6'
option family 'ipv6'
option src 'wan'
option dest '*'
option target 'REJECT'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config forwarding
option src 'lan'
option dest 'wan'
config zone
option name 'M2'
option output 'ACCEPT'
option forward 'REJECT'
option family 'ipv4'
option input 'REJECT'
list network 'M2'
config zone
option name 'Spirare_AP'
option output 'ACCEPT'
option forward 'REJECT'
option input 'ACCEPT'
list network 'Spirare_AP'
config forwarding
option src 'Spirare_AP'
option dest 'wan'
config rule
option name 'M2-Block-All'
option src 'M2'
option target 'REJECT'
option enabled '0'
config zone
option name 'Webcam'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'WebCam'
config forwarding
option src 'lan'
option dest 'Webcam'
config forwarding
option src 'lan'
option dest 'Spirare_AP'
config forwarding
option src 'Webcam'
option dest 'wan'
config forwarding
option src 'M2'
option dest 'wan'
config zone
option name 'TV'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'TV'
config forwarding
option src 'TV'
option dest 'wan'
config redirect 'adblock_wan53'
option name 'Adblock DNS (wan, 53)'
option src 'wan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option family 'any'
config redirect 'adblock_wan853'
option name 'Adblock DNS (wan, 853)'
option src 'wan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
option family 'any'
config redirect 'adblock_wan5353'
option name 'Adblock DNS (wan, 5353)'
option src 'wan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
option family 'any'
hnyman
January 13, 2026, 2:01am
4
Spirare:
FriendlyWrt 23.05.0
Note that you are running an OEM variant of OpenWrt, not the normal stuff. It may not have relevance to your network config question, but Friendly Electric may have added/changed some functionality.
In normal OpenWrt, the ancient 23.05 is already end-of-life. You should be using 25.12 RC versions, or the old 24.10.
Thanks for this…
Because you are not running official OpenWrt, you need to ask the friendlywrt folks.
If you use the official OpenWrt (obtained from OpenWrt.org ) we can help you with your goal.
Wow !
Not even a hint… thanks for nothing.
Out of curiosity, why do you expect us to support someone else’s product? They have made a fork of OpenWrt and changed it in ways that only they know. To us, it is a black box. To make an analogy, if you buy a car and the replace or modify the engine with some aftermarket kit, would you be surprised when the original manufacturer of the car says that they cannot service your engine?
1 Like
Sometime by giving a little you get more in return… sorry for wasting your time.
system
January 23, 2026, 4:22am
10
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
