Hi Trendy and thanks for the response.
[NB:- In working through your request for information it seems the system has settled down and is now working properly. I have added the data you wanted just in case but I think it is wasting your time to review it now. I have on occasions had ISP issues requiring a reboot of the ISP router (as mentioned below) and this may have been the cause of the problem. Also please note my comment on status v support option for the second part of your command.]
Not blacklisted (regularly checked through MXToolbox service).
Not sure how to verify the Nameserver can resolve the IP. Is this a dig command? Can you give me a format to use?
VPN SETUP
Router rebooted and services checked. In this setting, I can swap the machine from VPN to WAN and back. In WAN whatsmyip.org works. In VPN whatsmyip.org works.
uci export vpn-policy-routing; /etc/init.d/vpn-policy-routing XstatusX support
***(status would not run so I assumed you wanted the support option)***
root@OCD:~# uci export vpn-policy-routing; /etc/init.d/vpn-policy-routing support
package vpn-policy-routing
config vpn-policy-routing 'config'
option verbosity '2'
option strict_enforcement '1'
option src_ipset '0'
option dest_ipset '0'
option resolver_ipset 'dnsmasq.ipset'
option ipv6_enabled '0'
list ignored_interface 'vpnserver wgserver'
option boot_timeout '30'
option iptables_rule_option 'append'
option procd_reload_delay '1'
option webui_protocol_column '0'
option webui_show_ignore_target '0'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option enabled '1'
option webui_enable_column '1'
option webui_chain_column '1'
config include
option path '/etc/vpn-policy-routing.netflix.user'
option enabled '0'
config include
option path '/etc/vpn-policy-routing.aws.user'
option enabled '0'
config policy
option name 'JCP'
option src_addr '10.0.0.50'
option interface 'KodiVPN'
vpn-policy-routing 0.3.2-20 running on OpenWrt 19.07.7.
============================================================
Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
============================================================
Routes/IP Rules
default 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0.2
IPv4 Table 201: default via 192.168.1.1 dev eth0.2
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1
IPv4 Table 201 Rules:
1000: from all fwmark 0x10000/0xff0000 lookup wan
IPv4 Table 202: default via 10.8.0.2 dev tun0
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1
IPv4 Table 202 Rules:
999: from all fwmark 0x20000/0xff0000 lookup KodiVPN
IPv4 Table 203:
IPv4 Table 203 Rules:
IPv4 Table 204:
IPv4 Table 204 Rules:
IPv4 Table 205:
**IPv4 Table 205 Rules:**
**============================================================**
**Mangle IP Table: PREROUTING**
**-N VPR_PREROUTING**
**-A VPR_PREROUTING -s 10.0.0.50/32 -m comment --comment JCP -c 1210 214286 -g VPR_MARK0x020000**
**============================================================**
**Mangle IP Table MARK Chain: VPR_MARK0x010000**
**-N VPR_MARK0x010000**
**-A VPR_MARK0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000**
**-A VPR_MARK0x010000 -c 0 0 -j RETURN**
**============================================================**
**Mangle IP Table MARK Chain: VPR_MARK0x020000**
**-N VPR_MARK0x020000**
**-A VPR_MARK0x020000 -c 1226 216475 -j MARK --set-xmark 0x20000/0xff0000**
**-A VPR_MARK0x020000 -c 1226 216475 -j RETURN**
**============================================================**
**Current ipsets**
**create mwan3_connected_v4 hash:net family inet hashsize 1024 maxelem 65536**
**add mwan3_connected_v4 10.8.0.0/24**
**add mwan3_connected_v4 128.0.0.0/1**
**add mwan3_connected_v4 224.0.0.0/3**
**add mwan3_connected_v4 10.0.0.0/24**
**add mwan3_connected_v4 192.168.1.0/24**
**add mwan3_connected_v4 127.0.0.0/8**
**add mwan3_connected_v4 0.0.0.0/1**
**create mwan3_connected_v6 hash:net family inet6 hashsize 1024 maxelem 65536**
**add mwan3_connected_v6 fe80::/64**
**add mwan3_connected_v6 fd8b:8839:917f::/64**
**create mwan3_source_v6 hash:net family inet6 hashsize 1024 maxelem 65536**
**add mwan3_source_v6 fd8b:8839:917f::1**
**create mwan3_dynamic_v4 hash:net family inet hashsize 1024 maxelem 65536**
**create mwan3_dynamic_v6 hash:net family inet6 hashsize 1024 maxelem 65536**
**create mwan3_custom_v4 hash:net family inet hashsize 1024 maxelem 65536**
**create mwan3_custom_v6 hash:net family inet6 hashsize 1024 maxelem 65536**
**create mwan3_sticky_v4_https hash:ip,mark family inet markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600**
**add mwan3_sticky_v4_https 10.0.0.50,0x00000100 timeout 470**
**add mwan3_sticky_v4_https 10.0.0.40,0x00000100 timeout 470**
**create mwan3_sticky_v6_https hash:ip,mark family inet6 markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600**
**create mwan3_connected list:set size 8**
**add mwan3_connected mwan3_connected_v4**
**add mwan3_connected mwan3_connected_v6**
**add mwan3_connected mwan3_dynamic_v4**
**add mwan3_connected mwan3_dynamic_v6**
**add mwan3_connected mwan3_custom_v4**
**add mwan3_connected mwan3_custom_v6**
**create mwan3_sticky_https list:set size 8**
**add mwan3_sticky_https mwan3_sticky_v4_https**
**add mwan3_sticky_https mwan3_sticky_v6_https**
**============================================================**
**Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]**
**root@OCD:~#**
WAN SETUP ("--pull-filter ignore redirect-gateway" uncommented to ignore VPN)
Router rebooted and services checked. In this configuration, the VPN service does not start automatically and I have to manually start it. For some reason today I can swap the machine from VPN to WAN without any problems. In WAN whatsmyip.org works. In VPN whatsmyip.org works. Perhaps it was a temporary issue on the network (I sometimes get ISP issues and have to reboot the ISP router so that is a possibility).
uci export vpn-policy-routing; /etc/init.d/vpn-policy-routing support
root@OCD:~# uci export vpn-policy-routing; /etc/init.d/vpn-policy-routing support
package vpn-policy-routing
config vpn-policy-routing 'config'
option verbosity '2'
option strict_enforcement '1'
option src_ipset '0'
option dest_ipset '0'
option resolver_ipset 'dnsmasq.ipset'
option ipv6_enabled '0'
list ignored_interface 'vpnserver wgserver'
option boot_timeout '30'
option iptables_rule_option 'append'
option procd_reload_delay '1'
option webui_protocol_column '0'
option webui_show_ignore_target '0'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option enabled '1'
option webui_enable_column '1'
option webui_chain_column '1'
config include
option path '/etc/vpn-policy-routing.netflix.user'
option enabled '0'
config include
option path '/etc/vpn-policy-routing.aws.user'
option enabled '0'
config policy
option name 'JCP'
option src_addr '10.0.0.50'
option interface 'KodiVPN'
vpn-policy-routing 0.3.2-20 running on OpenWrt 19.07.7.
============================================================
Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
============================================================
Routes/IP Rules
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0.2
IPv4 Table 201: default via 192.168.1.1 dev eth0.2
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1
IPv4 Table 201 Rules:
992: from all fwmark 0x10000/0xff0000 lookup wan
IPv4 Table 202: default via 10.8.0.2 dev tun0
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1
IPv4 Table 202 Rules:
991: from all fwmark 0x20000/0xff0000 lookup KodiVPN
IPv4 Table 203:
IPv4 Table 203 Rules:
IPv4 Table 204:
IPv4 Table 204 Rules:
IPv4 Table 205:
IPv4 Table 205 Rules:
============================================================
Mangle IP Table: PREROUTING
-N VPR_PREROUTING
-A VPR_PREROUTING -s 10.0.0.50/32 -m comment --comment JCP -c 490 64970 -g VPR_MARK0x020000
============================================================
Mangle IP Table MARK Chain: VPR_MARK0x010000
-N VPR_MARK0x010000
-A VPR_MARK0x010000 -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
-A VPR_MARK0x010000 -c 0 0 -j RETURN
============================================================
Mangle IP Table MARK Chain: VPR_MARK0x020000
-N VPR_MARK0x020000
-A VPR_MARK0x020000 -c 490 64970 -j MARK --set-xmark 0x20000/0xff0000
-A VPR_MARK0x020000 -c 490 64970 -j RETURN
============================================================
Current ipsets
create mwan3_connected_v4 hash:net family inet hashsize 1024 maxelem 65536
add mwan3_connected_v4 10.8.0.0/24
add mwan3_connected_v4 127.0.0.0/8
add mwan3_connected_v4 192.168.1.0/24
add mwan3_connected_v4 10.0.0.0/24
add mwan3_connected_v4 224.0.0.0/3
create mwan3_connected_v6 hash:net family inet6 hashsize 1024 maxelem 65536
add mwan3_connected_v6 fd8b:8839:917f::/64
add mwan3_connected_v6 fe80::/64
create mwan3_source_v6 hash:net family inet6 hashsize 1024 maxelem 65536
add mwan3_source_v6 fd8b:8839:917f::1
create mwan3_dynamic_v4 hash:net family inet hashsize 1024 maxelem 65536
create mwan3_dynamic_v6 hash:net family inet6 hashsize 1024 maxelem 65536
create mwan3_custom_v4 hash:net family inet hashsize 1024 maxelem 65536
create mwan3_custom_v6 hash:net family inet6 hashsize 1024 maxelem 65536
create mwan3_sticky_v4_https hash:ip,mark family inet markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600
add mwan3_sticky_v4_https 10.0.0.14,0x00000100 timeout 352
add mwan3_sticky_v4_https 10.0.0.15,0x00000100 timeout 369
add mwan3_sticky_v4_https 10.0.0.50,0x00000100 timeout 591
add mwan3_sticky_v4_https 10.0.0.45,0x00000100 timeout 558
add mwan3_sticky_v4_https 10.8.0.2,0x00000100 timeout 598
add mwan3_sticky_v4_https 10.0.0.95,0x00000100 timeout 487
add mwan3_sticky_v4_https 10.0.0.40,0x00000100 timeout 599
add mwan3_sticky_v4_https 192.168.1.10,0x00000100 timeout 598
add mwan3_sticky_v4_https 10.0.0.12,0x00000100 timeout 376
create mwan3_sticky_v6_https hash:ip,mark family inet6 markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600
create mwan3_connected list:set size 8
add mwan3_connected mwan3_connected_v4
add mwan3_connected mwan3_connected_v6
add mwan3_connected mwan3_dynamic_v4
add mwan3_connected mwan3_dynamic_v6
add mwan3_connected mwan3_custom_v4
add mwan3_connected mwan3_custom_v6
create mwan3_sticky_https list:set size 8
add mwan3_sticky_https mwan3_sticky_v4_https
add mwan3_sticky_https mwan3_sticky_v6_https
============================================================
Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
root@OCD:~#
It seems all is now working fine and I am sorry if I have wasted your time on this. My thanks again for your help and support.