Setup a VPN wifi network

Hi everyone,

First of all, I admit I am a noob with openwrt and networking in general so I understand that my question will be considered silly - I did do a lot of research and effort without being able to get anywhere though.

My goal is the following: I have a Raspberry Pi 3 which I would like to use to setup a VPN wifi network and my understanding was that this is possible using OpenWrt - my raspberry is connected directly to ethernet so it is a particularly simple setup. I tried to follow several guides (using the version of openwrt mentioned) e.g.,

Nonetheless, I was never able to get the raspberry to work and ended up with an unusable configuration... is anybody aware of some guide/thread here that could allow me to do the setup in my very simple naive setting?

Thanks a lot!

Welcome to our forum Mario. Sorry about your problems. First step is to post photos of Raspberry Pi label and box. Were you able to install OpenWrt FW? Please post screenshots of your installed FW interface. Which VPN service are you planning to use? I may assist you further after reviewing.

Good luck.

Amat

Photos of your device are not necessary (it's just a pi... we know what it looks like and what it has for features). But it would be good to know what your use case is:

  • road warrior (a vpn endpoint at home, when you use your travel router it will connect back though your home internet connection)
  • commercial vpn client
  • site to site
  • something else?

What protocol do you want to use?

And what is the current state of your device? Do you want to try to fix the existing stuff that is broken, or do you want to start fresh?

Hi @psherman and @Amat ,

thanks a lot for your replies! So to give more informations, I am trying to setup protonvpn (I also tried to follow this guide at some point https://protonvpn.com/support/how-to-set-up-protonvpn-on-openwrt-routers/, which ofc did not work...), the raspberry is a Pi3 and I installed OpenWrt 22.03. I guess it might be useful to share with you my config files (the setting is probably messed up at multiple points as I really tried everything). At this stage, it seems like it connects to the VPN (ping 8.8.8.8 takes 200ms+ while without a VPN is 6-7 ms). Nonetheless, the DNS seems badly configured (ping google.com won't work for example). Needless to say, when I connect to the Pi's wifi the connection doesn't even work and can't resolve hosts. If you could spot anything wrong (I am sure you will) I'll be infinitely grateful to you! Hope the files below are enough to spot the misconfigurations - and I am happy to provide any further config files/log.

/etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
config globals 'globals'
	option packet_steering '1'
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option gateway '192.168.0.1'
	option ipaddr '192.168.0.17'
	option netmask '255.255.255.0'
	list dns '8.8.8.8,8.8.8.4'
	option delegate '0'
config interface 'wan'
	option proto 'dhcp'
	option device 'eth1'
	list dns '8.8.8.8,8.8.8.4'
	option peedns '0'
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'
config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
config interface 'wan_vpn'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.0.16'
	#option delegate '0'
	option device 'tun0'

/etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
config zone
	option name 'wan'
	option output 'ACCEPT'
	option mtu_fix '1'
	option input 'REJECT'
	option masq '1'
	list network 'wan'
	option forward 'REJECT'
	list device 'tun0'
config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'
config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'
config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'
config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'
config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'
config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'REJECT'
config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'
config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
config forwarding
	option src 'lan'
	option dest 'wan'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
config wan_vpn
	option interface 'wan_vpn'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option start '100'
	option leasetime '12h'
	option limit '150'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option country XX # this is setup correctly
config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'myrealpassword'
	option 'network' 'lan'

/etc/openvpn/freejp.ovpn

client
dev tun0
proto udp
remote 212.102.51.247 4569
remote 212.102.51.247 80
remote 212.102.51.247 1194
remote 212.102.51.247 5060
remote 212.102.51.247 51820
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
verb 3
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass /etc/openvpn/freejp.auth
pull
fast-io

# CERTIFICATES follow - I guess this part is not interesting

Also, this is the system log at startup (part 1):

Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034]
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    0.000000] Linux version 5.10.161 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 11.2.0 r20028-43d71ad93e) 11.2.0, GNU ld (GNU Binutils) 2.37) #0 SMP Tue Jan 3 00:24:21 2023
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Machine model: Raspberry Pi 3 Model B Rev 1.2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Reserved memory: created CMA memory pool at 0x0000000037400000, size 64 MiB
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] OF: reserved mem: initialized node linux,cma, compatible id shared-dma-pool
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Zone ranges:
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000]   DMA      [mem 0x0000000000000000-0x000000003b3fffff]
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000]   DMA32    empty
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000]   Normal   empty
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Movable zone start for each node
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Early memory node ranges
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000]   node   0: [mem 0x0000000000000000-0x000000003b3fffff]
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000003b3fffff]
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000] On node 0 totalpages: 242688
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000]   DMA zone: 3792 pages used for memmap
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000]   DMA zone: 0 pages reserved
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000]   DMA zone: 242688 pages, LIFO batch:63
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] percpu: Embedded 21 pages/cpu s45848 r8192 d31976 u86016
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000] pcpu-alloc: s45848 r8192 d31976 u86016 alloc=21*4096
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Detected VIPT I-cache on CPU0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] CPU features: detected: ARM erratum 843419
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 238896
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    0.000000] Kernel command line: coherent_pool=1M 8250.nr_uarts=1 snd_bcm2835.enable_compat_alsa=0 snd_bcm2835.enable_hdmi=1 bcm2708_fb.fbwidth=656 bcm2708_fb.fbheight=416 bcm2708_fb.fbswap=1 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000  console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=squashfs,ext4 rootwait
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] Memory: 873864K/970752K available (7806K kernel code, 884K rwdata, 1248K rodata, 448K init, 547K bss, 31352K reserved, 65536K cma-reserved)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] rcu: Hierarchical RCU implementation.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] 	Tracing variant of Tasks RCU enabled.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] arch_timer: cp15 timer(s) running at 19.20MHz (phys).
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000007] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 4398046511078ns
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000239] Console: colour dummy device 80x25
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000644] printk: console [tty1] enabled
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000685] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000719] pid_max: default: 32768 minimum: 301
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000918] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.000959] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.001747] cgroup: Disabling memory control group subsystem
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.003039] rcu: Hierarchical SRCU implementation.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.003269] dyndbg: Ignore empty _ddebug table in a CONFIG_DYNAMIC_DEBUG_CORE build
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.003819] smp: Bringing up secondary CPUs ...
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.004397] Detected VIPT I-cache on CPU1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.004471] CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.005269] Detected VIPT I-cache on CPU2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.005319] CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006017] Detected VIPT I-cache on CPU3
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006060] CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006211] smp: Brought up 1 node, 4 CPUs
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006297] SMP: Total of 4 processors activated.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006316] CPU features: detected: 32-bit EL0 Support
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006334] CPU features: detected: CRC32 instructions
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006404] CPU features: emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006430] CPU: All CPU(s) started at EL2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.006464] alternatives: patching kernel code
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.017630] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.017690] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.020953] pinctrl core: initialized pinctrl subsystem
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.022648] NET: Registered protocol family 16
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.028571] DMA: preallocated 1024 KiB GFP_KERNEL pool for atomic allocations
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.029325] DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.030149] DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.030799] thermal_sys: Registered thermal governor 'step_wise'
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.030988] cpuidle: using governor ladder
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.031039] cpuidle: using governor menu
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.031388] ASID allocator initialised with 65536 entries
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.031523] Serial: AMBA PL011 UART driver
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.040839] bcm2835-mbox 3f00b880.mailbox: mailbox enabled
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.060079] raspberrypi-firmware soc:firmware: Attached to firmware from 2021-08-19T12:28:18, variant start
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.070076] raspberrypi-firmware soc:firmware: Firmware hash is ef2c018dccdeb94b0376db62a2ea4c882f9b500d
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.102698] cryptd: max_cpu_qlen set to 1000
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.104887] bcm2835-dma 3f007000.dma: DMA legacy API manager, dmachans=0x1
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    0.106887] SCSI subsystem initialized
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.107098] usbcore: registered new interface driver usbfs
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.107159] usbcore: registered new interface driver hub
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.107212] usbcore: registered new device driver usb
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.108742] clocksource: Switched to clocksource arch_sys_counter
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.113682] NET: Registered protocol family 2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.113992] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115254] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115324] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115452] TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115657] TCP: Hash tables configured (established 8192 bind 8192)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115877] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.115937] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.116166] NET: Registered protocol family 1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.116212] PCI: CLS 0 bytes, default 64
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.120749] workingset: timestamp_bits=46 max_order=18 bucket_order=0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.126326] squashfs: version 4.0 (2009/01/31) Phillip Lougher
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.197806] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 250)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.200314] bcm2708_fb soc:fb: FB found 1 display(s)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.212781] Console: switching to colour frame buffer device 82x26
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.217474] bcm2708_fb soc:fb: Registered framebuffer for display 0, size 656x416
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.225523] Serial: 8250/16550 driver, 1 ports, IRQ sharing enabled
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.229621] bcm2835-rng 3f104000.rng: hwrng registered
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    0.229866] random: crng init done
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.232696] vc-mem: phys_addr:0x00000000 mem_base=0x3ec00000 mem_size:0x40000000(1024 MiB)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.241572] gpiomem-bcm2835 3f200000.gpiomem: Initialised: Registers at 0x3f200000
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.257829] brd: module loaded
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.265198] loop: module loaded
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.268654] Loading iSCSI transport class v2.0-870.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.272885] usbcore: registered new interface driver lan78xx
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.275640] usbcore: registered new interface driver smsc95xx
Mon Mar 13 23:59:42 2023 kern.info kernel: [    0.278291] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.008987] Core Release: 2.80a
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.011543] Setting default values for core params
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.014093] Finished setting default values for core params
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.216852] Using Buffer DMA mode
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.219314] Periodic Transfer Interrupt Enhancement - disabled
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.221815] Multiprocessor Interrupt Enhancement - disabled
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.224289] OTG VER PARAM: 0, OTG VER FLAG: 0
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.226686] Dedicated Tx FIFOs mode
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.229698]
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.229713] WARN::dwc_otg_hcd_init:1072: FIQ DMA bounce buffers: virt = ffffffc010f0b000 dma = 0x00000000f7810000 len=9024
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.236625] FIQ FSM acceleration enabled for :
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.236625] Non-periodic Split Transactions
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.236625] Periodic Split Transactions
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.236625] High-Speed Isochronous Endpoints
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.236625] Interrupt/Control Split Transaction hack enabled
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    1.247292] dwc_otg: Microframe scheduler enabled
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.247310]
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.247318] WARN::hcd_init_fiq:496: MPHI regs_base at ffffffc010b2d000
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.251639] dwc_otg 3f980000.usb: DWC OTG Controller
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.253938] dwc_otg 3f980000.usb: new USB bus registered, assigned bus number 1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.256292] dwc_otg 3f980000.usb: irq 74, io mem 0x00000000
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.258593] Init: Port Power? op_state=1
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.260847] Init: Power Port (0)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.263220] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.267732] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.270153] usb usb1: Product: DWC OTG Controller
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.272520] usb usb1: Manufacturer: Linux 5.10.161 dwc_otg_hcd
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.274930] usb usb1: SerialNumber: 3f980000.usb
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.277776] hub 1-0:1.0: USB hub found
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.280163] hub 1-0:1.0: 1 port detected
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    1.283026] dwc_otg: FIQ enabled
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    1.283032] dwc_otg: NAK holdoff enabled
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    1.283037] dwc_otg: FIQ split-transaction FSM enabled
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    1.283047] Module dwc_common_port init
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.283431] usbcore: registered new interface driver uas
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.285756] usbcore: registered new interface driver usb-storage
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.288069] mousedev: PS/2 mouse device common for all mice
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.290836] bcm2835-wdt bcm2835-wdt: Broadcom BCM2835 watchdog timer
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.294726] sdhci: Secure Digital Host Controller Interface driver
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.297102] sdhci: Copyright(c) Pierre Ossman
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.299916] mmc-bcm2835 3f300000.mmcnr: could not get clk, deferring probe
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.301726] sdhost-bcm2835 3f202000.mmc: could not get clk, deferring probe
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.303035] sdhci-pltfm: SDHCI platform and OF driver helper
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.308061] NET: Registered protocol family 10
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.309995] Segment Routing with IPv6
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.311239] NET: Registered protocol family 17
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.312477] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.314921] 8021q: 802.1Q VLAN Support v1.8
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    1.316464] Key type .fscrypt registered
Mon Mar 13 23:59:42 2023 kern.notice kernel: [    1.317624] Key type fscrypt-provisioning registered
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.323131] uart-pl011 3f201000.serial: there is not valid maps for state default
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.325619] uart-pl011 3f201000.serial: cts_event_workaround enabled
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.326972] 3f201000.serial: ttyAMA0 at MMIO 0x3f201000 (irq = 99, base_baud = 0) is a PL011 rev2
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.408834] Indeed it is in host mode hprt0 = 00021501
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.409997] printk: console [ttyAMA0] enabled
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.618731] usb 1-1: new high-speed USB device number 2 using dwc_otg
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.623757] bcm2835-power bcm2835-power: Broadcom BCM2835 power domains driver
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    1.633308] Indeed it is in host mode hprt0 = 00001101
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.637924] mmc-bcm2835 3f300000.mmcnr: mmc_debug:0 mmc_debug2:0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.897118] usb 1-1: New USB device found, idVendor=0424, idProduct=9514, bcdDevice= 2.00
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.902042] mmc-bcm2835 3f300000.mmcnr: DMA channel allocated
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.908201] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.915818] hub 1-1:1.0: USB hub found
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.947677] sdhost: log_buf @ 0000000048001e55 (c1c59000)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    1.952555] hub 1-1:1.0: 5 ports detected
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.018728] mmc0: sdhost-bcm2835 loaded - DMA enabled (>1)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.328355] of_cfs_init
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.332490] of_cfs_init: OK
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.357519] Waiting for root device /dev/mmcblk0p2...
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    2.370567] mmc1: queuing unknown CIS tuple 0x80 (2 bytes)
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    2.378878] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    2.387122] mmc1: queuing unknown CIS tuple 0x80 (3 bytes)
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    2.396767] mmc1: queuing unknown CIS tuple 0x80 (7 bytes)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.398746] usb 1-1.1: new high-speed USB device number 3 using dwc_otg
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    2.437278] mmc0: host does not support reading read-only switch, assuming write-enable
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.452464] mmc0: new high speed SDXC card at address b373
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.460881] mmcblk0: mmc0:b373 CBADS 58.3 GiB
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.467799]  mmcblk0: p1 p2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.487230] EXT4-fs (mmcblk0p2): mounted filesystem without journal. Opts: (null)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.497415] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.505916] Freeing unused kernel memory: 448K
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.548891] Run /sbin/init as init process
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    2.554887]   with arguments:
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    2.554892]     /sbin/init
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    2.554896]   with environment:
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    2.554900]     HOME=/
Mon Mar 13 23:59:42 2023 kern.debug kernel: [    2.554903]     TERM=linux
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.554987] usb 1-1.1: New USB device found, idVendor=0424, idProduct=ec00, bcdDevice= 2.00
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.567256] usb 1-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.579200] smsc95xx v2.0.0
Mon Mar 13 23:59:42 2023 kern.info kernel: [    2.584193] mmc1: new high speed SDIO card at address 0001
Mon Mar 13 23:59:42 2023 user.info kernel: [    2.643436] init: Console is alive
Mon Mar 13 23:59:42 2023 user.info kernel: [    2.648972] init: - watchdog -
Mon Mar 13 23:59:42 2023 user.info kernel: [    2.955079] kmodloader: loading kernel modules from /etc/modules-boot.d/*
Mon Mar 13 23:59:42 2023 user.info kernel: [    2.993379] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
Mon Mar 13 23:59:42 2023 user.info kernel: [    3.007977] init: - preinit -
Mon Mar 13 23:59:42 2023 kern.info kernel: [    3.040938] SMSC LAN8700 usb-001:003:01: attached PHY driver [SMSC LAN8700] (mii_bus:phy_addr=usb-001:003:01, irq=POLL)
Mon Mar 13 23:59:42 2023 kern.info kernel: [    3.057038] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-3f980000.usb-1.1, smsc95xx USB 2.0 Ethernet, b8:27:eb:d7:00:d9
Mon Mar 13 23:59:42 2023 kern.info kernel: [    3.511561] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
Mon Mar 13 23:59:42 2023 kern.info kernel: [    3.530095] smsc95xx 1-1.1:1.0 eth0: Link is Down
Mon Mar 13 23:59:42 2023 kern.info kernel: [    5.609831] smsc95xx 1-1.1:1.0 eth0: Link is Up - 100Mbps/Full - flow control off
Mon Mar 13 23:59:42 2023 kern.info kernel: [    5.623240] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mon Mar 13 23:59:42 2023 user.notice kernel: [    6.599117] mount_root: mounting /dev/root
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    6.606058] EXT4-fs (mmcblk0p2): warning: mounting unchecked fs, running e2fsck is recommended
Mon Mar 13 23:59:42 2023 kern.info kernel: [    6.620071] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    6.646122] FAT-fs (mmcblk0p1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
Mon Mar 13 23:59:42 2023 user.warn kernel: [    6.661789] urandom-seed: Seeding with /etc/urandom.seed
Mon Mar 13 23:59:42 2023 kern.info kernel: [    6.687719] smsc95xx 1-1.1:1.0 eth0: Link is Down
Mon Mar 13 23:59:42 2023 kern.info kernel: [    6.696021] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
Mon Mar 13 23:59:42 2023 user.info kernel: [    6.708684] procd: - early -
Mon Mar 13 23:59:42 2023 user.info kernel: [    6.713396] procd: - watchdog -
Mon Mar 13 23:59:42 2023 user.info kernel: [    7.253215] procd: - watchdog -
Mon Mar 13 23:59:42 2023 user.info kernel: [    7.261087] procd: - ubus -
Mon Mar 13 23:59:42 2023 user.info kernel: [    7.318257] procd: - init -
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.324728] uart-pl011 3f201000.serial: no DMA platform data

And part 2 of the system log at startup:

Mon Mar 13 23:59:42 2023 user.info kernel: [    7.448616] kmodloader: loading kernel modules from /etc/modules.d/*
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.473447] tun: Universal TUN/TAP device driver, 1.6
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.484022] hid: raw HID events driver (C) Jiri Kosina
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    7.491380] snd_bcm2835: module is from the staging directory, the quality is unknown, you have been warned.
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.514385] Loading modules backported from Linux version v5.15.81-0-ge4a7232c917c
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.524434] Backport generated by backports.git v5.15.81-1-0-ge1867d55
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.537274] usbcore: registered new interface driver usbhid
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.544253] usbhid: USB HID core driver
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.552574] xt_time: kernel timezone is -0000
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.593340] PPP generic driver version 2.4.2
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.599514] NET: Registered protocol family 24
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.617125] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43430-sdio for chip BCM43430/1
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    7.629186] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin failed with error -2
Mon Mar 13 23:59:42 2023 kern.warn kernel: [    7.643837] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.835162] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43430-sdio for chip BCM43430/1
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.853371] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/1 wl0: Mar 30 2021 01:12:21 version 7.45.98.118 (7d96287 CY) FWID 01-32059766
Mon Mar 13 23:59:42 2023 kern.info kernel: [    7.899149] usbcore: registered new interface driver brcmfmac
Mon Mar 13 23:59:42 2023 user.info kernel: [    7.911800] kmodloader: done loading kernel modules from /etc/modules.d/*
Mon Mar 13 23:59:43 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Mon Mar 13 23:59:43 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: started, version 2.86 cachesize 150
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: DNS service limited to local subnets
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for test
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for local
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Mon Mar 13 23:59:43 2023 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Mon Mar 13 23:59:43 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Mon Mar 13 23:59:43 2023 authpriv.info dropbear[651]: Not backgrounding
Mon Mar 13 23:59:43 2023 daemon.notice wpa_supplicant[760]: Successfully initialized wpa_supplicant
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: bonding
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: 8021ad
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: 8021q
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: macvlan
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: veth
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: bridge
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: Network device
Mon Mar 13 23:59:43 2023 user.notice : Added device handler type: tunnel
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/network
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/wireless
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/luci-splash reload dependency on /etc/config/firewall
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/qos reload dependency on /etc/config/firewall
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/miniupnpd reload dependency on /etc/config/firewall
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/odhcpd reload dependency on /etc/config/dhcp
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up non-init /etc/config/fstab reload handler: /sbin/block mount
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/system reload trigger for non-procd /etc/init.d/led
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/luci_statistics reload dependency on /etc/config/system
Mon Mar 13 23:59:44 2023 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/system
Mon Mar 13 23:59:44 2023 daemon.warn openvpn(freejp)[1213]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: OpenVPN 2.5.7 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: library versions: mbed TLS 2.28.2
Mon Mar 13 23:59:44 2023 daemon.warn openvpn(freejp)[1213]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.51.247:5060
Mon Mar 13 23:59:44 2023 kern.info kernel: [   10.122628] smsc95xx 1-1.1:1.0 eth0: hardware isn't capable of remote wakeup
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: UDP link local: (not bound)
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: UDP link remote: [AF_INET]212.102.51.247:5060
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: Network unreachable, restarting
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: SIGUSR1[soft,network-unreachable] received, process restarting
Mon Mar 13 23:59:44 2023 daemon.notice openvpn(freejp)[1213]: Restart pause, 5 second(s)
Mon Mar 13 23:59:44 2023 kern.info kernel: [   10.149642] smsc95xx 1-1.1:1.0 eth0: Link is Down
Mon Mar 13 23:59:44 2023 kern.info kernel: [   10.156955] br-lan: port 1(eth0) entered blocking state
Mon Mar 13 23:59:44 2023 kern.info kernel: [   10.163871] br-lan: port 1(eth0) entered disabled state
Mon Mar 13 23:59:44 2023 kern.info kernel: [   10.171000] device eth0 entered promiscuous mode
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'lan' is enabled
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'lan' is setting up now
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'lan' is now up
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'loopback' is enabled
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'loopback' is setting up now
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'loopback' is now up
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Network device 'lo' link is up
Mon Mar 13 23:59:44 2023 daemon.notice netifd: Interface 'loopback' has link connectivity
Mon Mar 13 23:59:44 2023 daemon.notice netifd: radio0 (1341): command failed: No error information (-524)
Mon Mar 13 23:59:44 2023 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Mon Mar 13 23:59:45 2023 daemon.info procd: - init complete -
Mon Mar 13 23:59:45 2023 daemon.notice netifd: radio0 (1341): command failed: I/O error (-5)
Mon Mar 13 23:59:46 2023 kern.info kernel: [   12.249863] smsc95xx 1-1.1:1.0 eth0: Link is Up - 100Mbps/Full - flow control off
Mon Mar 13 23:59:46 2023 kern.info kernel: [   12.263647] br-lan: port 1(eth0) entered blocking state
Mon Mar 13 23:59:46 2023 kern.info kernel: [   12.272001] br-lan: port 1(eth0) entered forwarding state
Mon Mar 13 23:59:46 2023 daemon.notice netifd: Network device 'eth0' link is up
Mon Mar 13 23:59:46 2023 daemon.notice netifd: bridge 'br-lan' link is up
Mon Mar 13 23:59:46 2023 daemon.notice netifd: Interface 'lan' has link connectivity
Mon Mar 13 23:59:47 2023 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Mon Mar 13 23:59:47 2023 kern.info kernel: [   12.579704] br-lan: port 2(wlan0) entered blocking state
Mon Mar 13 23:59:47 2023 kern.info kernel: [   12.587542] br-lan: port 2(wlan0) entered disabled state
Mon Mar 13 23:59:47 2023 kern.info kernel: [   12.595556] device wlan0 entered promiscuous mode
Mon Mar 13 23:59:47 2023 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Mon Mar 13 23:59:47 2023 kern.info kernel: [   12.715135] br-lan: port 2(wlan0) entered blocking state
Mon Mar 13 23:59:47 2023 kern.info kernel: [   12.723113] br-lan: port 2(wlan0) entered forwarding state
Mon Mar 13 23:59:47 2023 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->ENABLED
Mon Mar 13 23:59:47 2023 daemon.notice hostapd: wlan0: AP-ENABLED
Mon Mar 13 23:59:48 2023 daemon.notice netifd: Wireless device 'radio0' is now up
Mon Mar 13 23:59:48 2023 daemon.notice netifd: Network device 'wlan0' link is up
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: started, version 2.86 cachesize 150
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: DNS service limited to local subnets
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.0.100 -- 192.168.0.249, lease time 12h
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for test
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for local
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Mon Mar 13 23:59:49 2023 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 1 addresses
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Mon Mar 13 23:59:49 2023 daemon.warn openvpn(freejp)[1213]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.51.247:4569
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: UDP link local: (not bound)
Mon Mar 13 23:59:49 2023 daemon.notice openvpn(freejp)[1213]: UDP link remote: [AF_INET]212.102.51.247:4569
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 1 addresses
Mon Mar 13 23:59:49 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: TLS: Initial packet from [AF_INET]212.102.51.247:4569, sid=b3e11998 d5d04dcb
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: Validating certificate key usage
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: VERIFY KU OK
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: Validating certificate extended key usage
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: VERIFY EKU OK
Mon Mar 13 23:59:52 2023 daemon.notice openvpn(freejp)[1213]: VERIFY OK: depth=0, CN=node-jp-26.protonvpn.net
Mon Mar 13 23:59:53 2023 daemon.warn openvpn(freejp)[1213]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Mon Mar 13 23:59:53 2023 daemon.warn openvpn(freejp)[1213]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Mon Mar 13 23:59:53 2023 daemon.notice openvpn(freejp)[1213]: Control Channel: TLSv1.2, cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, 4096 bit key
Mon Mar 13 23:59:53 2023 daemon.notice openvpn(freejp)[1213]: [node-jp-26.protonvpn.net] Peer Connection Initiated with [AF_INET]212.102.51.247:4569
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: SENT CONTROL [node-jp-26.protonvpn.net]: 'PUSH_REQUEST' (status=1)
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.19.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.19.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.19.0.9 255.255.0.0,peer-id 196610,cipher AES-256-GCM'
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: explicit notify parm(s) modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: compression parms modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: Socket Buffers: R=[212992->425984] S=[212992->425984]
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: --socket-flags option modified
Mon Mar 13 23:59:54 2023 daemon.warn openvpn(freejp)[1213]: NOTE: setsockopt TCP_NODELAY=1 failed
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: route options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: route-related options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: peer-id set
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: adjusting link_mtu to 1656
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: OPTIONS IMPORT: data channel crypto options modified
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_route_v4_best_gw query: dst 0.0.0.0
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_route_v4_best_gw result: via 192.168.0.1 dev br-lan
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: TUN/TAP device tun0 opened
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_iface_mtu_set: mtu 1500 for tun0
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_iface_up: set tun0 up
Mon Mar 13 23:59:54 2023 daemon.notice netifd: Interface 'wan_vpn' is enabled
Mon Mar 13 23:59:54 2023 daemon.notice netifd: Interface 'wan_vpn' is setting up now
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_addr_v4_add: 10.19.0.9/16 dev tun0
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: /usr/libexec/openvpn-hotplug up freejp tun0 1500 1584 10.19.0.9 255.255.0.0 init
Mon Mar 13 23:59:54 2023 daemon.notice netifd: Interface 'wan_vpn' is now up
Mon Mar 13 23:59:54 2023 daemon.notice netifd: Network device 'tun0' link is up
Mon Mar 13 23:59:54 2023 daemon.notice netifd: Interface 'wan_vpn' has link connectivity
Mon Mar 13 23:59:54 2023 user.notice sysctl: net.ipv6.conf.tun0.disable_ipv6 = 1
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_route_v4_add: 212.102.51.247/32 via 192.168.0.1 dev [NULL] table 0 metric -1
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_route_v4_add: 0.0.0.0/1 via 10.19.0.1 dev [NULL] table 0 metric -1
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: net_route_v4_add: 128.0.0.0/1 via 10.19.0.1 dev [NULL] table 0 metric -1
Mon Mar 13 23:59:54 2023 daemon.warn openvpn(freejp)[1213]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Mar 13 23:59:54 2023 daemon.notice openvpn(freejp)[1213]: Initialization Sequence Completed
Mon Mar 13 23:59:56 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 3c:9e:c7:25:a6:31
Mon Mar 13 23:59:56 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.0.223 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:00 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:00 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.0.223 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:16 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:16 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.0.223 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:53 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 3c:9e:c7:25:a6:31
Tue Mar 14 00:00:53 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.0.223 3c:9e:c7:25:a6:31
Tue Mar 14 00:01:11 2023 user.info : luci: accepted login on / for root from 192.168.0.3

An update: with some (random?) changes I made things running almost like I wanted - I see though that I have DNS and IPv6 leak... do you know how that can be fixed?

Let's see your latest config. Those changes may be material.

Sure - here they are! Btw another thing: I tried to change the vpn configuration to use another account/configuration (although the lines in the configuration files coincide up to the auth file) and I'm 100% sure that the authentication infos are correct - indeed, I see again an increased ping time from the raspberry but when I connect to the wifi interface it seems to connect directly to the router. I checked and the interface is always the same (tun0) - does one have to make further changes to make things work? Anyways, just to recap I see a DNS and IPv6 leak with the configuration below.

Thanks a lot for your help @psherman!

/etc/config/network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option gateway '192.168.0.1'
	option ipaddr '192.168.0.17'
	option netmask '255.255.255.0'
	list dns '8.8.8.8,8.8.8.4'
	option delegate '0'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth1'
	list dns '8.8.8.8,8.8.8.4'
	option peedns '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'wan_vpn'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.0.16'
	option device 'tun0'
	option dns_metric '10'
	option delegate '0'
	list dns 'VPNDNS'

/etc/config/firewall


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option mtu_fix '1'
	option input 'REJECT'
	option masq '1'
	option forward 'REJECT'
	list device 'tun0'
	list network 'wan'
	list network 'wan_vpn'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'REJECT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

/etc/config/dhcp


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option localuse '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config wan_vpn
	option interface 'wan_vpn'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option start '100'
	option leasetime '12h'
	option limit '150'

/etc/config/wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option country 'XX'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'XXXXXXXXXXXXXXXXXXXXXXXXXXx'
	option 'network' 'lan'

I'm a bit confused about the VPN network...

normally, the address is assigned by the VPN server if you're using OpenVPN. Therefore, this should not be necessary. Further, the DNS doesn't actually do anything here, so it's not going to 'fix' your DNS issues. You should, theoretically, be able to delete this entire entry.

Because your VPN has been placed in the WAN zone, it is still possible for traffic to egress via the regular wan rather than only the VPN.

You can fix this by doing the following:

remove the VPN from the wan zone and create a new vpn zone. The new vpn zone can have the tunnel device (tun0) and the network described above should be entirely unnecessary. We also need to add forwarding from lan > vpn.

config zone
	option name 'wan'
	option output 'ACCEPT'
	option mtu_fix '1'
	option input 'REJECT'
	option masq '1'
	option forward 'REJECT'
	list network 'wan'

config zone
	option name 'vpn'
	option output 'ACCEPT'
	option input 'REJECT'
	option masq '1'
	option forward 'REJECT'
	list device 'tun0'

config forwarding
	option src 'lan'
	option dest 'vpn'

You will also want to delete the forwarding from lan > wan to avoid traffic going out the wan interface (it will only be allowed through the tunnel). So delete this:

This will force all traffic through the tunnel, including DNS. If you want to use the DNS servers offered by the VPN provider, you need to specify that in the dnsmasq configuration. Or you can advertise that via DHCP to the hosts on your network. The chicken-or-egg here is that the VPN may not be able to start if the DNS specified is from the VPN provider (rather than a public one) since it won't be able to resolve the domain name for the VPN endpoint unless the system has a functioning public DNS. You can use the openvpn up/down scripts to change out the DNS, and/or you can specify the desired DNS in the OpenVPN config file (it might even be pushed by the VPN server).