Hi,
I'm using LEDE on my Raspberry Pi 3 (lede-17.01.4-brcm2708-bcm2710-rpi-3-ext4-sdcard.img
)
I have configured the Pi as an access point and my internet connection is via Pi's Ethernet port.
My configuration is as follows:
# /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd5b:df3d:00ba::/48'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.42.0.2'
option gateway '10.42.0.1'
option dns '10.42.0.1'
option ifname 'eth0'
option defaultroute '1'
config interface 'vpn'
option proto 'none'
option ifname 'tun0'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
option dns '192.168.8.1'
# /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config zone
option name 'VPN_FW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'vpn'
config forwarding
option dest 'VPN_FW'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'DNS-Lookup'
option src 'lan'
# /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd5b:df3d:00ba::/48'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.42.0.2'
option gateway '10.42.0.1'
option dns '10.42.0.1'
option ifname 'eth0'
option defaultroute '1'
config interface 'vpn'
option proto 'none'
option ifname 'tun0'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option gateway '192.168.8.1'
option dns '192.168.8.1'
I can't for the life of me figure out why the Pi cannot connect to the internet -- since it cannot connect to the internet, it is unable to establish a VPN connection.