[Solved] OpenVPN configuration with new LAN to WAN interface

kunjan · December 3, 2021, 7:09am

Hi

I'm having Buffalo WBMR-HP-G300H(AR9 rev 1.2) with 21.02.1 r16325-88151b8303. I'm trying to configure openvpn. I run this openVPN router behind another ISP router in Bridge mode. Bridging is done over wifi. This works fine. But my wireless for some reason is not very stable. So I decided to use one of the LAN ports as WAN port. I configure vlan 2 and I'm able to grab the DHCP IP from the ISP router. But this seems to get the same IP as the Wifi (may be same mac). But then when I bring up openVPN it brings up 2 tunnels tun0 and tun1 and that breaks the connectivity of a client device connected my Buffalo router. Then I disabled the bridge wifi to let the WAN run by itself. But that still have issue in connectivity for the client device. Now I reverted the connection to original by stopping the new WAN. But I still see the new tun1 running. But I couldn't see this config in the config file.

br-lan    Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fdb2:ac15:bcc6::1/60 Scope:Global
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:297109 errors:0 dropped:53 overruns:0 frame:0
          TX packets:456401 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:82828235 (78.9 MiB)  TX bytes:169720686 (161.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35778 errors:0 dropped:6157 overruns:0 frame:0
          TX packets:3834 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5802506 (5.5 MiB)  TX bytes:1455467 (1.3 MiB)

eth0.1    Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:182 errors:0 dropped:0 overruns:0 frame:0
          TX packets:690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17418 (17.0 KiB)  TX bytes:132363 (129.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6459 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6459 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:501012 (489.2 KiB)  TX bytes:501012 (489.2 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.2.5  P-t-P:10.8.2.5  Mask:255.255.255.0
          inet6 addr: fe80::2ada:5d8a:db2e:ac5a/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:295116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123581 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:83433810 (79.5 MiB)  TX bytes:29374309 (28.0 MiB)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.2.7  P-t-P:10.8.2.7  Mask:255.255.255.0
          inet6 addr: fe80::4307:7637:8a75:3ebe/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:304 (304.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet addr:192.168.1.45  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:309435 errors:0 dropped:0 overruns:0 frame:0
          TX packets:130764 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:106927750 (101.9 MiB)  TX bytes:43695765 (41.6 MiB)

wlan0-1   Link encap:Ethernet  HWaddr 02:24:A5:BD:3A:70  
          inet6 addr: fe80::24:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:149160 errors:0 dropped:0 overruns:0 frame:0
          TX packets:318312 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:35744191 (34.0 MiB)  TX bytes:104280462 (99.4 MiB)

network config

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'fdb2:ac15:bcc6::/48'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'
        option device 'br-lan'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0t 2 3 4'

config atm-bridge 'atm'
        option encaps 'llc'
        option vci '35'
        option vpi '0'
        option payload 'bridged'
        option nameprefix 'dsl'

config adsl 'dsl'
        option annex 'a'
        option firmware '/lib/firmware/adsl.bin'

config interface 'wwan'
        option proto 'dhcp'
        option peerdns '0'
        list dns '8.8.8.8'
        list dns '8.8.8.4'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '0t 5'

config interface 'nordvpntun'
        option proto 'none'
        option device 'tun0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'WAN'
        option proto 'dhcp'
        option device 'eth0.2'
        option peerdns '0'
        list dns '8.8.8.8'
        list dns '8.8.8.4'

Question:

Why it creates a new tunnel with tun1? How to remove it?
How to make it work with WAN alone without wifi?

Thanks

kukulo · December 3, 2021, 7:44am

In order to remove the tun1 interface you need to stop openvpn.
WAN - first you need to remove that port in switch, create new vlan in the switch adding that port and the cpu, then create new wan interface, add it to the wan zone in firewall and specify protocol (DHCP client most common) for it.

kunjan · December 3, 2021, 8:33am

Thanks. I did that. WAN interface is able to come up. But the issue is when the openvpn tunnel comes up.

trendy · December 3, 2021, 11:23am

When openvpn is running:
ps wwww | grep openvpn
Also post the configuration file of OpenVPN
head -n -0 /etc/openvpn/*.conf; head -n -0 /etc/openvpn/*.ovpn

kunjan · December 3, 2021, 1:36pm

Managed to resolve the issue. I've removed the Wifi bridging with ISP router. Left alone the WAN(old LAN) interface.

r

oot@OpenWrt:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.3.1        128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0.2
10.8.3.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
113.117.119.113 192.168.1.1     255.255.255.255 UGH       0 0          0 eth0.2
128.0.0.0       10.8.3.1        128.0.0.0       UG        0 0          0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0.2
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 br-lan

ifconfig

root@OpenWrt:~# ifconfig -a
br-lan    Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          inet6 addr: fdb2:ac15:bcc6::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:426614 errors:0 dropped:6625 overruns:0 frame:0
          TX packets:725056 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:84715002 (80.7 MiB)  TX bytes:197972927 (188.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:192240 errors:0 dropped:512 overruns:0 frame:0
          TX packets:70179 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:62565412 (59.6 MiB)  TX bytes:15064882 (14.3 MiB)

eth0.2    Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet addr:192.168.1.34  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:92440 errors:0 dropped:900 overruns:0 frame:0
          TX packets:32851 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:31642137 (30.1 MiB)  TX bytes:7425698 (7.0 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12332 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12332 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1049825 (1.0 MiB)  TX bytes:1049825 (1.0 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.3.2  P-t-P:10.8.3.2  Mask:255.255.255.0
          inet6 addr: fe80::f92:1cb8:ab82:ebd1/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:88369 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31234 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:26486149 (25.2 MiB)  TX bytes:5046061 (4.8 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:24:A5:BD:3A:70  
          inet6 addr: fe80::224:a5ff:febd:3a70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:137910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137248 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:28102693 (26.8 MiB)  TX bytes:45070969 (42.9 MiB)

trendy · December 3, 2021, 1:39pm

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

system · December 13, 2021, 1:40pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.