[SOLVED]Openwrt 23.05 deco m4r V2 openVPN issue

Hi,

two weeks ago i installed openwrt 23.05 on Deco M4R V2 and had a learning curve on openwrt.

for now i was able to set network lan to LAN2 (eth0.1) port and WAN to LAN1 (eth0.2) port.
I also use openVPN. when VPN is started the system logfile tells me: successfully. (tun0) device.
also i have a laptop connected to LAN2 and configured openwrt for laptop and wireless connect to the internet and works perfectly.

When openvpn (VPN) is enabled my internet connection is lost for LAN port and wireless.

also a ping in Luci does not work. pin to openwrt.org result

bad addres openwrt.org

ping to 8.8.8.8

bad address

traceroute give the same result.

when openvpn is disabled LAN2 to LAN1 internet works and wifi to LAN1 works prefectly.

if again enabled openvpn no internet. Luci is reachable over the LAN2 port

anyone has a qlue? i like to learn and i'm still in a learning phase and have some knowledge at the moment of openwrt.

is it possible the openvpn tun0 is looking at eth0.1, while wan port is at eth0.2? just a question.

FIREWALL /etc/config/firewall
config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'WLAN24'
	list network 'lan'

config zone
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'WAN'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'vpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'nordvpntun'

config forwarding
	option src 'lan'
	option dest 'wan'

config forwarding
	option src 'wan'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'vpn'

config forwarding
	option src 'vpn'
	option dest 'lan'


NETWORK /etc/config/network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd6e:a2dc:2495::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'


config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.178.245'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.178.1'
	list dns '103.86.96.100'
	list dns '103.86.99.100'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 5'
	option vid '1'
	option description 'VLAN_DECO_M4R'

config interface 'nordvpntun'
	option proto 'none'
	option device 'tun0'
	list dns '103.86.96.100'
	list dns '103.86.99.100'

config interface 'WLAN24'
	option proto 'static'
	option ipaddr '192.168.178.246'
	option netmask '255.255.255.0'
	option device 'phy1-ap0'

config interface 'WAN'
	option proto 'dhcp'
	option device 'eth0.2'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 3'
	option vid '2'
	option description 'ZIGGO_LAN'



Before dealing with the VPN lets focus on your setup

Before you start make a backup :wink:

Not sure what this is doing here I suggest deleting it entirely

Your LAN settings are not optimal, delete option gateway
I have my doubts about the IP address, the ip addres should be another subnet then the main router, is your main router a Fritzbox?

Make sure to use something completely different than your main router if your main router is 192.168.178.x use e.g. 192.168.11.1 as ip address

Reboot afterwards also reboot your client as it will get another IP address.

After that:
Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
for ovpn in $(ls /etc/openvpn/*.ovpn);do echo $ovpn; cat $ovpn; echo;done
logread | grep openvpn

Hi ECG112,

THANKS FOR QUICK REPLY!!!!

removed the gateway

set the IP to 192.168.11.1

dhcp works on the UTP port of my laptop. I get an IP address now from DECO M4R. 192.168.11.2 . Thanks for the advice of using a completly different IP addres of the lan interface and removing the gateway!!

i was gathering the info of the different items you suggested and have the info if further needed.

now i'm connected to the LAN2 Port with laptop. LAN 1 is connected to sagem router of internet provider.

i connected now with my laptop and can acces internet. when i now start openvpn and go to NORDVPN website it states protected and my IPadress is changed from my internet provider router IP to a nord VPN IP address.

SO in short, your quick tips helped me out. thanks for it!!!! one of my friend will also be greathfull.

now i'm gonna try to add the wireless aswell. if i run into trouble i will post again and post also the needed config files and log outputs.

ofcourse as a technician said, something simple did the trick. i was struggling for 4 days now.

Great it is working :+1:

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.