If your Openwrt has only one LAN port and you need to connect more than one wired devices, then you need to connect one real switch
If your Openwrt has multiple ports (from what I can see on the network configuration) then it can be embedded in the Openwrt router.
No, my router has 4 LAN ports but .I have setup first LAN port (port 0) as WAN (vlan)
I do not need UCI commands then as I can edit the /etc/config files.
I think the main issue is on the /etc/config/network file.
Could you please confirm it looks OK ?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6d:b0a8:2238::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 8t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 8t'
config interface 'openvpn'
option ifname 'tun0'
option proto 'none'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
I have two switch_vlan pointing to the same device 'switch0', is it correct ?
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sorry I cant post more than 18 replies for my first day. That is why I am editing this reply.
So what I do not understand is why I am getting ip 192.168.1.12 on WAN (vlan) port? is it commng from the main router?
Also I do not want to connect any devices via cable, just via wifi so I have enough lan ports. What I do nto know is how can I assign ips 192.168.2.x instead of 192.168.1.x to the clients connecting to Openwrt wifi
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So you have 3 LAN ports then in a virtual switch.
Looks good.
Hi guys any other comments how can I make it work?
Thank you very much
Yes it is getting the settings from your main router.
They will be automatically assigned as soon as you change the IP of the LAN interface into 192.168.2.1
That is, provided you didn't switch off DHCP on LAN interface.
Thank you trendy
If I connect my PC to the openwrt router via LAN ethernet cable I get an ip 192.168.2.x and it seems fine. But when I do a traceroute www.google.com it goes via Australian IPs (main router ip)
instead of the VPN ip. Even though when I do ssh to the router and do a traceroute www.google.com it goes trroug the vpn tunnel and uses Argentian IP.
Also if I connect to the openwrt via wifi I do not get an ip assigned / internet connection
Post the following to see where we stand right now:
cat /etc/config/network; cat /etc/config/firewall; cat /etc/firewall.user; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru; ip -6 addr; ip -6 ro; ip -6 ru; traceroute 8.8.8.8; traceroute ipv6.google.com
1 Like
[quote="trendy, post:27, topic:35070"]
cat /etc/config/network; cat /etc/config/firewall; cat /etc/firewall.user; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru; ip -6 addr; ip -6 ro; ip -6 ru; traceroute 8.8.8.8; traceroute ipv6.google.com
[/quote]
Thank you again, this is where I am:
root@OpenWrt:~# cat /etc/config/network;
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6d:b0a8:2238::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 8t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 8t'
config interface 'openvpn'
option ifname 'tun0'
option proto 'none'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '0'
option mtu_fix '0'
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '0'
option mtu_fix '0'
config zone
option name 'vpn'
list network 'openvpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option src 'lan'
option dest 'vpn'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option src '*'
config rule
option name 'Allow-SSH'
option target ACCEPT
option src 'wan'
option dest_port '22'
option proto 'tcp'
option family 'ipv4'
root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0/bcma0:1'
option htmode 'HT20'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'MY_###_###_###_PASS'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
#option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option dhcp_option '6,162.252.172.57,149.154.159.92,136.243.231.242'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# ip -4 addr ; ip -4 ro ; ip -4 ru; ip -6 addr; ip -6 ro; ip -6 ru; traceroute 8.8.8.8; traceroute ipv6.google.com.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
169: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
171: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0.2
valid_lft forever preferred_lft forever
174: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.8.2/24 brd 10.8.8.255 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.8.1 dev tun0
default via 192.168.1.1 dev eth0.2 src 192.168.1.12
10.8.8.0/24 dev tun0 scope link src 10.8.8.2
128.0.0.0/1 via 10.8.8.1 dev tun0
131.255.4.21 via 192.168.1.1 dev eth0.2
192.168.1.0/24 dev eth0.2 scope link src 192.168.1.12
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::260:64ff:fe97:63b5/64 scope link
valid_lft forever preferred_lft forever
169: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd6d:b0a8:2238::1/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::260:64ff:fe97:63b5/64 scope link
valid_lft forever preferred_lft forever
171: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::260:64ff:fe97:63b5/64 scope link
valid_lft forever preferred_lft forever
172: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::260:64ff:fe97:63b6/64 scope link
valid_lft forever preferred_lft forever
174: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 100
inet6 fe80::a332:c081:5212:8597/64 scope link
valid_lft forever preferred_lft forever
fd6d:b0a8:2238::/64 dev br-lan metric 1024
unreachable fd6d:b0a8:2238::/48 dev lo metric 2147483647 error -148
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.2 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev tun0 metric 256
anycast fd6d:b0a8:2238:: dev br-lan metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev eth0.2 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev wlan0 metric 0
anycast fe80:: dev tun0 metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev br-lan metric 256
ff00::/8 dev eth0.2 metric 256
ff00::/8 dev wlan0 metric 256
ff00::/8 dev tun0 metric 256
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000169: from all iif br-lan lookup unspec 12
4200000171: from all iif eth0.2 lookup unspec 12
4200000174: from all iif tun0 lookup unspec 12
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 10.8.8.1 (10.8.8.1) 371.953 ms 364.527 ms 360.341 ms
2 host1.131.255.4.baehost.com.ar (131.255.4.1) 366.222 ms * 346.806 ms
3 10.255.14.1 (10.255.14.1) 346.389 ms 347.821 ms 362.298 ms
4 192.168.132.1 (192.168.132.1) 359.036 ms 394.533 ms 362.893 ms
5 * * *
6 190.94.176.190 (190.94.176.190) 361.379 ms 366.678 ms 358.159 ms
7 108.170.248.225 (108.170.248.225) 368.629 ms 74.125.242.193 (74.125.242.193) 359.746 ms 108.170.248.241 (108.170.248.241) 367.415 ms
8 66.249.95.37 (66.249.95.37) 361.691 ms 108.170.232.121 (108.170.232.121) 359.626 ms 66.249.94.51 (66.249.94.51) 365.011 ms
9 google-public-dns-a.google.com (8.8.8.8) 363.529 ms 366.074 ms 366.105 ms
traceroute: can't connect to remote host: Permission denied
root@OpenWrt:~#
note that the traceroute is going via the IP host1.131.255.4.baehost.com.ar (131.255.4.1)
which is the same that is setup by openvpn according to the logs:
root@OpenWrt:~# logread | grep openvpn
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: TUN/TAP device tun0 opened
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: TUN/TAP TX queue length set to 100
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: /sbin/ifconfig tun0 10.8.8.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255
Fri Apr 12 09:24:30 2019 daemon.notice netifd: Interface 'openvpn' is enabled
Fri Apr 12 09:24:30 2019 daemon.notice netifd: Interface 'openvpn' has link connectivity
Fri Apr 12 09:24:30 2019 daemon.notice netifd: Interface 'openvpn' is setting up now
Fri Apr 12 09:24:30 2019 daemon.notice netifd: Interface 'openvpn' is now up
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: /sbin/route add -net 131.255.4.21 netmask 255.255.255.255 gw 192.168.1.1
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
Fri Apr 12 09:24:30 2019 daemon.notice openvpn(custom_config)[29968]: Initialization Sequence Completed
This is normal.
If you want to change it, connect to another VPN-server.
See option remote in the VPN-client configuration.
That is what I want, I want this openwrt router to serve Argentinians IPs.
The main issue I have now is that this router is not giving internet access and argentinian ips to its clients (connected via ethernet cable or via wifi)
Please edit the above post and use preformated text (Ctrl+Shift+c) to make it easier for us to read.
Done, thanks
Mind that.
Also make sure the hosts behind the LAN can access the NS you advertise them option dhcp_option '6,162.252.172.57,149.154.159.92,136.243.231.242'
1 Like
Sorry, I did not get that. Should I comment the option ignore '1' ?
And what should I do with option dhcp_option '6,162.252.172.57,149.154.159.92,136.243.231.242' ?
Thank you
With ignore=1 you don't provide dhcp on that interface. You can delete the line.
I don't know what should you do with the dhcp_option 6, because I don't know which NS should you advertise to the hosts.
1 Like
I really thank you trendy !
when I removed the ignore=1 it gave me argentinian ip !
btw the dhcp-option I got it from other tutorial using my vpn server via luci
" Add Surfshark DNS Servers.
Go to " Network " -> " Interfaces " -> " LAN " -> " DHCP Server " ( below the âCommon Configurationâ section ) -> " Advanced Settings ". In the " DHCP-Options " enter: 6,162.252.172.57,149.154.159.92,136.243.231.242
Click " Save and Apply "."
But at least it now works !!!
Thank you again !!!
1 Like
I'll take a wild guess that they are NS for your VPN provider.
Anyway, enjoy the tunnel!
If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).
Done, Thanks again ! 
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.