[Solved] tun0 to LAN setup

I am testing router Archer A2300 ( no openvpn client , but has openvpn server feature) , my goal is to run openvpn client , so I initiate openvpn, directly with terminal:

/usr/sbin/openvpn -- config myfile.ovpn
and got result
.
.
.
.
Sat Jun 20 20:30:15 2020 TUN/TAP device tun0 opened
Sat Jun 20 20:30:15 2020 TUN/TAP TX queue length set to 100
Sat Jun 20 20:30:15 2020 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 20 20:30:15 2020 /sbin/ifconfig tun0 10.8.1.15 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
Sat Jun 20 20:30:15 2020 /sbin/route add -net XX.XX.XX.XXX netmask 255.255.255.255 gw 192.168.1.1
Sat Jun 20 20:30:15 2020 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat Jun 20 20:30:15 2020 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat Jun 20 20:30:15 2020 Initialization Sequence Completed

meaning tun0 ( 10.8.1.15 ) has been created and add public IP VPN provider XX.XX.XX.XXX to router ?
then add interface 'vpn0' in /etc/config/network as below

root@AC2300: cat  /etc/config/network

config interface 'loopback'
        option ipaddr '127.0.0.1'
        option proto 'static'
        option netmask '255.0.0.0'
        option ifname 'lo'

config interface 'lan'
        option igmp_snooping '0'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option proto 'static'
        option ifname 'eth1 eth2 eth3 eth4'
        option lan_type 'dynamic'
        option type 'bridge'

config interface 'wan'
        option auto '0'
        option mtu '1500'
        option proto 'dhcp'
        option peerdns '1'
        option macaddr 'b0:4e:26:XX:XX:XX'
        option connectable '1'
        option wan_type 'dhcp'
        option broadcast '1'
        option hostname 'Archer_A2300'
        option conn_mode 'auto'
        option keepup '1'
        option ifname 'eth0'

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'

config device
        option name 'eth0'
        option enabled '1'
        option macaddr '50:c7:bf:XX:XX:XX'

config device
        option name 'eth1'
        option enabled '1'
        option macaddr '50:C7:BF:XX:XX:XX'

config device
        option name 'eth2'
        option enabled '1'

config device
        option name 'eth3'
        option enabled '1'

config device
        option name 'eth4'
        option enabled '1'

then setup in firewall with added config zone 'vpn' and forwarding 'vpn_forwarding_lan_out' as below:

root@AC2300: cat /etc/config/firewall

config defaults 'firewall_default'
    option syn_flood '1'
    option output 'ACCEPT'
    option disable_ipv6 '0'
    option input 'ACCEPT'
    option forward 'DROP'

config zone 'zone_lan'
    option network 'lan'
    option output 'ACCEPT'
    option name 'lan'
    option input 'ACCEPT'
    option forward 'DROP'

config zone 'zone_wan'
    option network 'wan internet wanv6'
    option output 'ACCEPT'
    option name 'wan'
    option input 'DROP'
    option forward 'DROP'
    option masq '1'
    option mtu_fix '1'

config forwarding 'lan_to_wan'
    option dest 'wan'
    option src 'lan'

config rule 'allow_dhcp'
    option dest_port '68'
    option name 'Allow-DHCP-Renew'
    option family 'ipv4'
    option target 'ACCEPT'
    option proto 'udp'
    option src 'wan'

config include 'include_usr'
    option path '/etc/firewall.user'

config include 'miniupnpd'
    option path '/usr/share/miniupnpd/firewall.include'
    option family 'IPv4'
    option type 'script'
    option reload '1'

config include 'qcanssconnmgr'
    option path '/etc/firewall.d/qca-nss-connmgr'
    option family 'any'
    option type 'script'
    option reload '1'

config zone 'vpn'
    option network 'vpn0'
    option output 'ACCEPT'
    option name 'vpn'
    option input 'ACCEPT'
    option forward 'REJECT'
    option masq '1'

config forwarding 'vpn_forwarding_lan_out'
    option dest 'vpn'
    option src 'lan'

The openvpn client is working now, to router LAN and Wireless LAN
But I am not firm ( just grab here and there ) about the following setup after tun0 has been established .
Is there anything need to be corrected ? or anything reducing vpn speed tun0 above setup in etc/config/network or firewall ?

Thank you much all, for your help

Is the router supported by OpenWrt or is it running some modified version? At least in the Table of Hardware is not present.
Anyway, your configuration looks correct, I would only change the input policy of vpn zone to REJECT.

I think it's running some modified old version Openwrt and not being yet supported by Openwrt. It's good router, but no vpnclient and slow update firmware from manufacture . It use BCM4906 same engine with A 86U , technically has AES feature which should speed up openvpn .
And following https://github.com/acc-/tplink-archer-c2300
Since there is no indicator or flag if built in AES accelerator running, plus customize on config/network . So I am basically wondering if the unit already working properly.
I wish have an A 86U so can be compared.
Thanks for any suggestion

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

Thanks ,will do

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.