I am testing router Archer A2300 ( no openvpn client , but has openvpn server feature) , my goal is to run openvpn client , so I initiate openvpn, directly with terminal:
/usr/sbin/openvpn -- config myfile.ovpn
and got result
.
.
.
.
Sat Jun 20 20:30:15 2020 TUN/TAP device tun0 opened
Sat Jun 20 20:30:15 2020 TUN/TAP TX queue length set to 100
Sat Jun 20 20:30:15 2020 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 20 20:30:15 2020 /sbin/ifconfig tun0 10.8.1.15 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
Sat Jun 20 20:30:15 2020 /sbin/route add -net XX.XX.XX.XXX netmask 255.255.255.255 gw 192.168.1.1
Sat Jun 20 20:30:15 2020 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat Jun 20 20:30:15 2020 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.1
Sat Jun 20 20:30:15 2020 Initialization Sequence Completed
meaning tun0 ( 10.8.1.15 ) has been created and add public IP VPN provider XX.XX.XX.XXX to router ?
then add interface 'vpn0' in /etc/config/network as below
root@AC2300: cat /etc/config/network
config interface 'loopback'
option ipaddr '127.0.0.1'
option proto 'static'
option netmask '255.0.0.0'
option ifname 'lo'
config interface 'lan'
option igmp_snooping '0'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option proto 'static'
option ifname 'eth1 eth2 eth3 eth4'
option lan_type 'dynamic'
option type 'bridge'
config interface 'wan'
option auto '0'
option mtu '1500'
option proto 'dhcp'
option peerdns '1'
option macaddr 'b0:4e:26:XX:XX:XX'
option connectable '1'
option wan_type 'dhcp'
option broadcast '1'
option hostname 'Archer_A2300'
option conn_mode 'auto'
option keepup '1'
option ifname 'eth0'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'
config device
option name 'eth0'
option enabled '1'
option macaddr '50:c7:bf:XX:XX:XX'
config device
option name 'eth1'
option enabled '1'
option macaddr '50:C7:BF:XX:XX:XX'
config device
option name 'eth2'
option enabled '1'
config device
option name 'eth3'
option enabled '1'
config device
option name 'eth4'
option enabled '1'
then setup in firewall with added config zone 'vpn' and forwarding 'vpn_forwarding_lan_out' as below:
root@AC2300: cat /etc/config/firewall
config defaults 'firewall_default'
option syn_flood '1'
option output 'ACCEPT'
option disable_ipv6 '0'
option input 'ACCEPT'
option forward 'DROP'
config zone 'zone_lan'
option network 'lan'
option output 'ACCEPT'
option name 'lan'
option input 'ACCEPT'
option forward 'DROP'
config zone 'zone_wan'
option network 'wan internet wanv6'
option output 'ACCEPT'
option name 'wan'
option input 'DROP'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding 'lan_to_wan'
option dest 'wan'
option src 'lan'
config rule 'allow_dhcp'
option dest_port '68'
option name 'Allow-DHCP-Renew'
option family 'ipv4'
option target 'ACCEPT'
option proto 'udp'
option src 'wan'
config include 'include_usr'
option path '/etc/firewall.user'
config include 'miniupnpd'
option path '/usr/share/miniupnpd/firewall.include'
option family 'IPv4'
option type 'script'
option reload '1'
config include 'qcanssconnmgr'
option path '/etc/firewall.d/qca-nss-connmgr'
option family 'any'
option type 'script'
option reload '1'
config zone 'vpn'
option network 'vpn0'
option output 'ACCEPT'
option name 'vpn'
option input 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding 'vpn_forwarding_lan_out'
option dest 'vpn'
option src 'lan'
The openvpn client is working now, to router LAN and Wireless LAN
But I am not firm ( just grab here and there ) about the following setup after tun0 has been established .
Is there anything need to be corrected ? or anything reducing vpn speed tun0 above setup in etc/config/network or firewall ?
Thank you much all, for your help