cd38
July 3, 2019, 3:20pm
51
I don't now if the config is better but now no wifi works ...
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb9:99da:a865::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'zoogvpn_vpn'
option proto 'none'
option ifname 'tun0'
option metric '10'
config interface 'vpnuser'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option type 'bridge'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option network 'zoogvpn_vpn'
config forwarding
option dest 'wan'
option src 'lan'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'vpnuser'
option forward 'ACCEPT'
option network 'vpnuser'
config forwarding
option dest 'vpn'
option src 'vpnuser'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Wifi'
option encryption 'psk2'
option key '0102030405'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'none'
option ssid 'WifiVPN'
option network 'vpnuser'
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,208.67.222.222,208.67.220.220'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'vpnuser'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'vpnuser'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
8: br-vpnuser: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-vpnuser
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.11.6 peer 10.8.11.5/32 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.11.5 dev tun0
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.1 via 10.8.11.5 dev tun0
10.8.11.5 dev tun0 scope link src 10.8.11.6
23.229.0.242 via 192.168.0.254 dev eth0.2
128.0.0.0/1 via 10.8.11.5 dev tun0
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
trendy
July 3, 2019, 9:06pm
52
Do you mean that nor the lan or the vpnuser wifi work?
For the lan, you still need to get rid of the default gateway from OpenVPN.
For the vpnuser wifi to work you also need the following in config/network
config rule
option in 'vpnuser'
option lookup '100'
config 'route' 'vpn'
option 'interface' 'zoogvpn_vpn'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'table' '100'
cd38
July 4, 2019, 7:51am
53
Hello,
The default gateway from OpenVPN it's not desactived ? How can i verify it ?
Where can i add option lookup '100' in network, firwall vpnnuser zone ?
I had a static route i don't now it's the good way and i have now
config route
option interface 'zoogvpn_vpn'
option target '0.0.0.0'
option netmask '0.0.0.0'
Is it very strange,
On Lan and Wifi(no vpn) it's works only if i stop the openvpn connection.
On the wifivpn it's works only if i start again the openvpn connection (it's look normal)but not on all internet for exemple http://www.record.pt/ i have DNS_PROBE_FINISHED_NXDOMAIN but http://www.abola.pt/ it's works
It's a dns Pb ?
trendy
July 4, 2019, 10:03am
54
You can verify with the ip -4 ro
command, if you see these 2 lines it means that you still get the default route from vpn tunnel.
0.0.0.0/1 via 10.8.11.5 dev tun0
128.0.0.0/1 via 10.8.11.5 dev tun0
cd38
July 4, 2019, 6:42pm
55
i do it a couple houre ago
ip -4 ro
0.0.0.0/1 via 10.8.11.5 dev tun0
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.1 via 10.8.11.5 dev tun0
10.8.11.5 dev tun0 scope link src 10.8.11.6
23.229.0.242 via 192.168.0.254 dev eth0.2
128.0.0.0/1 via 10.8.11.5 dev tun0
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
but after a restart of my roter it's totaly diferent ???
ip -4 ro
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
root@OpenWrt:~#
trendy
July 5, 2019, 10:08am
56
After you restart the router the tunnel is not working.
cd38
July 5, 2019, 11:38am
57
You are right! with vpn stop :
ip -4 ro
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
Wifi works but not wifivpn
With vpn start :
ip -4 ro
0.0.0.0/1 via 10.8.11.13 dev tun0
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.1 via 10.8.11.13 dev tun0
10.8.11.13 dev tun0 scope link src 10.8.11.14
23.229.0.242 via 192.168.0.254 dev eth0.2
128.0.0.0/1 via 10.8.11.13 dev tun0
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
Wifi and wifiVPN doesn't work ...
How can i delete :
0.0.0.0/1 via 10.8.11.13 dev tun0
128.0.0.0/1 via 10.8.11.13 dev tun0
?
trendy
July 5, 2019, 1:10pm
58
Did you add the route-nopull
command in OpenVPN config?
cd38
July 5, 2019, 2:02pm
59
trendy:
route-nopull
it was not but i add it and now Wifi it's working well when the vpn start or not thank you ! , however the wifivpn doesn't work ...
trendy
July 5, 2019, 2:29pm
60
Have you added the rule and route from this post?
Do you mean that nor the lan or the vpnuser wifi work?
For the lan, you still need to get rid of the default gateway from OpenVPN.
For the vpnuser wifi to work you also need the following in config/network
config rule
option in 'vpnuser'
option lookup '100'
config 'route' 'vpn'
option 'interface' 'zoogvpn_vpn'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'table' '100'
cd38
July 5, 2019, 3:27pm
61
Where can i add option lookup '100' in network, firwall vpnnuser zone ?
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb9:99da:a865::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'zoogvpn_vpn'
option proto 'none'
option ifname 'tun0'
option metric '10'
config interface 'vpnuser'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option type 'bridge'
config route
option interface 'zoogvpn_vpn'
option target '0.0.0.0'
option netmask '0.0.0.0'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option network 'zoogvpn_vpn'
config forwarding
option dest 'wan'
option src 'lan'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'vpnuser'
option forward 'ACCEPT'
option network 'vpnuser'
config forwarding
option dest 'vpn'
option src 'vpnuser'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.254'
option dest_port '80'
option name 'Jeedom'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Wifi'
option encryption 'psk2'
option key '0102030405'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'none'
option ssid 'WifiVPN'
option network 'vpnuser'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,208.67.222.222,208.67.220.220'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'vpnuser'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'vpnuser'
config host
option name 'Jimdo'
option dns '1'
option mac 'B8:27:EB:0F:88:E9'
option ip '192.168.1.254'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
8: br-vpnuser: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-vpnuser
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.11.6 peer 10.8.11.5/32 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.5 dev tun0 scope link src 10.8.11.6
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
cd38
July 6, 2019, 9:14am
62
trendy:
option lookup '100'
i anderstand the goal it's to arrive to
config rule
option in 'vpnuser'
option lookup '100'
config 'route' 'vpn'
option 'interface' 'zoogvpn_vpn'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'table' '100'
I try ip rule add lookup 100 table vpnuser but it's not the good sentence ...
trendy
July 6, 2019, 7:42pm
63
I have already explained this.
cd38
July 8, 2019, 10:19am
64
Hello,
i'm sorry i try to fing but i don't find it i see some links talking about but no explication tu had it ...
i try to add it by this way but it's doesen't works
il it possible to edit a file config/network to add it ?
Regards
trendy
July 8, 2019, 7:34pm
65
You cannot edit the /etc/config/network file with the custom firewall rules editor.
Either use SCP and download/edit locally/upload the file back to the router, or login to the router with SSH and edit the files using the built-in vi
editor, or install nano which is more user friendly.
cd38
July 10, 2019, 12:01pm
66
Hello,
I think its near ok ! Thanks
I have edite the file /etc/config/network with winscp.
My wifi works indépendence of the vpn. well ! ip 192.168.1.xxx
For the wifivpn i have a different Ip 192.168.2.xxx but no internet acces perhapas a dns pb ?
ping www.google.com
La requête Ping n’a pas pu trouver l’hôte www.google.com. Vérifiez le nom et essayez à nouveau.
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb9:99da:a865::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'zoogvpn_vpn'
option proto 'none'
option ifname 'tun0'
option metric '10'
config interface 'vpnuser'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option type 'bridge'
config rule
option in 'vpnuser'
option lookup '100'
config route 'vpn'
option 'interface' 'zoogvpn_vpn'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'table' '100'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option network 'zoogvpn_vpn'
config forwarding
option dest 'wan'
option src 'lan'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'vpnuser'
option forward 'ACCEPT'
option network 'vpnuser'
config forwarding
option dest 'vpn'
option src 'vpnuser'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.254'
option dest_port '80'
option name 'Jeedom'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Wifi'
option encryption 'psk2'
option key '0102030405'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'none'
option ssid 'WifiVPN'
option network 'vpnuser'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,208.67.222.222,208.67.220.220'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'vpnuser'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'vpnuser'
config host
option name 'Jimdo'
option dns '1'
option mac 'B8:27:EB:0F:88:E9'
option ip '192.168.1.254'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
8: br-vpnuser: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-vpnuser
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.11.6 peer 10.8.11.5/32 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.5 dev tun0 scope link src 10.8.11.6
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
192.168.2.0/24 dev br-vpnuser scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Any idea ?
Regards
trendy
July 10, 2019, 12:47pm
67
The settings are not applied. Did you restart network service after uploading the file back?
service network restart
cd38
July 10, 2019, 1:13pm
68
Thanks you it's works fine now a couple of seconds after reboot !
Thanks for your help and patience i hop all my post can help newbee like me !
1 Like
trendy
July 10, 2019, 1:30pm
69
Glad you got it working.
If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).
2 Likes
system
Closed
July 20, 2019, 1:30pm
70
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.