cd38
June 20, 2019, 7:45am
21
Thank you mk24 the VPN works again !
Now i try to disable the gateway redirect
https://openwrt.org/docs/guide-user/services/vpn/openvpn/extra#disable_gateway_redirect
The command it's in one line ?
sed -i -e "/^redirect-gateway/s/^/#/\$a pull-filter ignore redirect-gateway" /etc/openvpn/vpnclient.conf
because i have this error :
sed: bad option in substitution expression
trendy
June 20, 2019, 9:32am
22
Copy-paste it exactly as you see it:
root@RoadWarrior:~# sed -i -e "
> /^push.*redirect-gateway/s/^/#/
> " /etc/openvpn/vpnserver.conf
root@RoadWarrior:~#
The greater -than sign is added automatically.
cd38
June 20, 2019, 9:52am
23
Sorry but i thing i have not any file.conf :
root@OpenWrt:~# sed -i -e "
/^push.*redirect-gateway/s/^/#/
" /etc/openvpn/vpnserver.conf
sed: /etc/openvpn/vpnserver.conf: No such file or directory
root@OpenWrt:~# head -n -0 /etc/openvpn/.conf
head: /etc/openvpn/ .conf: No such file or directory
root@OpenWrt:~# head -n -0 /etc/openvpn/vpnserver.conf
head: /etc/openvpn/vpnserver.conf: No such file or directory
root@OpenWrt:~#
you have told us already, many times the name of your config file....
1 Like
tmomas
June 20, 2019, 12:40pm
25
@cd38 Please use "Preformatted text </>" for logs, scripts, configs and general console output.
Please edit your posting accordingly.
cd38
June 21, 2019, 8:14am
26
Hello thank's for your help.
i do
sed -i -e "
> /^push.*redirect-gateway/s/^/#/
> " /etc/openvpn/zoogvpn_us4.ovpn
service openvpn restart
there are no error but i'm ever connected on the vpn ...
trendy
June 21, 2019, 8:43am
27
Post once again here the contents of the config.
If you have two routers, I think it is possible.
cd38
June 21, 2019, 12:24pm
29
I think i will never finish ... Now i can't install more the vpn package after resset ...
troot@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.2/targets/ramips/mt7621/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.2/targets/ramips/mt7621/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# opkg install openvpn-openssl luci-app-openvpn
Unknown package 'openvpn-openssl'.
Installing luci-app-openvpn (git-19.170.32094-4d6d8bc-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.2/packages/mipsel_24kc/luci/luci-app-openvpn_git-19.170.32094-4d6d8bc-1_all.ipk
Configuring luci-app-openvpn.
Collected errors:
* opkg_install_cmd: Cannot install package openvpn-openssl.
root@OpenWrt:~# opkg install libustream-openssl ca-bundle ca-certificates
Unknown package 'libustream-openssl'.
Unknown package 'ca-bundle'.
Unknown package 'ca-certificates'.
Collected errors:
* opkg_install_cmd: Cannot install package libustream-openssl.
* opkg_install_cmd: Cannot install package ca-bundle.
* opkg_install_cmd: Cannot install package ca-certificates.
root@OpenWrt:~#
cd38
June 25, 2019, 1:47pm
30
Hello,
Finaly i arrive to create the VPN session but i do not do this for not activated it to all interface
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
The pb it's when the vpn it's started i don't have internet acces (Lan of wifi) ...
I created a SSID: VPN in interface Configuration Network -> zoogvpn_vpn
but how can i create with IP/MASK and DHCP server ?
Regards
trendy
June 26, 2019, 7:35pm
31
You need to post once again the commands I asked you in the second post as well as the OpenVPN configuration (when the vpn is up) to see what can be wrong.
cd38
June 27, 2019, 6:33am
32
Hello,
I'm sorry here the config Thanks again for youre help !
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc8:a9e4:272a::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'zoogvpn_vpn'
option proto 'none'
option ifname 'tun0'
option metric '10'
option type 'bridge'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Wifi'
option encryption 'psk2'
option key '0102030405'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'VPN'
option network 'zoogvpn_vpn'
option encryption 'psk2'
option key '0102030405'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'Jeedom'
option dns '1'
option mac 'B8:27:EB:0F:88:E9'
option ip '192.168.1.254'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
trendy
June 27, 2019, 8:30am
33
For a start remove the bridge from the VPN interface. I don't see the VPN interface up as requested so I am not sure what is the problem.
Create a new interface for the WiFi VPN. Add IP address, network mask, and DHCP server will be enabled by default if I am not mistaken.
In firewall allow traffic from WiFi VPN interface to VPN tunnel.
Create a rule to classify all traffic coming from WiFi VPN interface to table 100.
Add a route for table 100 to use the VPN tunnel gateway.
cd38
June 27, 2019, 11:40am
34
For a start remove the bridge from the VPN interface
on uci interface i was on Network -> Interface -> Edit ZOOGVPN_VPN -> Physical Settings and i désactivated Bridge Interface.
For information on interface i hane Tun0(zoogvpn_vpn)
Create a new interface for the WiFi VPN his name is VPN on network zoogvpn_vpn
I created à new interface INTERFACE_VPN with statick adresse 192.168.2.1 and netmask 255.255.255.0 with no gateway, i activated on the dhcp server
In firewall allow traffic from WiFi VPN interface to VPN tunnel.
? in Network -> firewall -> i do this :
Create a rule to classify all traffic coming from WiFi VPN interface to table 100
How can do this ?
Add a route for table 100 to use the VPN tunnel gateway.
How can do this ?
Best regards
trendy
June 28, 2019, 8:39am
35
In VPN firewall zone change the forward from reject to accept.
For the rule and route check the links in this post:
That is pretty clear.
What needs to be done:
Don't install default route from vpn.This way all traffic from LAN and default Wifi will go through your ISP.
Create a new wireless interface, with IP/MASK and DHCP server. Assign it to a new zone.
Add a rule to lookup all traffic coming from the new wireless interface created in the previous step.
Add a static route for a new routing table (same number as the one used in the previous step for lookup) with gateway the VPN peer.
Advertise the approp…
cd38
June 30, 2019, 8:18am
36
Hello,
1°)
I do to dosable gateway redirect on vpn server:
sed -i -e "
/^push.*redirect-gateway/s/^/#/
" /etc/openvpn/zoogvpn_us4.ovpn
service openvpn restart
and
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='wan'
service openvpn restart
But if the vpn it's start my wifi doesn't work
2°) I have an interface zoogvpn_vpn with ip 192.168.2.1 (Lan interface has ip 192.168.1.1) (Bridge interfaces not activated)
i created a wifi for the VPN named VPN on network zoogvpn_vpn
The DHCP it's enable (not ignore ) but it's don't attrubute any IP when i'm connected on wifi vpn
I have do this and click on restart Firewall but i'm not shure it's do somethings
For the static route i have to do ?
config 'route' 'MyVPN'
option 'interface' 'lan'
option 'target' '192.168.2.0'
option 'netmask' '255.255.255.0'
option 'gateway' '192.168.1.1'
Regards
trendy
June 30, 2019, 10:19pm
37
Nope this is wrong.
In the previous post you had the wifi VPN interface and the ZOOGVPN_VPN in the same firewall zone, but the Forward rule was reject, so I told you to make it accept.
Then the rules and the routes are configured inside /etc/config/network
not in firewall.
cd38
July 1, 2019, 9:20am
38
Firstly, thanks for your patience ...
I'm too bad ...I resset again my config.
I will try step by step ...
I config the vpn ans is working.
To beguining i would like to stop the VPN from the network, it will be only on 1 wifi specific vpn .
I do this
sed -i -e "
/^push.*redirect-gateway/s/^/#/
" /etc/openvpn/zoogvpn_us4.ovpn
service openvpn restart
But when the vpn it's start i'm automaticly on the vpn ..
My conf :
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb9:99da:a865::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '208.67.222.222'
list dns '208.67.220.220'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'zoogvpn_vpn'
option proto 'none'
option ifname 'tun0'
option metric '10'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'zoogvpn_vpn'
option forward 'ACCEPT'
config forwarding
option dest 'vpn'
option src 'lan'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,208.67.222.222,208.67.220.220'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.11.14 peer 10.8.11.13/32 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.11.13 dev tun0
default via 192.168.0.254 dev eth0.2 src 192.168.0.253
10.8.11.1 via 10.8.11.13 dev tun0
10.8.11.13 dev tun0 scope link src 10.8.11.14
23.229.0.242 via 192.168.0.254 dev eth0.2
128.0.0.0/1 via 10.8.11.13 dev tun0
192.168.0.0/24 dev eth0.2 scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
cd38
July 1, 2019, 9:21am
39
It's this the pb ?
config forwarding
option dest 'vpn'
option src 'lan'
trendy
July 1, 2019, 4:46pm
40
The problem to start with is that you still install the default route:
Post again the ovpn configuration.
redirect-gateway def1
should not be there and just in case route-nopull
would make sure the server is not pushing anything to you.