after installing and setting up OpenVPN on my rpi4b and archer c6, ssh gets stuck here.
how to fix this?
What version of OpenWrt are you running?
1 Like
using 22.03.5 on both devices.
edit: running a custom image by wulfy23 based on 22.03.5 r20134-5f15225c1e on the rpi4b.
Why does the banner look so different? Did you mofidfy it? Where did you download OpenWrt?
1 Like
running a custom image on the rpi4b.
Where did that custom image come from?
Ah... ok. So it is a wulfy23 build. Because that is a bit different than the standard builds, it requires a bit of specialized knowledge about the specifics.
There is a support thread for it in the OpenWrt community builds forum section here, but unfortunately wulfy23 left the forums a while back. Other users of that build may be able to help, or you may be able to ask wulfy23 for assistance via github or other channels.
I'd recommend starting in the linked support thread.
1 Like
i believe this isn't a build specific issue. I got the same problem on my archer c6 running the official build.
if you believe it is more generic, we can try to troubleshoot... can you get to your configs? If ssh isn't working, serial console access could do it. Or if you can stop OpenVPN from the web interface, maybe then you can get in via ssh?
FWIW, I've never seen this type of situation, but I've got OpenVPN running on a 22.03.5 device without issue. But we'll take a look...
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
cat /etc/config/openvpn
1 Like
got them using WinSCP.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdab:5f62:ecb2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '10.1.1.1/24'
config interface 'wan'
option proto 'pppoe'
option device 'eth1'
option username ''
option password ''
option ipv6 'auto'
option hostname 'router'
option peerdns '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option cell_density '0'
option distance '30'
option htmode 'VHT80'
option band '5g'
option channel '157'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2+ccmp'
option ssid 'Starlink'
option key ''
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option dnsforwardmax '2300'
option min_cache_ttl '270'
option quietdhcp '1'
option sequential_ip '1'
option allservers '1'
list address '/router/10.1.1.1'
option rebind_protection '0'
option noresolv '0'
option cachesize '1000'
option port '54'
list server '10.1.1.1'
list ipset '/igamecj.com/gcloudcs.com/qos.gcloud.qq.com/latsens,latsens6'
list ipset '/zoom.us/streaming,streaming6'
list ipset '/googlevideo.com/*.googlevideo.com/streaming,streaming6'
list ipset '/vevo.com/streaming,streaming6'
list ipset '/nflxvideo.net/streaming,streaming6'
list ipset '/netflix.com/streaming,streaming6'
list ipset '/nflxso.net/streaming,streaming6'
list ipset '/nflximg.com/streaming,streaming6'
list ipset '/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming,streaming6'
list ipset '/fbcdn.net/streaming,streaming6'
list ipset '/ttvnw.net/streaming,streaming6'
list ipset '/audio-fa.scdn.cot/streaming,streaming6'
list ipset '/deezer.com/streaming,streaming6'
list ipset '/sndcdn.com/streaming,streaming6'
list ipset '/last.fm/streaming,streaming6'
list ipset '/v.redd.it/streaming,streaming6'
list ipset '/iview.abc.net.au/streaming,streaming6'
list ipset '/play.stan.com.au/streaming,streaming6'
list ipset '/disneyplus.com/streaming,streaming6'
list ipset '/cloudfront.net/streaming,streaming6'
list ipset '/aiv-cdn.net/r.cloudfront.net/aiv-delivery.net/streaming,streaming6'
list ipset '/vs-dash-uk-live.akamaized.net/streaming,streaming6'
list ipset '/cdn.bllon.isp.sky.com/live.bidi.net.uk/streaming,streaming6'
list ipset '/ssl-bbcdotcom.2cnt.net/streaming,streaming6'
list ipset '/millicast.com/streaming,streaming6'
list ipset '/xirsys.com/streaming,streaming6'
list ipset '/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn,usrcdn6'
list ipset '/akamai.net/usrcdn,usrcdn6'
list ipset '/download.qq.com/bulk,bulk6'
list ipset '/steamcontent.com/bulk,bulk6'
list ipset '/gs2.ww.prod.dl.playstation.net/bulk,bulk6'
list ipset '/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk,bulk6'
list ipset '/drive.google.com/drive-thirdparty.googleusercontent.com/bulk,bulk6'
list ipset '/1drv.ms/bulk,bulk6'
list ipset '/1drv.com/bulk,bulk6'
list ipset '/docs.google.com/docs.googleusercontent.com/bulk,bulk6'
list ipset '/gvt1.com/bulk,bulk6'
list ipset '/mmg-fna.whatsapp.net/bulk,bulk6'
list ipset '/upload.youtube.com/upload.video.google.com/bulk,bulk6'
list ipset '/windowsupdate.com/update.microsoft.com/bulk,bulk6'
list ipset '/ms-acdc.office.com/bulk,bulk6'
list ipset '/graph.microsoft.com/bulk,bulk6'
list ipset '/web.whatsapp.com/bulk,bulk6'
list ipset '/*.fastly.net/bulk,bulk6'
list ipset '/downloads.openwrt.org/bulk,bulk6'
list ipset '/*.cdn.openwrt.org/bulk,bulk6'
list ipset '/gvt1.com/gvt2.com/android.clients.google.com/clients1.google.com/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/clients6.google.com/play.googleapis.com/bulk,bulk6'
list ipset '/assetcdn.101.arenanetworks.com/gamecache4,gamecache6'
list ipset '/assetcdn.102.arenanetworks.com/gamecache4,gamecache6'
list ipset '/assetcdn.103.arenanetworks.com/gamecache4,gamecache6'
list ipset '/live.patcher.bladeandsoul.com/gamecache4,gamecache6'
list ipset '/dist.blizzard.com/gamecache4,gamecache6'
list ipset '/dist.blizzard.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/llnw.blizzard.com/gamecache4,gamecache6'
list ipset '/edgecast.blizzard.com/gamecache4,gamecache6'
list ipset '/blizzard.vo.llnwd.net/gamecache4,gamecache6'
list ipset '/blzddist1-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist2-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist3-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist4-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/level3.blizzard.com/gamecache4,gamecache6'
list ipset '/nydus.battle.net/gamecache4,gamecache6'
list ipset '/edge.blizzard.top.comcast.net/gamecache4,gamecache6'
list ipset '/cdn.blizzard.com/gamecache4,gamecache6'
list ipset '/cdn-11.eft-store.com/gamecache4,gamecache6'
list ipset '/cl-453343cd.gcdn.co/gamecache4,gamecache6'
list ipset '/cdn.homecomingservers.com/gamecache4,gamecache6'
list ipset '/nsa.tools/gamecache4,gamecache6'
list ipset '/pls.patch.daybreakgames.com/gamecache4,gamecache6'
list ipset '/cdn1.epicgames.com/gamecache4,gamecache6'
list ipset '/cdn.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn1.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn2.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn3.unrealengine.com/gamecache4,gamecache6'
list ipset '/download.epicgames.com/gamecache4,gamecache6'
list ipset '/download2.epicgames.com/gamecache4,gamecache6'
list ipset '/download3.epicgames.com/gamecache4,gamecache6'
list ipset '/download4.epicgames.com/gamecache4,gamecache6'
list ipset '/epicgames-download1.akamaized.net/gamecache4,gamecache6'
list ipset '/cdn.zaonce.net/gamecache4,gamecache6'
list ipset '/hirez.http.internapcdn.net/gamecache4,gamecache6'
list ipset '/level3.nwhttppatch.crypticstudios.com/gamecache4,gamecache6'
list ipset '/filedelivery.nexusmods.com/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.com/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.net/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.net.edgesuite.net/gamecache4,gamecache6'
list ipset '/geisha-wup.cdn.nintendo.net/gamecache4,gamecache6'
list ipset '/geisha-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
list ipset '/idbe-wup.cdn.nintendo.net/gamecache4,gamecache6'
list ipset '/idbe-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
list ipset '/ecs-lp1.hac.shop.nintendo.net/gamecache4,gamecache6'
list ipset '/receive-lp1.dg.srv.nintendo.net/gamecache4,gamecache6'
list ipset '/*.wup.eshop.nintendo.net/gamecache4,gamecache6'
list ipset '/*.hac.lp1.d4c.nintendo.net/gamecache4,gamecache6'
list ipset '/*.hac.lp1.eshop.nintendo.net/gamecache4,gamecache6'
list ipset '/origin-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/lvlt.cdn.ea.com/gamecache4,gamecache6'
list ipset '/rxp-lv.cncirc.net/gamecache4,gamecache6'
list ipset '/cronub.fairplayinc.uk/gamecache4,gamecache6'
list ipset '/amirror.tyrant.gg/gamecache4,gamecache6'
list ipset '/mirror.usa.tyrant.gg/gamecache4,gamecache6'
list ipset '/renx.b-cdn.net/gamecache4,gamecache6'
list ipset '/l3cdn.riotgames.com/gamecache4,gamecache6'
list ipset '/worldwide.l3cdn.riotgames.com/gamecache4,gamecache6'
list ipset '/riotgamespatcher-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/riotgamespatcher-a.akamaihd.net.edgesuite.net/gamecache4,gamecache6'
list ipset '/*.dyn.riotcdn.net/gamecache4,gamecache6'
list ipset '/patches.rockstargames.com/gamecache4,gamecache6'
list ipset '/gs2.ww.prod.dl.playstation.net/gamecache4,gamecache6'
list ipset '/gs2.sonycoment.loris-e.llnwd.net/gamecache4,gamecache6'
list ipset '/patch-dl.ffxiv.com/gamecache4,gamecache6'
list ipset '/lancache.steamcontent.com/gamecache4,gamecache6'
list ipset '/*.content.steampowered.com/gamecache4,gamecache6'
list ipset '/content1.steampowered.com/gamecache4,gamecache6'
list ipset '/content2.steampowered.com/gamecache4,gamecache6'
list ipset '/content3.steampowered.com/gamecache4,gamecache6'
list ipset '/content4.steampowered.com/gamecache4,gamecache6'
list ipset '/content5.steampowered.com/gamecache4,gamecache6'
list ipset '/content6.steampowered.com/gamecache4,gamecache6'
list ipset '/content7.steampowered.com/gamecache4,gamecache6'
list ipset '/content8.steampowered.com/gamecache4,gamecache6'
list ipset '/cs.steampowered.com/gamecache4,gamecache6'
list ipset '/steamcontent.com/gamecache4,gamecache6'
list ipset '/client-download.steampowered.com/gamecache4,gamecache6'
list ipset '/*.hsar.steampowered.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/*.akamai.steamstatic.com/gamecache4,gamecache6'
list ipset '/content-origin.steampowered.com/gamecache4,gamecache6'
list ipset '/clientconfig.akamai.steamtransparent.com/gamecache4,gamecache6'
list ipset '/steampipe.akamaized.net/gamecache4,gamecache6'
list ipset '/edgecast.steamstatic.com/gamecache4,gamecache6'
list ipset '/steam.apac.qtlglb.com.mwcloudcdn.com/gamecache4,gamecache6'
list ipset '/*.cm.steampowered.com/gamecache4,gamecache6'
list ipset '/cdn1-sea1.valve.net/gamecache4,gamecache6'
list ipset '/cdn2-sea1.valve.net/gamecache4,gamecache6'
list ipset '/*.steam-content-dnld-1.apac-1-cdn.cqloud.com/gamecache4,gamecache6'
list ipset '/*.steam-content-dnld-1.eu-c1-cdn.cqloud.com/gamecache4,gamecache6'
list ipset '/steam.apac.qtlglb.com/gamecache4,gamecache6'
list ipset '/edge.steam-dns.top.comcast.net/gamecache4,gamecache6'
list ipset '/edge.steam-dns-2.top.comcast.net/gamecache4,gamecache6'
list ipset '/steam.naeu.qtlglb.com/gamecache4,gamecache6'
list ipset '/steampipe-kr.akamaized.net/gamecache4,gamecache6'
list ipset '/steam.ix.asn.au/gamecache4,gamecache6'
list ipset '/steam.eca.qtlglb.com/gamecache4,gamecache6'
list ipset '/steam.cdn.on.net/gamecache4,gamecache6'
list ipset '/update5.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update2.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update6.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update3.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update1.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update4.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update5.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update2.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update4.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update3.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update6.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update1.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/st.dl.bscstorage.net/gamecache4,gamecache6'
list ipset '/cdn.mileweb.cs.steampowered.com.8686c.com/gamecache4,gamecache6'
list ipset '/live.patcher.elderscrollsonline.com/gamecache4,gamecache6'
list ipset '/d3rmjivj4k4f0t.cloudfront.net/gamecache4,gamecache6'
list ipset '/addons.forgesvc.net/gamecache4,gamecache6'
list ipset '/media.forgecdn.net/gamecache4,gamecache6'
list ipset '/files.forgecdn.net/gamecache4,gamecache6'
list ipset '/*.cdn.ubi.com/gamecache4,gamecache6'
list ipset '/content.warframe.com/gamecache4,gamecache6'
list ipset '/dl1.wargaming.net/gamecache4,gamecache6'
list ipset '/dl2.wargaming.net/gamecache4,gamecache6'
list ipset '/wg.gcdn.co/gamecache4,gamecache6'
list ipset '/wgusst-na.wargaming.net/gamecache4,gamecache6'
list ipset '/wgusst-eu.wargaming.net/gamecache4,gamecache6'
list ipset '/update-v4r4h10x.worldofwarships.com/gamecache4,gamecache6'
list ipset '/wgus-wotasia.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/*.windowsupdate.com/gamecache4,gamecache6'
list ipset '/windowsupdate.com/gamecache4,gamecache6'
list ipset '/*.dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/*.update.microsoft.com/gamecache4,gamecache6'
list ipset '/*.do.dsp.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/*.microsoft.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/amupdatedl.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl2.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl3.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl4.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl5.microsoft.com/gamecache4,gamecache6'
list ipset '/assets1.xboxlive.com/gamecache4,gamecache6'
list ipset '/assets2.xboxlive.com/gamecache4,gamecache6'
list ipset '/dlassets.xboxlive.com/gamecache4,gamecache6'
list ipset '/xboxone.loris.llnwd.net/gamecache4,gamecache6'
list ipset '/xboxone.vo.llnwd.net/gamecache4,gamecache6'
list ipset '/xbox-mbr.xboxlive.com/gamecache4,gamecache6'
list ipset '/assets1.xboxlive.com.nsatc.net/gamecache4,gamecache6'
list ipset '/xvcf1.xboxlive.com/gamecache4,gamecache6'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,10.1.1.1'
list dhcp_option '3,10.1.1.1'
list dns '2401:f40:1211:5a::1'
list dns 'fdab:5f62:ecb2::1'
option start '2'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'tun_roadwarrior'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
option reload '1'
config redirect
option target 'DNAT'
option name 'Torrent'
list proto 'tcp'
option src 'wan'
option dest 'lan'
option dest_ip '10.1.1.3'
option src_dport '42069'
option dest_port '42069'
config redirect
option target 'DNAT'
option name 'GTAV'
list proto 'udp'
option src 'wan'
option src_dport '61455-61458'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '61455-61458'
config redirect
option target 'DNAT'
option name 'GTAV'
option src 'wan'
option src_dport '6672'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '6672'
config redirect
option target 'DNAT'
option name 'Warzone'
option src 'wan'
option src_dport '3074'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '3074'
config redirect
option target 'DNAT'
option name 'Warzone'
list proto 'tcp'
option src 'wan'
option src_dport '27014-27050'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '27014-27050'
config redirect
option target 'DNAT'
option name 'Warzone'
list proto 'udp'
option src 'wan'
option src_dport '3478'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '3478'
config redirect
option target 'DNAT'
option name 'Warzone'
list proto 'udp'
option src 'wan'
option src_dport '4379-4380'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '4379-4380'
config redirect
option target 'DNAT'
option name 'Warzone'
list proto 'udp'
option src 'wan'
option src_dport '27000-27031'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '27000-27031'
config redirect
option target 'DNAT'
option name 'Warzone'
list proto 'udp'
option src 'wan'
option src_dport '27036'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '27036'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '14020-14024'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14020-14024'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '14000-14001'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14000-14001'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '13000'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '13000'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '13005'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '13005'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '13200'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '13200'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'tcp'
option src 'wan'
option src_dport '14008'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14008'
config redirect
option target 'DNAT'
option name 'Rainbow6'
list proto 'udp'
option src 'wan'
option src_dport '6015'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '6015'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'udp'
option src 'wan'
option src_dport '33000-33499'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '33000-33499'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '55000-56999'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '55000-56999'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '51000'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '51000'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '27015'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '27015'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '14020-14024'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14020-14024'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '14008'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14008'
config redirect
option target 'DNAT'
option name 'The Division'
list proto 'tcp'
option src 'wan'
option src_dport '14000'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '14000'
config redirect
option target 'DNAT'
option name 'GRwildlands'
list proto 'udp'
option src 'wan'
option src_dport '3074-3083'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '3074-3083'
config redirect
option target 'DNAT'
option name 'GRwildlands'
list proto 'udp'
option src 'wan'
option src_dport '6000'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '6000'
config redirect
option target 'DNAT'
option name 'GRwildlands'
list proto 'udp'
option src 'wan'
option src_dport '6180'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '6180'
config redirect
option target 'DNAT'
option name 'GRwildlands'
list proto 'udp'
option src 'wan'
option src_dport '7000'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '7000'
config redirect
option target 'DNAT'
option name 'ubisoft'
list proto 'tcp'
option src 'wan'
option src_dport '56000-56999'
option dest 'lan'
option dest_ip '10.1.1.3'
option dest_port '56000-56999'
config redirect
option target 'DNAT'
option name 'FTP'
option src 'wan'
option dest 'lan'
option dest_ip '10.1.1.3'
option src_dport '80'
option dest_port '80'
config rule
option name 'OpenVPN'
option src 'wan'
option dest_port '7500'
option target 'ACCEPT'
/etc/config/openvpn
config openvpn 'RoadWarrior'
option proto 'tcp-server'
option cipher 'AES-256-GCM'
option client_to_client '1'
option comp_lzo 'no'
option dev 'tun_roadwarrior'
option duplicate_cn '1'
option keepalive '10 120'
option mode 'server'
option mssfix '1450'
option persist_key '1'
option persist_tun '1'
option port '7500'
option remote_cert_tls 'client'
option reneg_sec '0'
option server '10.100.1.0 255.255.255.0'
option topology 'subnet'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/Server_SiteA.crt'
option dh '/etc/openvpn/dh.pem'
option key '/etc/openvpn/Server_SiteA.key'
list push 'route 10.1.1.1 255.255.255.0'
list push 'dhcp-option DNS 10.1.1.1'
I'm not seeing any obvious reason why OpenVPN would interfere with an ssh session.
If you stop OpenVPN, does the ssh session operate properly?
sadly, it does not. what other info I can provide you to help with the investigation?
I think we need to go back to basics... like starting with a fresh config and then adding OpenVPN to that.
Since you're using a Pi, do you happen to have a spare micro sd card? If so, you can do this without affecting your existing install.
I'd recommend a default install, making only the minimum changes necessary to get it to work in the most basic way. Test ssh to make sure it's still working. Then install OpenVPN and configure it. Test ssh again. If all is good there, then start installing other packages and config elements... ideally testing after each addition/change to see if ssh is working or not.
1 Like
will update in a few days, don't have the archer c6 with the vanilla build with me at the moment. Thanks.
will check the pi too.
Ok... sound good. Either the Pi or the Archer C6 should do the trick... ideally, use the standard/official version if you can. This reduces the number of variables.
Not related unless you are using ssh via the tunnel but I would use 10.1.1**.0**
2 Likes
Does the HDMI port work on the Raspberry Pi? Not related to your problem, but I know that on at least some single-board computers, some ports, such as HDMI, are just not supported.
If HDMI does work, you could fire up your Pi, enable OpenWRT and try debugging while networking is stuck.
ping from the Pi can show if outgoing traffic actually works. Use, e.g., ping 8..8.8.8 and see if this IP (it's a Google DNS server) answers.
route print would print the current routing table. Does that change when you enable the OpenVPN tunnel? E.g., does that somehow redirect your default route to the tunnel device?
tcpdump tells you when packages go through an interface. tcpdump -i br-lan will show every package going through the LAN bridge, tcpdump -i br-lan.1 could be the interface showing up as "lan" in the UI. If you have interfaces that are not bridges, tcpdump -i eth0 ist most likely the way to go.
Remember to opkg update ; opkg install tcpdump before you turn OpenVPN on.
A more elaborate thing: Use a desktop computer or laptop to ping 8.8.8.8 and watch tcpdump -i br-lan.1 on your Pi. You should see both, a request package to 8.8.8.8 as well as a response package from 8.8.8.8. When you tcpdump not -i br-lan.1 but -i br-lan.2 that should be the WAN side, where both of those packages of course are visible as well. What happens when you switch OpenVPN on? Are you still seeing request packages entering the br-lan.1 interface? Are you still seeing request packages leaving the br-lan.2 interface? Same for the response. That way, you should be able to deduce where to investigate next.
But obviously, this relies on you being able to access the Pi while the network is seemingly broken. Hence the HDMI question.
your setup is an OpenVPN client on the RPI4, is it?
if so, does the following sound similar to your problem?
It looks like wulfy uses this script to log all this extra info, and the next expected output would be the vpn section.