VPN connected but something seems not right

Installing and Using OpenWrt
1

So I finally got connected with the help of a couple of members but something still seems odd with the connection. When I first start up I can hit the internet without VPN and I've been looking at other configs trying to add a kill routine to my config. ....my vpn interface doesn't show up in most of the places all the others do? I'm not sure if I have a problem or not and when the vpn goes down it's takes a long while for it to get it back unless i reboot router. here's my configs and screens. Ultimately i want all traffic through the vpn - no exception and have the connection come back online quickly if it goes down.! But to start with I'm not sure my VPN/tun is setup correctly. Can someone review this config? does it seem correct?Screenshot (5)|690x478

Screenshot (2)
Screenshot (2)1158×854 34.3 KB
Screenshot (4)
Screenshot (4)926×787 36.5 KB
Screenshot (6)
Screenshot (6)1049×814 24.6 KB

ifconfig results

br-lan    Link encap:Ethernet  HWaddr 18:E8:29:2E:65:5E
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fd60:8eb2:d25c::1/60 Scope:Global
          inet6 addr: fe80::1ae8:29ff:fe2e:655e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9507 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13446 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1820833 (1.7 MiB)  TX bytes:13311814 (12.6 MiB)

eth0      Link encap:Ethernet  HWaddr 18:E8:29:2E:65:5E
          inet6 addr: fe80::1ae8:29ff:fe2e:655e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25684 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23433 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15418903 (14.7 MiB)  TX bytes:15948747 (15.2 MiB)
          Interrupt:20

eth0.1    Link encap:Ethernet  HWaddr 18:E8:29:2E:65:5E
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9509 errors:0 dropped:2 overruns:0 frame:0
          TX packets:13446 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1820925 (1.7 MiB)  TX bytes:13311814 (12.6 MiB)

eth0.35   Link encap:Ethernet  HWaddr 18:E8:29:2E:65:5E
          inet6 addr: fe80::1ae8:29ff:fe2e:655e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15995 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9688 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13128259 (12.5 MiB)  TX bytes:2408904 (2.2 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:587 errors:0 dropped:0 overruns:0 frame:0
          TX packets:587 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:50572 (49.3 KiB)  TX bytes:50572 (49.3 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.32.1.14  P-t-P:10.32.1.13  Mask:255.255.255.255
          inet6 addr: fe80::c47b:5a8f:bc5e:69ea/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:8543 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6048 errors:0 dropped:624 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:9255586 (8.8 MiB)  TX bytes:1050642 (1.0 MiB)


**/etc/config/network/**
root@OpenWrt:/# vim /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd60:8eb2:d25c::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '18:e8:29:2e:65:5e'

config interface 'wan'
        option ifname 'eth0.35'
        option proto 'pppoe'
        option ipv6 'auto'
        option username 'XXXXXXXXXX'
        option password 'XXXXXXXX'
        list dns '209.222.18.222'
        list dns '209.222.18.218'
        option peerdns '0'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr '18:e8:29:2e:65:5f'

config interface 'wan6'
        option proto 'dhcpv6'
        option ifname 'eth0.35'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 1 2 3 4'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0t'
        option vid '35'

config interface 'PIA_VPN'
        option ifname 'tun0'
        option proto 'none'


**/etc/config/firewall**
root@OpenWrt:/# vim /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 PIA_VPN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
2

fwiw, I suggest you study the alternative tutorial guide PDF at the bottom of the wiki page if you still have problems.
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci

which links to:
https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=279
You may wish to just clear all your openwrt settings and start from the beginning. (LuCI->System -> Backup/Flash firmware -> Perform Reset)

3

I've reset this about 4 times and reflashed as well. I've followed the vpn guide and done it 3 times. so i'm not sure because you not clearly saying you see a problem but because you're suggesting i start from scratch ...is that because you see something specific or is this kind of like the what people do when they have issues?? I'm pretty new to this so not quite sure what the approach should be. rebuilding the router doesn't seem to be making a difference so far though...

4

Screenshots are not very helpful for diagnosing this kind of problem.
If you want to localize, understand and resolve the issue, collect the information from the troubleshooting section:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client#troubleshooting

In addition, the runtime configuration should be collected separately for connected and disconnected VPN.

5

I only advise resetting/clearing the openwrt settings if you plan to follow the tuturial. This is to prevent use of incorrect settings left over from previous failed attempts to get vpn client working.

Did you follow the tutorial PDF hosted linked from ebilan forum in those 3 attempts you made? (The firewall settings you included in 1st post don't seem to reflect the tutorial)

Suggest trying to connect to vpnbook (if your ISP doesn't block it). If you get it working with vpnbook, then modify it for your VPN provider.