VPN Firewall Rules for Dual Band Radio Repeater (RE450)

Hey guys,

Thank you for all the help with my previous topic of helping me creating a masqueraded private network with my dual band repeater. For those interested, look here.

Right now my setup is as follows:
Private Wifi Network <-- 5 GHz --> RE450 Repeater <-- 2.4 GHz --> Main Router w/ Internet Access

My goal is to have all internet traffic originating from the Private Wifi Network pass through a VPN tunnel.

Many guides exist to achieve the same but most of them are written with a single band router in mind. Personally, I wanted to be able to switch on/off the VPN easily (without SSH) using the LuCi UI so I chose to follow this guide.

However, again since the guide is made with single band routers in mind, he mentions that the firewall forwarding settings should be like:

config zone
    option name 'VPN_FW'
    other options

config forwarding                               
    option dest 'VPN_FW'                    
    option src 'lan' 

Below is a pictorial depiction of what he mentions. Should this work? If yes, it maybe a problem with the VPN itself.

Since I am using a dual band radio, I already have the following forwarding settings in my firewall:

config forwarding
    option src 'lan'
    option dest 'wan'

I tried adding two forwarding configs such that it forwarding from lan -> VPN_FW -> wan but that did not work. My non-working forwarding config looked like follows:

config forwarding
    option src 'lan'
    other dest 'VPN_FW'

config forwarding                               
    option src 'VPN_FW'                    
    option src 'wan' 

Would appreciate if anyone could help me with the correct firewall settings to achieve this.

Thank you! :smiley:

All you should need to do is remove the forwarding rule from LAN to WAN (the first one you have listed). If that is removed or disabled, no traffic can pass except if it is via the tunnel. The router itself will still be able to connect via the WAN which is required if you want to setup the tunnel in the first place.

@psherman
Thank you! I managed to figure it out.

But another weird problem lol, I can't disable the VPN tunnel now. It's always connected even if I press 'Stop' in 'Services -> OpenVPN -> stop'.

:expressionless:

EDIT:
Working but a little annoying because I have to press 'stop' multiple times and then press 'Save and Apply' for it to work. Kinda weird but at least it works.

On the command line:
/etc/init.d/openvpn disable

Or in luci under startup, disable openvpn.

Reboot

Then the openvpn start/stop should work. The process was likely respawning each time you stopped it because it was enabled at startup.

1 Like

You are right! :slight_smile: