I have OpenWrt 18.06.0-rc2 on a WRT32X. My problem is that I can't get openvpn to work. I can browse the web fine from my machine, but my IP is exposed and it's not going through my VPN.
In my /etc/config/openvpn file, I have this section ...
$ ip route show
default via 192.168.10.1 dev eno1 metric 2
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.10.0/24 dev eno1 proto kernel scope link src 192.168.10.10
The VPN isn't negotiating TLS because of the above error, so the VPN is never established. Are you using the correct certificate for the target server?
So I had a mismatch of certificates, which I believe is fixed now. It appears to be connecting, however, now I can't get out w/ the browser from the host machine that's connected to the wrt32x. I can still browse the luci pages and make changes.
Here's the new system log ...
Mon Sep 3 15:21:00 2018 daemon.err odhcp6c[1903]: Failed to send DHCPV6 message to ff02::1:2 (Address not available)
Mon Sep 3 15:21:01 2018 daemon.notice openvpn(pia_client)[2295]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Sep 3 15:21:01 2018 daemon.notice openvpn(pia_client)[2295]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
Mon Sep 3 15:21:01 2018 daemon.notice procd: /etc/rc.d/S96led: setting up led WAN
Mon Sep 3 15:21:01 2018 daemon.notice procd: /etc/rc.d/S96led: setting up led USB 1
Mon Sep 3 15:21:01 2018 daemon.notice procd: /etc/rc.d/S96led: setting up led USB 2
Mon Sep 3 15:21:01 2018 daemon.notice procd: /etc/rc.d/S96led: setting up led USB 2 SS
Mon Sep 3 15:21:01 2018 daemon.notice openvpn(pia_client)[2295]: TCP/UDP: Preserving recently used remote address: [AF_INET]162.216.46.143:1198
Mon Sep 3 15:21:01 2018 daemon.notice openvpn(pia_client)[2295]: UDP link local: (not bound)
Mon Sep 3 15:21:01 2018 daemon.notice openvpn(pia_client)[2295]: UDP link remote: [AF_INET]162.216.46.143:1198
Mon Sep 3 15:21:01 2018 daemon.warn openvpn(pia_client)[2295]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 3 15:21:01 2018 daemon.info procd: - init complete -
Mon Sep 3 15:21:01 2018 user.notice firewall: Reloading firewall due to ifup of PIA_VPN (eth0)
Mon Sep 3 15:21:01 2018 daemon.err openvpn(pia_client)[2295]: write UDP: Operation not permitted (code=1)
Mon Sep 3 15:21:01 2018 kern.info kernel: [ 17.689334] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Mon Sep 3 15:21:02 2018 user.notice firewall: Reloading firewall due to ifup of wan (eth1.2)
Mon Sep 3 15:21:03 2018 daemon.notice openvpn(pia_client)[2295]: [939e298938da0802aae153459a41c1b2] Peer Connection Initiated with [AF_INET]162.216.46.143:1198
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[1662]: exiting on receipt of SIGTERM
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: started, version 2.80test2 cachesize 150
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: DNS service limited to local subnets
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq-dhcp[2655]: DHCP, IP range 192.168.10.100 -- 192.168.10.249, lease time 12h
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain test
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain onion
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain localhost
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain local
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain invalid
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain bind
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain lan
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: reading /tmp/resolv.conf.auto
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain test
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain onion
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain localhost
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain local
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain invalid
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain bind
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using local addresses only for domain lan
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using nameserver 209.222.18.222#53
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using nameserver 209.222.18.218#53
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using nameserver 75.75.75.75#53
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: using nameserver 75.75.76.76#53
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: read /etc/hosts - 4 addresses
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq[2655]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Mon Sep 3 15:21:04 2018 daemon.info dnsmasq-dhcp[2655]: read /etc/ethers - 0 addresses
Mon Sep 3 15:21:09 2018 daemon.notice openvpn(pia_client)[2295]: TUN/TAP device tun0 opened
Mon Sep 3 15:21:09 2018 daemon.notice openvpn(pia_client)[2295]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Sep 3 15:21:09 2018 daemon.notice openvpn(pia_client)[2295]: /sbin/ifconfig tun0 10.3.10.6 pointopoint 10.3.10.5 mtu 1500
Mon Sep 3 15:21:09 2018 daemon.notice openvpn(pia_client)[2295]: Initialization Sequence Completed
Mon Sep 3 15:22:58 2018 daemon.err uhttpd[1843]: luci: accepted login on /admin for root from 192.168.10.10
If I try to ping ...
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=2 Destination Port Unreachable
From 192.168.10.1 icmp_seq=3 Destination Port Unreachable
In the LAN interface page, I have 'use custom DNS servers' set to my VPN DNS servers. I also have the DNS nameserver entries in my /etc/resolv.conf.
I should have clarified. The pings I was doing were from my host machine, not the router.
From the router, I can ping on the tun0 interface as well as the eth1.2 (WAN). So my VPN connection does indeed seem to be working, but not sure why my linux machine can't go through.
Shouldn't I be able to ping from the br-lan interface on WRT, which is the gateway for my linux machine. Though I'm confused about the PIA_VPN interface. In "physical settings", the interface shows as "Ethernet switch: "eth0" (PIA_VPN). And I cannot ping 8.8.8.8 via eth0. I can via tun0, though I don't see where I have tun0 setup. I do have an entry for dev tun in Networking of the Overview>>Instance of my "pia_client".
Please post your /etc/config/network file -- that may be the missing link.
Also, you might possibly want to include the following directive to the OpenVPN client config file if you want all traffic to go through the tunnel: option redirect_gateway 'def1'
Which VPN are you using?
I'm using CyberGhost VPN which is working great for me never got any issue about it. CyberGhost is one of the best cheap VPN that keeps your identity anonymous and also don't compromise your internet speed. I would recommend you to try it and the best option its giving money back guarantee also. If still, you are confused about VPN than here: https://www.reviewsdir.com/best-vpn-services/ you will get the guide to best VPN service. It would help you choose which VPN have to pick.