Thanks for the help so far. Attached are the requested Files
root@OpenWRT:~# ubus call system board
{
"kernel": "5.15.134",
"hostname": "OpenWRT",
"system": "Atheros AR9344 rev 2",
"model": "TP-Link TL-WDR3600 v1",
"board_name": "tplink,tl-wdr3600-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0",
"revision": "r23497-6637af95aa",
"target": "ath79/generic",
"description": "OpenWrt 23.05.0 r23497-6637af95aa"
root@Strahlerouter:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddf:abef:ccb2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.10.0.254'
option netmask '255.255.255.0'
list dns '1.1.1.1'
list dns '8.8.8.8'
list dns '9.9.9.9'
option delegate '0'
config device
option name 'eth0.2'
option macaddr 'x'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3t 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '20'
option ports '0t 2t 3t 4t 5t 1t'
option description 'DXNET'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '30'
option ports '0t 2t 3t 4t 5t 1t'
option description 'IOTNET'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '40'
option ports '0t 2t 3t 4t 5t 1t'
option description 'GAST'
config switch_vlan
option device 'switch0'
option vlan '6'
option ports '0t 2t 3t 4t 5t 1t'
option vid '50'
option description 'BACKBONE'
config device
option type 'bridge'
option name 'br-iot'
list ports 'eth0.30'
option macaddr 'x'
config device
option type 'bridge'
option name 'br-gast'
list ports 'eth0.40'
option macaddr 'x'
config device
option type 'bridge'
option name 'br-dxnet'
list ports 'eth0.20'
option macaddr 'x'
config device
option name 'eth0.1'
option type '8021q'
option ifname 'eth0'
option vid '1'
option macaddr 'x'
config device
option name 'eth0.20'
option type '8021q'
option ifname 'eth0'
option vid '20'
option macaddr 'x'
config device
option name 'eth0.30'
option type '8021q'
option ifname 'eth0'
option vid '30'
option macaddr 'x'
config device
option name 'eth0.40'
option type '8021q'
option ifname 'eth0'
option vid '40'
option macaddr 'x'
config device
option name 'eth0.50'
option type '8021q'
option ifname 'eth0'
option vid '50'
option macaddr 'x'
config interface 'DXNET'
option proto 'static'
option device 'br-dxnet'
option ipaddr '10.20.0.254'
option netmask '255.255.255.0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'IOT'
option proto 'static'
option device 'br-iot'
option ipaddr '10.30.0.253'
option netmask '255.255.253.0'
config interface 'GAST'
option proto 'static'
option device 'br-gast'
option ipaddr '10.40.0.254'
option netmask '255.255.255.0'
config interface 'BACKBONE'
option proto 'static'
option device 'eth0.50'
option ipaddr '10.50.0.254'
option netmask '255.255.255.0'
config interface 'ZerotierVPN'
option proto 'none'
option device 'ztxxxxxx'
root@Strahlerouter:~# cat /etc/config/uhttpd
# Server configuration
config uhttpd main
# HTTP listen addresses, multiple allowed
list listen_http 0.0.0.0:80
list listen_http [::]:80
# HTTPS listen addresses, multiple allowed
list listen_https 0.0.0.0:443
list listen_https [::]:443
# Redirect HTTP requests to HTTPS if possible
option redirect_https 0
# Server document root
option home /www
# Reject requests from RFC1918 IP addresses
# directed to the servers public IP(s).
# This is a DNS rebinding countermeasure.
option rfc1918_filter 1
# Maximum number of concurrent requests.
# If this number is exceeded, further requests are
# queued until the number of running requests drops
# below the limit again.
option max_requests 3
# Maximum number of concurrent connections.
# If this number is exceeded, further TCP connection
# attempts are queued until the number of active
# connections drops below the limit again.
option max_connections 100
# Certificate and private key for HTTPS.
# If no listen_https addresses are given,
# the key options are ignored.
option cert /etc/uhttpd.crt
option key /etc/uhttpd.key
# CGI url prefix, will be searched in docroot.
# Default is /cgi-bin
option cgi_prefix /cgi-bin
# List of extension->interpreter mappings.
# Files with an associated interpreter can
# be called outside of the CGI prefix and do
# not need to be executable.
# list interpreter ".php=/usr/bin/php-cgi"
# list interpreter ".cgi=/usr/bin/perl"
# List of prefix->Lua handler mappings.
# Any request to an URL beneath the prefix
# will be dispatched to the associated Lua
# handler script. Lua support is disabled when
# no handler mappings are specified. Lua prefix
# matches have precedence over the CGI prefix.
list lua_prefix "/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua"
# List of prefix->ucode handler mappings.
# Any request to an URL beneath the prefix
# will be dispatched to the associated ucode
# handler script. Ucode support is disabled when
# no handler mappings are specified. Ucode prefix
# matches have precedence over the CGI prefix.
# list ucode_prefix "/ucode/example=/usr/share/example.uc"
# Specify the ubus-rpc prefix and socket path.
# option ubus_prefix /ubus
# option ubus_socket /var/run/ubus/ubus.sock
# CGI/Lua timeout, if the called script does not
# write data within the given amount of seconds,
# the server will terminate the request with
# 504 Gateway Timeout response.
option script_timeout 60
# Network timeout, if the current connection is
# blocked for the specified amount of seconds,
# the server will terminate the associated
# request process.
option network_timeout 30
# HTTP Keep-Alive, specifies the timeout for persistent
# HTTP/1.1 connections. Setting this to 0 will disable
# persistent HTTP connections.
option http_keepalive 20
# TCP Keep-Alive, send periodic keep-alive probes
# over established connections to detect dead peers.
# The value is given in seconds to specify the
# interval between subsequent probes.
# Setting this to 0 will disable TCP keep-alive.
option tcp_keepalive 1
# Basic auth realm, defaults to local hostname
# option realm OpenWrt
# Configuration file in busybox httpd format
# option config /etc/httpd.conf
# Do not follow symlinks that point outside of the
# home directory.
# option no_symlinks 0
# Do not produce directory listings but send 403
# instead if a client requests an url pointing to
# a directory without any index file.
# option no_dirlists 0
# Do not authenticate any ubus-rpc requests against
# the ubus session/access procedure.
# This is dangerous and should be always left off
# except for development and debug purposes!
# option no_ubusauth 0
# For this instance of uhttpd use the listed httpauth
# sections to require Basic auth to the specified
# resources.
# list httpauth prefix_user
# Defaults for automatic certificate and key generation
config cert defaults
# Validity time
option days 730
# key type: rsa or ec
option key_type ec
# RSA key size
option bits 2048
# EC curve name
# Curve names vary between px5g-{wolfssl,mbedtls} and openssl
# P-256 or P-384 are guaranteed to work
option ec_curve P-256
# Location
option country ZZ
option state Somewhere
option location Unknown
# Common name
option commonname 'OpenWrt'
# config httpauth prefix_user
# option prefix /protected/url/path
# option username user
# option password 'plaintext_or_md5_or_$p$user_for_system_user'
root@Strahlerouter:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'x'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option sequential_ip '1'
config dhcp 'lan'
option interface 'lan'
option start '1'
option limit '5'
option leasetime '12h'
option dhcpv4 'server'
option dynamicdhcp '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'DXNET'
option interface 'DXNET'
option start '1'
option limit '3'
option leasetime '12h'
option ignore '1'
config dhcp 'IOT'
option interface 'IOT'
option start '1'
option limit '20'
option leasetime '12h'
option force '1'
config dhcp 'GAST'
option interface 'GAST'
option start '1'
option limit '50'
option leasetime '12h'
config dhcp 'BACKBONE'
option interface 'BACKBONE'
option start '1'
option limit '2'
option leasetime '1h'
config host
option name 'HN-iPhone14'
option dns '1'
option mac 'B
option ip '10.10.0.3'
config host
option name 'HN-iPad'
option dns '1'
option mac '1
option ip '10.10.0.4'
config host
option name 'HN-TC'
option dns '1'
option mac '0'
option ip '10.10.0.5'
config host
option name 'HN-GamingPC-Adapter'
option dns '1'
option mac '0
option ip '10.10.0.1'
config host
option name 'IOT-WZ-GB-1'
option dns '1'
option mac '3
option ip '10.30.0.1'
config host
option name 'IOT-WZ-GB-2'
option dns '1'
option mac '9
option ip '10.30.0.2'
config host
option name 'IOT-WZ-GB-3'
option dns '1'
option mac '9
option ip '10.30.0.3'
config host
option name 'IOT-WZ-Fernseher'
option dns '1'
option mac 'B
option ip '10.30.0.10'
config host
option name 'IOT-SZ-GB-1'
option dns '1'
option mac '9
option ip '10.30.1.1'
config host
option name 'IOT-WZ-TC'
option dns '1'
option mac '0
option ip '10.30.0.11'
config host
option name 'IOT-BZ-WL'
option dns '1'
option mac '9
option ip '10.30.2.1'
config host
option name 'IOT-SZ-WL-1'
option dns '1'
option mac '9
option ip '10.30.1.4'
config host
option name 'IOT-WZ-Verstaerker'
option dns '1'
option mac '0
option ip '10.30.0.12'
root@Strahlerouter:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'DXNET'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'DXNET'
config zone
option name 'IOT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IOT'
config zone
option name 'GAST'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GAST'
config zone
option name 'BACKBONE'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'BACKBONE'
config zone 'vpn'
option name 'ZerotierVPN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'ztfp6aotps'
list network 'ZerotierVPN'
config forwarding 'lan_vpn'
option src 'lan'
option dest 'ZerotierVPN'
config redirect
option target 'DNAT'
option src 'wan'
option src_dport '9993'
option name 'Zerotier 9993'
list proto 'udp'
config rule
option name 'Allow-Ping-ZT'
option family 'ipv4'
list proto 'icmp'
option src 'ZerotierVPN'
option target 'ACCEPT'
config rule
option name 'Allow-SSH-ZT'
option src 'ZerotierVPN'
option dest_port '22'
option target 'ACCEPT'
option family 'ipv4'
list proto 'udp'
config rule
option name 'Allwo-ZT-HTTP'
list proto 'tcp'
option src 'ZerotierVPN'
option dest_port '80'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-ZT-HTTPS'
list proto 'tcp'
option src 'ZerotierVPN'
option dest_port '443'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Gast-DNS'
option src 'GAST'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Gast-DHCP'
list proto 'udp'
option src 'GAST'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Gast Internet'
list proto 'tcp'
option src 'GAST'
option dest 'wan'
option dest_port '80 433'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'IOT-DNS'
option src 'IOT'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
config rule
option name 'IOT-DHCP'
list proto 'udp'
option src 'IOT'
option dest_port '67-68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'IOT-Internet'
option src 'IOT'
option dest 'wan'
option dest_port '443'
option target 'ACCEPT'
list proto 'tcp'
config forwarding
option src 'DXNET'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'IOT'