Hello, I am a newbie for networking and have problem with windscribe wireguard vpn client. I would like to use windscribe vpn client on openwrt router(192.168.2.1) which is connected to ISP FTTH GPON router (192.168.1.1). I set the settings according to wireguard config file from Windscribe VPN. But, I am confused how to set the vpn dns server (10.255.255.2) correctly on 3 interfaces which are WAN Interface, LAN Interface and Wireguard Interface.
Wireguard is showing handshaking but system log is showing “daemon.err collectd[1483]: Available write targets:: [none] “ . Now I can ping 1.1.1.1 and 8.8.8.8 and I also could ping wireguard end point host “143.244.40.227” on ubuntu PC (connected to openwrt router with lan) but could not browse websites.
Following is my setting for network configs. Please check and suggest where should I change. Thank you for reading.
-----------------------------------------------------
root@OpenWrt:~#
{
"kernel": "5.4.154",
"hostname": "OpenWrt",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "Xiaomi Mi Router 4C",
"board_name": "xiaomi,mi-router-4c",
"release": {
"distribution": "OpenWrt",
"version": "21.02.1",
"revision": "r16325-88151b8303",
"target": "ramips/mt76x8",
"description": "OpenWrt 21.02.1 r16325-88151b8303"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipv6 '0'
option delegate '0'
option ipaddr '192.168.2.1'
option gateway '192.168.1.1'
option broadcast '192.168.2.255'
config device
option name 'eth0.2'
option macaddr 'xxxxxxxxx'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option ipv6 '0'
option peerdns '0'
list dns '10.255.255.2'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 2 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'openvpn'
option proto 'none'
option device 'tun0'
config interface 'openvpntun'
option proto 'none'
option device 'tun0'
option peerdns '0'
list dns '8.8.8.8'
config interface 'WindScribeWG0'
option proto 'wireguard'
option private_key 'xxxxxxxxx'
list addresses '100.117.225.85/32'
option peerdns '0'
list dns '10.255.255.2'
config wireguard_WindScribeWG0
option description 'my peer'
option public_key 'xxxxxxxxxx’
option preshared_key 'xxxxxxxxxx'
option route_allowed_ips '1'
option endpoint_port '443'
option persistent_keepalive '25'
option endpoint_host '143.244.40.227'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list ra_flags 'none'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option input 'ACCEPT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone
option name 'vpnfirewall'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'openvpntun'
config forwarding
option src 'lan'
option dest 'vpnfirewall'
config zone
option output 'ACCEPT'
option forward 'REJECT'
list network 'WindScribeWG0'
option input 'REJECT'
option name 'wswg0'
option masq '1'
config forwarding
option src 'lan'
option dest 'wswg0'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# Generated by iptables-save v1.8.7 on Sun Feb 27 17:24:39 2022
*nat
:PREROUTING ACCEPT [1170:205483]
:INPUT ACCEPT [123:10049]
:OUTPUT ACCEPT [466:33432]
:POSTROUTING ACCEPT [320:23314]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpnfirewall_rule - [0:0]
:postrouting_wan_rule - [0:0]
:postrouting_wswg0_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpnfirewall_rule - [0:0]
:prerouting_wan_rule - [0:0]
:prerouting_wswg0_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpnfirewall_postrouting - [0:0]
:zone_vpnfirewall_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
:zone_wswg0_postrouting - [0:0]
:zone_wswg0_prerouting - [0:0]
[1170:205483] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[1072:181785] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[98:23698] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_prerouting
[0:0] -A PREROUTING -i WindScribeWG0 -m comment --comment "!fw3" -j zone_wswg0_prerouting
[1211:163190] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[6:1436] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[891:139876] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_postrouting
[0:0] -A POSTROUTING -o WindScribeWG0 -m comment --comment "!fw3" -j zone_wswg0_postrouting
[6:1436] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[1072:181785] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_vpnfirewall_postrouting -m comment --comment "!fw3: Custom vpnfirewall postrouting rule chain" -j postrouting_vpnfirewall_rule
[0:0] -A zone_vpnfirewall_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_vpnfirewall_prerouting -m comment --comment "!fw3: Custom vpnfirewall prerouting rule chain" -j prerouting_vpnfirewall_rule
[891:139876] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[891:139876] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[98:23698] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
[0:0] -A zone_wswg0_postrouting -m comment --comment "!fw3: Custom wswg0 postrouting rule chain" -j postrouting_wswg0_rule
[0:0] -A zone_wswg0_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_wswg0_prerouting -m comment --comment "!fw3: Custom wswg0 prerouting rule chain" -j prerouting_wswg0_rule
COMMIT
# Completed on Sun Feb 27 17:24:39 2022
# Generated by iptables-save v1.8.7 on Sun Feb 27 17:24:39 2022
*mangle
:PREROUTING ACCEPT [97571:88070541]
:INPUT ACCEPT [19446:1709726]
:FORWARD ACCEPT [77823:86295139]
:OUTPUT ACCEPT [18268:5482344]
:POSTROUTING ACCEPT [96075:91776231]
[531:31860] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[286:16936] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnfirewall MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Feb 27 17:24:39 2022
# Generated by iptables-save v1.8.7 on Sun Feb 27 17:24:39 2022
*filter
:INPUT ACCEPT [1:52]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpnfirewall_rule - [0:0]
:forwarding_wan_rule - [0:0]
:forwarding_wswg0_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpnfirewall_rule - [0:0]
:input_wan_rule - [0:0]
:input_wswg0_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpnfirewall_rule - [0:0]
:output_wan_rule - [0:0]
:output_wswg0_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpnfirewall_dest_ACCEPT - [0:0]
:zone_vpnfirewall_dest_REJECT - [0:0]
:zone_vpnfirewall_forward - [0:0]
:zone_vpnfirewall_input - [0:0]
:zone_vpnfirewall_output - [0:0]
:zone_vpnfirewall_src_REJECT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
:zone_wswg0_dest_ACCEPT - [0:0]
:zone_wswg0_dest_REJECT - [0:0]
:zone_wswg0_forward - [0:0]
:zone_wswg0_input - [0:0]
:zone_wswg0_output - [0:0]
:zone_wswg0_src_REJECT - [0:0]
[2751:215510] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[16698:1494372] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[16569:1482841] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[25:1500] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[129:11531] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_input
[0:0] -A INPUT -i WindScribeWG0 -m comment --comment "!fw3" -j zone_wswg0_input
[77823:86295139] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[76515:86039115] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1308:256024] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_forward
[0:0] -A FORWARD -i WindScribeWG0 -m comment --comment "!fw3" -j zone_wswg0_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[2751:215510] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[15522:5268178] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[14739:5212492] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[10:2474] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[773:53212] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpnfirewall_output
[0:0] -A OUTPUT -o WindScribeWG0 -m comment --comment "!fw3" -j zone_wswg0_output
[0:0] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[25:1500] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[10:2474] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[1308:256024] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[1308:256024] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpnfirewall forwarding policy" -j zone_vpnfirewall_dest_ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wswg0 forwarding policy" -j zone_wswg0_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[129:11531] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[129:11531] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[10:2474] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[10:2474] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[128:11479] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpnfirewall_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpnfirewall_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpnfirewall_forward -m comment --comment "!fw3: Custom vpnfirewall forwarding rule chain" -j forwarding_vpnfirewall_rule
[0:0] -A zone_vpnfirewall_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpnfirewall_forward -m comment --comment "!fw3" -j zone_vpnfirewall_dest_REJECT
[0:0] -A zone_vpnfirewall_input -m comment --comment "!fw3: Custom vpnfirewall input rule chain" -j input_vpnfirewall_rule
[0:0] -A zone_vpnfirewall_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_vpnfirewall_input -m comment --comment "!fw3" -j zone_vpnfirewall_src_REJECT
[0:0] -A zone_vpnfirewall_output -m comment --comment "!fw3: Custom vpnfirewall output rule chain" -j output_vpnfirewall_rule
[0:0] -A zone_vpnfirewall_output -m comment --comment "!fw3" -j zone_vpnfirewall_dest_ACCEPT
[0:0] -A zone_vpnfirewall_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
[16:1252] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[2065:307984] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[773:53212] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[773:53212] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wswg0_dest_ACCEPT -o WindScribeWG0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_wswg0_dest_ACCEPT -o WindScribeWG0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wswg0_dest_REJECT -o WindScribeWG0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wswg0_forward -m comment --comment "!fw3: Custom wswg0 forwarding rule chain" -j forwarding_wswg0_rule
[0:0] -A zone_wswg0_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wswg0_forward -m comment --comment "!fw3" -j zone_wswg0_dest_REJECT
[0:0] -A zone_wswg0_input -m comment --comment "!fw3: Custom wswg0 input rule chain" -j input_wswg0_rule
[0:0] -A zone_wswg0_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wswg0_input -m comment --comment "!fw3" -j zone_wswg0_src_REJECT
[0:0] -A zone_wswg0_output -m comment --comment "!fw3: Custom wswg0 output rule chain" -j output_wswg0_rule
[0:0] -A zone_wswg0_output -m comment --comment "!fw3" -j zone_wswg0_dest_ACCEPT
[0:0] -A zone_wswg0_src_REJECT -i WindScribeWG0 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Feb 27 17:24:39 2022
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0.2
valid_lft forever preferred_lft forever
8: WindScribeWG0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
inet 100.117.225.85/32 brd 255.255.255.255 scope global WindScribeWG0
valid_lft forever preferred_lft forever
default via 192.168.1.1 dev eth0.2 src 192.168.1.2
192.168.1.0/24 dev eth0.2 scope link src 192.168.1.2
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
local 100.117.225.85 dev WindScribeWG0 table local scope host src 100.117.225.85
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth0.2 table local scope link src 192.168.1.2
local 192.168.1.2 dev eth0.2 table local scope host src 192.168.1.2
broadcast 192.168.1.255 dev eth0.2 table local scope link src 192.168.1.2
broadcast 192.168.2.0 dev br-lan table local scope link src 192.168.2.1
local 192.168.2.1 dev br-lan table local scope host src 192.168.2.1
broadcast 192.168.2.255 dev br-lan table local scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
lrwxrwxrwx 1 root root 16 Oct 24 15:31 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Feb 27 16:45 /tmp/resolv.conf
-rw-r--r-- 1 root root 90 Feb 27 16:45 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 90 Feb 27 16:45 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface WindScribeWG0
nameserver 10.255.255.2
# Interface wan
nameserver 10.255.255.2