Hello everyone,
i have a dumb-ish AP setup and im trying to get a direct vpn connection to run on it and only be accesed on one of the lan ports. ive gotten the vpn running and the computer thats connected to the lan port and the router communication on 10.10.10.0/24 but cant access the internet let alone the vpn.
the vpn is running on vpn_IF and the server is connected on truenas_IF
i cant have the wireless AP going through the vpn at all, Here are the current configs (keys/ip redacted)
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd50:f086:d64f::/48'
config device
option name 'lan1'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan2'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan3'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan4'
option macaddr '28:d0:f5:56:4e:43'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.170'
option gateway '192.168.1.1'
list dns '192.168.1.1'
option device 'br-eth'
config wireguard_vpn
option description 'windscribe'
option public_key '9#########UE='
option preshared_key 'V#########vE='
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host '64.188.16.132'
option endpoint_port '443'
config interface 'vpn_IF'
option proto 'wireguard'
option private_key 'E#########XQ='
list addresses '100.100.68.72/32'
list dns '10.255.255.1'
config wireguard_vpn_IF
option description 'Windscribe-StaticIP (1).conf'
option public_key '9#########UE='
option preshared_key 'V#########vE='
option endpoint_host '64.188.16.132'
option endpoint_port '443'
list allowed_ips '0.0.0.0/0'
list allowed_ips '10.10.10.0/24'
config interface 'truenas_IF'
option proto 'static'
list ipaddr '10.10.10.1/24'
option defaultroute '0'
list dns '10.255.255.1'
option dns_metric '1000'
option delegate '0'
option device 'lan4'
config device
option name 'eth0'
config device
option type 'bridge'
option name 'br-eth'
list ports 'eth0'
list ports 'wan'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'truenas_IF'
option interface 'truenas_IF'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '10.255.255.1'
option ignore '1'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'ACCEPT'
config zone
option name 'truenas_FW'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'lan2'
list device 'truenas_IF'
config zone
option name 'vpn_FW'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list device 'vpn_IF'
option mtu_fix '1'
list network 'vpn_IF'
config rule
option name 'vpn1'
option dest 'vpn_FW'
option target 'ACCEPT'
option src 'truenas_FW'
config forwarding
option src 'truenas_FW'
option dest 'vpn_FW'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option band '2g'
option cell_density '0'
option country 'US'
option channel 'auto'
option htmode 'HT20'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option cell_density '0'
option channel '36'
option htmode 'HE20'
option country 'US'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option encryption 'psk2'
option key '#########'
option ssid 'MotherOfDragons-5G'
option network 'lan'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'mesh'
option encryption 'sae'
option mesh_id '8f81761c77d3'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option key '5ae87543003d'
option network 'lan'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'MotherOfDragons'
option encryption 'psk2'
option key '#########'
option network 'lan'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'mesh'
option encryption 'sae'
option mesh_id 'fc5a4b6f5fea'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option key '5ae87543003d'
option network 'lan'
Thanks for your help