I configured my router to work with OpenVPN. Currently, all of my client (lan, wifi) are forwarded with OpenVPN. I'm looking for a way, if I can create another WiFI which would not forward with OpenVPN mean time OpenVPN WiFi will also running, In a word, there will two WiFi.
* One will act as OpenVPN client WiFi
* Another will act like without OpenVPN WiFi.
I tried to create another WiFi interface and tried to create firewall rules for it, but the problem is it has no internet connection. Meantime another OpenVPN is working ok. Here is my network configuration
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd9d:4e67:19e1::/48'
config interface 'lan'
option ifname 'eth1'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option dns '8.8.8.8 8.8.8.8'
option delegate '0'
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option clientid '1'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4'
config interface 'encryption'
#VPN Interface
option proto 'none'
option ifname 'tun0'
option delegate '0'
config interface 'noneyc'
#Non VPN Interface
option _orig_ifname 'radio0.network2'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option dns '8.8.8.8 8.8.4.4'
option delegate '0'
and Here is Firewall configuration
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone
option name 'encryption'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'encryption'
config zone
option name 'noneyc'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'noneyc'
option forward 'ACCEPT'
config forwarding
option dest 'encryption'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'noneyc'
Here is Wireless configuration -
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ar934x_wmac'
option country 'BD'
option htmode 'HT40'
option txpower '20'
option channel '6'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Encrypted'
option encryption 'psk2+ccmp'
option key 'ItsPassword'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'Non Encrypted'
option network 'noneyc'
option encryption 'psk2+ccmp'
option key 'ItsPassword'
How can I fix that issue?
(Last edited by lostphoenix on 14 May 2017, 20:11)