-
Back to the Network->Wifi section
-
Edit the newly created wireless interface and uncheck the 'lan' network. Only 'slan' or whatever you called it should be checked.
-
Save and Apply
-
Test the wireless connection. If you followed the above steps, you should have internet access and have an ip address in the 192.168.20.0 subnet.
-
-
Once the test is good, go to Network->Firewall and edit each setting so it matches the table below:
|
Name |
Input |
Output |
Forward |
Masquerade & MSS clamping |
Covered Networks |
Allow Forward To |
Allow Forward From |
|
Lan |
Accept |
Accept |
Accept |
Both Blank |
Lan |
wan |
|
|
Wan |
Reject |
Accept |
Reject |
Both Checked |
Wan |
lan |
|
|
Slan |
Accept |
Accept |
Reject |
Both Blank |
Slan |
Ovpn 1 |
|
|
Ovpn 1 |
Accept |
Accept |
Reject |
Check Masquerade MSS Blank |
Ovpn 1 |
Slan |
1 See below for more information about ovpn firewall zone. Just edit Lan and Wan at this point. We'll finish this below.
-
The rest of the setup process will be on the command line so login to the router via SSH (see this page)
-
Configure the network – edit file: /etc/config/network
-
Add ovpn interface
-
-
-
config 'interface' 'ovpn'
option 'ifname' 'tun0'
option 'defaultroute' '0'
option 'peerdns' '0'
option 'proto' 'none'
-
Configure the firewall – edit file: /etc/config/firewall
-
Configure forward zones (firewall)
-
-
config 'forwarding'
option 'dest' 'ovpn'
option 'src' 'slan'
-
Configure OpenVPN zone (firewall)
-
config zone
option name 'ovpn'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'ovpn'
-
Add new table to routing table – edit file: /etc/iproute2/rt_tables
-
install ip from software repo, if the iproute2 folder doesn't exist
Add the one highlighted line below
-
# reserved values
#
255 local
254 main
253 default
10 vpn
0 unspec
#
# local
#
#1 inr.ruhep