Hi,
when i reboot, the option “Allow forward to destination zones” appare unchecked.
What should I do?
Thank you
Can you give more details?
1 Like
Anyone have this problem?
What is the problem, exactly?
You put a screenshot up but nobody knows where it came from (what menu in Luci)?
Try a fresh flash without reserving settings and try again.
The menu is Network->Firewall->“Edit VPN_client”.
I check the option “Allow forward to destination zones”, but when i reboot the router, the option return unchecked.
I need this option to reach the peripherals of my network from the outside.
You need to clieck “Save & Apply” after changing
I know, but don’t save
Got a reply from the author that it works now.
I’m sorry alzhao, but it doesn’t work.
When I push the button “Save & Apply” in /etc/config/firewall I find these lines of text
config forwarding
option dest 'lan'
option src 'VPN_client'
config forwarding
option dest 'VPN_client'
option src 'lan'
but when I reboot, I find this lines
config forwarding 'forwarding_vpn1'
option dest 'VPN_client'
option src 'lan'
Why?
You enabled openvpn and choose force. You cannot change this role because the init script tries to reset it. Pls uncheck the force option in openvpn settings.
Hi alzhao,
if you mean the button in the picture, it is always disable
maybe you can check /usr/bin/setvpnfirewall and add your config in the script. I think the script changed the firewall rule.
This is my setvpnfirewall, what should I change?
#!/bin/sh
delete_all_forwarding() {
i=5
while [ "$i" -ge 0 ]; do
uci delete firewall.@forwarding[$i] 2>/dev/null
i=$(( i-1 ))
done
uci commit firewall
}
set_vpn_config() {
uci set firewall.vpn_zone=zone
uci set firewall.vpn_zone.name='VPN_client'
uci set firewall.vpn_zone.input='ACCEPT'
uci set firewall.vpn_zone.forward='REJECT'
uci set firewall.vpn_zone.output='ACCEPT'
uci set firewall.vpn_zone.network='VPN_client'
uci set firewall.vpn_zone.masq='1'
uci set firewall.forwarding_vpn1='forwarding'
uci set firewall.forwarding_vpn1.dest='VPN_client'
uci set firewall.forwarding_vpn1.src='lan'
# uci set firewall.forwarding_vpn2='forwarding'
# uci set firewall.forwarding_vpn2.src='VPN_client'
# uci set firewall.forwarding_vpn2.dest='lan'
}
if [ "$1" = "--force" ]; then
delete_all_forwarding
set_vpn_config
elif [ "$1" = "--noforce" ]; then
delete_all_forwarding
uci set firewall.forwarding_origin='forwarding'
uci set firewall.forwarding_origin.src='lan'
uci set firewall.forwarding_origin.dest='wan'
uci commit firewall
set_vpn_config
elif [ "$1" = "--disable" ]; then
uci delete firewall.vpn_zone
delete_all_forwarding
uci set firewall.forwarding_origin='forwarding'
uci set firewall.forwarding_origin.src='lan'
uci set firewall.forwarding_origin.dest='wan'
else
echo "Please add options: --force|noforce|disable"
fi
uci commit firewall
/etc/init.d/firewall reload
I think you want to remove lines with vpn1, right? Just comment them
@onire77 You should uncomment the three line which is commented on /etc/config/setvpnfirewall.
# uci set firewall.forwarding_vpn2='forwarding'
# uci set firewall.forwarding_vpn2.src='VPN_client'
# uci set firewall.forwarding_vpn2.dest='lan'
Perfect! Now works. But why were the lines commented?
because it changes your firewall.