I’ve configured the GL-AR750 (f/w 3.212) as a router with the WAN connected to a wifi network and the lan broadcasting a network. Everything works fine, I can access the internet from the LAN side until I connect to a working VPN via OpenVPN. Once the OpenVPN is connected, I lose access to the internet.
I’ve tested the ovpn on a homemade raspberry pi travel router and it works perfectly.
Below are my config files. I have not manually modified these except to remove the keys/passwords after pasting into this message. They are all built/updated from the GUI menus.
root@GL-AR750:~# cat /etc/config/network
config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’
config globals ‘globals’
option ula_prefix ‘fdbf:5c20:0043::/48’
config interface ‘lan’
option type ‘bridge’
option ifname ‘eth1.1’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option hostname ‘GL-AR750-f3b’
option ipaddr ‘192.168.8.1’
config interface ‘wan’
option ifname ‘eth0’
option proto ‘dhcp’
option hostname ‘GL-AR750-f3b’
option ipv6 ‘0’
option metric ‘10’
config interface ‘wan6’
option ifname ‘eth0’
option proto ‘dhcpv6’
option disabled ‘1’
config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’
config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘1 2 0t’
config interface ‘guest’
option ifname ‘guest’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.9.1’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
config interface ‘wwan’
option proto ‘dhcp’
option metric ‘20’
config interface ‘tun0’
option ifname ‘tun0’
option proto ‘none’
option auto ‘0’
root@GL-AR750:~# cat /etc/config/wireless
config wifi-device ‘radio0’
option type ‘mac80211’
option hwmode ‘11a’
option path ‘pci0000:00/0000:00:00.0’
option htmode ‘VHT80’
option txpower ‘20’
option txpower_max ‘20’
option band ‘5G’
option disabled ‘0’
option noscan ‘0’
option channel ‘157’
option org_htmode ‘VHT80’
config wifi-iface ‘default_radio0’
option device ‘radio0’
option network ‘lan’
option mode ‘ap’
option encryption ‘psk2’
option disassoc_low_ack ‘0’
option ifname ‘wlan0’
option wds ‘1’
option ssid ‘TheHomeTravel_5g’
option key ‘***’
option disabled ‘0’
config wifi-device ‘radio1’
option type ‘mac80211’
option hwmode ‘11g’
option path ‘platform/ahb/18100000.wmac’
option htmode ‘HT40’
option noscan ‘0’
option txpower ‘20’
option txpower_max ‘20’
option band ‘2G’
option disabled ‘0’
option channel ‘1’
config wifi-iface ‘default_radio1’
option device ‘radio1’
option network ‘lan’
option mode ‘ap’
option encryption ‘psk2’
option wds ‘1’
option disassoc_low_ack ‘0’
option ifname ‘wlan1’
option ssid ‘TheHomeTravel’
option key ‘****’
option disabled ‘0’
config wifi-iface ‘guest5g’
option device ‘radio0’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-AR750-f3b-Guest-5G’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘wlan2’
option disabled ‘1’
option guest ‘1’
option disassoc_low_ack ‘0’
config wifi-iface ‘guest2g’
option device ‘radio1’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-AR750-f3b-Guest’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘wlan3’
option disabled ‘1’
option guest ‘1’
option disassoc_low_ack ‘0’
config wifi-iface ‘sta’
option device ‘radio0’
option network ‘wwan’
option mode ‘sta’
option ifname ‘wlan-sta’
option ssid ‘Nonnies’
option bssid ‘70:03:7E:44:0C:4F’
option channel ‘157’
option encryption ‘psk2’
option key ‘***’
option disabled ‘0’
root@GL-AR750:~# cat /etc/config/firewall
config defaults
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘REJECT’
option synflood_protect ‘1’
config zone
option name ‘lan’
list network ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’
config zone
option name ‘wan’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’
option input ‘DROP’
list network ‘wan’
list network ‘wan6’
list network ‘wwan’
list network ‘tun0’
config forwarding
option src ‘lan’
option dest ‘wan’
option enabled ‘1’
config rule
option name ‘Allow-DHCP-Renew’
option src ‘wan’
option proto ‘udp’
option dest_port ‘68’
option target ‘ACCEPT’
option family ‘ipv4’
config rule
option name ‘Allow-Ping’
option src ‘wan’
option proto ‘icmp’
option icmp_type ‘echo-request’
option family ‘ipv4’
option target ‘ACCEPT’
config rule
option name ‘Allow-IGMP’
option src ‘wan’
option proto ‘igmp’
option family ‘ipv4’
option target ‘ACCEPT’
config rule
option name ‘Allow-DHCPv6’
option src ‘wan’
option proto ‘udp’
option src_ip ‘fc00::/6’
option dest_ip ‘fc00::/6’
option dest_port ‘546’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-MLD’
option src ‘wan’
option proto ‘icmp’
option src_ip ‘fe80::/10’
list icmp_type ‘130/0’
list icmp_type ‘131/0’
list icmp_type ‘132/0’
list icmp_type ‘143/0’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-ICMPv6-Input’
option src ‘wan’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
list icmp_type ‘router-solicitation’
list icmp_type ‘neighbour-solicitation’
list icmp_type ‘router-advertisement’
list icmp_type ‘neighbour-advertisement’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-ICMPv6-Forward’
option src ‘wan’
option dest ‘*’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-IPSec-ESP’
option src ‘wan’
option dest ‘lan’
option proto ‘esp’
option target ‘ACCEPT’
config rule
option name ‘Allow-ISAKMP’
option src ‘wan’
option dest ‘lan’
option dest_port ‘500’
option proto ‘udp’
option target ‘ACCEPT’
config include
option path ‘/etc/firewall.user’
option reload ‘1’
config include ‘gls2s’
option type ‘script’
option path ‘/var/etc/gls2s.include’
option reload ‘1’
config include ‘glfw’
option type ‘script’
option path ‘/usr/bin/glfw.sh’
option reload ‘1’
config include ‘glqos’
option type ‘script’
option path ‘/usr/sbin/glqos.sh’
option reload ‘1’
config zone ‘guestzone’
option name ‘guestzone’
option network ‘guest’
option forward ‘REJECT’
option output ‘ACCEPT’
option input ‘REJECT’
config forwarding ‘guestzone_fwd’
option src ‘guestzone’
option dest ‘wan’
option enabled ‘1’
config rule ‘guestzone_dhcp’
option name ‘guestzone_DHCP’
option src ‘guestzone’
option target ‘ACCEPT’
option proto ‘udp’
option dest_port ‘67-68’
config rule ‘guestzone_dns’
option name ‘guestzone_DNS’
option src ‘guestzone’
option target ‘ACCEPT’
option proto ‘tcp udp’
option dest_port ‘53’
config rule ‘sambasharewan’
option src ‘wan’
option dest_port ‘137 138 139 445’
option dest_proto ‘tcpudp’
option target ‘DROP’
config rule ‘sambasharelan’
option src ‘lan’
option dest_port ‘137 138 139 445’
option dest_proto ‘tcpudp’
option target ‘ACCEPT’
root@GL-AR750:~# cat /etc/config/openvpn
config openvpn ‘custom_config’
option config ‘/etc/openvpn/my-vpn.conf’
config openvpn ‘sample_server’
option port ‘1194’
option proto ‘udp’
option dev ‘tun’
option ca ‘/etc/openvpn/ca.crt’
option cert ‘/etc/openvpn/server.crt’
option key ‘/etc/openvpn/server.key’
option dh ‘/etc/openvpn/dh2048.pem’
option server ‘10.8.0.0 255.255.255.0’
option ifconfig_pool_persist ‘/tmp/ipp.txt’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option user ‘nobody’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
config openvpn ‘sample_client’
option client ‘1’
option dev ‘tun’
option proto ‘udp’
list remote ‘my_server_1 1194’
option resolv_retry ‘infinite’
option nobind ‘1’
option persist_key ‘1’
option persist_tun ‘1’
option user ‘nobody’
option ca ‘/etc/openvpn/ca.crt’
option cert ‘/etc/openvpn/client.crt’
option key ‘/etc/openvpn/client.key’
option verb ‘3’
config openvpn ‘client1’
option config ‘/etc/openvpn/client1.ovpn’
option enabled ‘1’
ovpn (this ovpn works fine on other devices cell phone/raspberry pi openwrt router)
**Config generated by Asuswrt-Merlin 386.3, requires OpenVPN 2.4.0 or newer.
client
dev tun
proto udp
remote *** 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server