Hello,
Could someone help me to figure out what is wrong with my openvpn server configuration?
This is my “hardware” config:
Notebook<=WIFI=>MT300N1-(VPN Client)<=LAN:192.168.0.0=>Router1<-----Internet----->Router2<=LAN:192.168.1.0=>MT300N2-(VPN Server)
MT300N1 local ip: 192.168.0.2
VPN Client 10.8.0.3
MT300N2 local ip: 192.168.1.2
VPN Server 10.8.0.1
Both MT300N 1 and 2 are connected to their routers on LAN interface.
What I can:
- If I use VPN-Client with proton-vpn settings my notebook can access Internet via the Proton-Server
- If I use my own openvpn server on Router2 I can create client-server connection
and ping from the vpn client router MT300N1 the server router. Both local ip (192.168.1.2) and vpn ip (10.8.0.1) are ping-able - on the server MT300N2 I can ping any local network ip and any on internet.
- on the server MT300N2 I can resolve any internet name (dns works)
After connecting vpn client to the vpn server I cannot on the MT300N1** and notebook**
- ping any active address on LAN (192.168.1.0)
- ping any internet ip (e.g. 8.8.8.8)
- resolve any internet name
Routing tables:
root@GL-MT300N1:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 br-lan
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
83.10.69.163 192.168.0.1 255.255.255.255 UGH 0 0 0 br-lan
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
root@MT300N2:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun-SERVER
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
Client config file
client
dev tun
proto udp
remote remote-domain 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA1
cipher BF-CBC
comp-lzo adaptive
nice 0
mute 5
verb 3
<ca>
-----BEGIN .......
Server
root@MT300N2:~# ifconfig
br-lan Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::9683:c4ff:fe04:3a57/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10917 errors:0 dropped:166 overruns:0 frame:0
TX packets:10804 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1480431 (1.4 MiB) TX bytes:1314591 (1.2 MiB)
eth0 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
inet6 addr: fe80::9683:c4ff:fe04:3a57/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:290622 errors:0 dropped:0 overruns:0 frame:0
TX packets:331869 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:39914872 (38.0 MiB) TX bytes:58600983 (55.8 MiB)
Interrupt:5
eth0.1 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10917 errors:0 dropped:0 overruns:0 frame:0
TX packets:10972 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1480431 (1.4 MiB) TX bytes:1323663 (1.2 MiB)
eth0.2 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:262212 (256.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12919 errors:0 dropped:0 overruns:0 frame:0
TX packets:12919 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1083367 (1.0 MiB) TX bytes:1083367 (1.0 MiB)
ra0 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
inet6 addr: fe80::9683:c4ff:fe04:3a57/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:6
tun-SERVER Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
inet6 addr: fe80::71a1:808b:ef44:be6b/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:9281 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:651385 (636.1 KiB) TX bytes:1090 (1.0 KiB)
Client:
root@GL-MT300N-V2:~# ifconfig
br-lan Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23062 errors:0 dropped:5328 overruns:0 frame:0
TX packets:23075 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3318593 (3.1 MiB) TX bytes:6236050 (5.9 MiB)
eth0 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
inet6 addr: fe80::9683:c4ff:fe04:3b3d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41072 errors:0 dropped:78 overruns:0 frame:0
TX packets:36226 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6884106 (6.5 MiB) TX bytes:10377849 (9.8 MiB)
Interrupt:5
eth0.1 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15045 errors:0 dropped:0 overruns:0 frame:0
TX packets:14631 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1588308 (1.5 MiB) TX bytes:2398736 (2.2 MiB)
eth0.2 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:884 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:302328 (295.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:19081 errors:0 dropped:0 overruns:0 frame:0
TX packets:19081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1397907 (1.3 MiB) TX bytes:1397907 (1.3 MiB)
ra0 Link encap:Ethernet HWaddr 94:83:C4:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48310 errors:814 dropped:0 overruns:0 frame:0
TX packets:35452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7164673 (6.8 MiB) TX bytes:14856423 (14.1 MiB)
Interrupt:6
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.3 P-t-P:10.8.0.3 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:8574 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:450 (450.0 B) TX bytes:582668 (569.0 KiB)
Client:
root@GL-MT300N1:~# netstat -l -n -p | grep -e openvpn
udp 0 0 0.0.0.0:37136 0.0.0.0:* 4476/openvpn
udp 0 0 0.0.0.0:40825 0.0.0.0:* 1459/openvpn
Server
root@MT300N-V2:~# netstat -l -n -p | grep -e openvpn
udp 0 0 0.0.0.0:1194 0.0.0.0:* 16897/openvpn
Client: uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@forwarding[0].enabled='0'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.gls2s=include
firewall.gls2s.type='script'
firewall.gls2s.path='/var/etc/gls2s.include'
firewall.gls2s.reload='1'
firewall.glfw=include
firewall.glfw.type='script'
firewall.glfw.path='/usr/bin/glfw.sh'
firewall.glfw.reload='1'
firewall.glqos=include
firewall.glqos.type='script'
firewall.glqos.path='/usr/sbin/glqos.sh'
firewall.glqos.reload='1'
firewall.mwan3=include
firewall.mwan3.type='script'
firewall.mwan3.path='/var/etc/mwan3.include'
firewall.mwan3.reload='1'
firewall.guestzone=zone
firewall.guestzone.name='guestzone'
firewall.guestzone.network='guest'
firewall.guestzone.forward='REJECT'
firewall.guestzone.output='ACCEPT'
firewall.guestzone.input='REJECT'
firewall.guestzone_fwd=forwarding
firewall.guestzone_fwd.src='guestzone'
firewall.guestzone_fwd.dest='wan'
firewall.guestzone_fwd.enabled='0'
firewall.guestzone_dhcp=rule
firewall.guestzone_dhcp.name='guestzone_DHCP'
firewall.guestzone_dhcp.src='guestzone'
firewall.guestzone_dhcp.target='ACCEPT'
firewall.guestzone_dhcp.proto='udp'
firewall.guestzone_dhcp.dest_port='67-68'
firewall.guestzone_dns=rule
firewall.guestzone_dns.name='guestzone_DNS'
firewall.guestzone_dns.src='guestzone'
firewall.guestzone_dns.target='ACCEPT'
firewall.guestzone_dns.proto='tcp udp'
firewall.guestzone_dns.dest_port='53'
firewall.glservice_rule=rule
firewall.glservice_rule.name='glservice'
firewall.glservice_rule.dest_port='83'
firewall.glservice_rule.proto='tcp udp'
firewall.glservice_rule.src='wan'
firewall.glservice_rule.target='ACCEPT'
firewall.glservice_rule.enabled='0'
firewall.vpn_zone=zone
firewall.vpn_zone.name='ovpn'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.forward='REJECT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.network='ovpn'
firewall.vpn_zone.masq='1'
firewall.vpn_zone.mtu_fix='1'
firewall.forwarding_vpn1=forwarding
firewall.forwarding_vpn1.dest='ovpn'
firewall.forwarding_vpn1.src='lan'
firewall.forwarding_guest_ovpn=forwarding
firewall.forwarding_guest_ovpn.dest='ovpn'
firewall.forwarding_guest_ovpn.src='guestzone'
Server: uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan6'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.glfw=include
firewall.glfw.type='script'
firewall.glfw.path='/usr/bin/glfw.sh'
firewall.glfw.reload='1'
firewall.glqos=include
firewall.glqos.type='script'
firewall.glqos.path='/usr/sbin/glqos.sh'
firewall.glqos.reload='1'
firewall.mwan3=include
firewall.mwan3.type='script'
firewall.mwan3.path='/var/etc/mwan3.include'
firewall.mwan3.reload='1'
firewall.guestzone=zone
firewall.guestzone.name='guestzone'
firewall.guestzone.network='guest'
firewall.guestzone.forward='REJECT'
firewall.guestzone.output='ACCEPT'
firewall.guestzone.input='REJECT'
firewall.guestzone_fwd=forwarding
firewall.guestzone_fwd.src='guestzone'
firewall.guestzone_fwd.dest='wan'
firewall.guestzone_dhcp=rule
firewall.guestzone_dhcp.name='guestzone_DHCP'
firewall.guestzone_dhcp.src='guestzone'
firewall.guestzone_dhcp.target='ACCEPT'
firewall.guestzone_dhcp.proto='udp'
firewall.guestzone_dhcp.dest_port='67-68'
firewall.guestzone_dns=rule
firewall.guestzone_dns.name='guestzone_DNS'
firewall.guestzone_dns.src='guestzone'
firewall.guestzone_dns.target='ACCEPT'
firewall.guestzone_dns.proto='tcp udp'
firewall.guestzone_dns.dest_port='53'
firewall.glservice_rule=rule
firewall.glservice_rule.name='glservice'
firewall.glservice_rule.dest_port='83'
firewall.glservice_rule.proto='tcp udp'
firewall.glservice_rule.src='wan'
firewall.glservice_rule.target='ACCEPT'
firewall.glservice_rule.enabled='0'
firewall.vpn_server_rule=rule
firewall.vpn_server_rule.name='Allow-OpenVPN-Inbound'
firewall.vpn_server_rule.target='ACCEPT'
firewall.vpn_server_rule.src='wan'
firewall.vpn_server_rule.proto='udp'
firewall.vpn_server_rule.dest_port='1194'
firewall.vpn_server_zone=zone
firewall.vpn_server_zone.name='vpn-server'
firewall.vpn_server_zone.input='ACCEPT'
firewall.vpn_server_zone.forward='DROP'
firewall.vpn_server_zone.output='ACCEPT'
firewall.vpn_server_zone.masq='1'
firewall.vpn_server_zone.mtu_fix='1'
firewall.vpn_server_zone.device='tun-SERVER'
firewall.vpn_server_wan=forwarding
firewall.vpn_server_wan.src='vpn-server'
firewall.vpn_server_wan.dest='wan'
firewall.vpn_server_lan=forwarding
firewall.vpn_server_lan.src='vpn-server'
firewall.vpn_server_lan.dest='lan'
firewall.vpn_server_guest=forwarding
firewall.vpn_server_guest.src='vpn-server'
firewall.vpn_server_guest.dest='guestzone'
On the Server MT300N2 I setup on LAN interface DNS=192.168.1.1 (local router)
On the client MT300N1 I setup on LAN interface DNS=9.9.9.9
Any advice or idea would be very much appreciated - thank you!
B.