7. Back to the Network->Wifi section
- Edit the newly created wireless interface and uncheck the ‘lan’ network. Only ‘slan’ or whatever you called it should be checked.
- Save and Apply
- Test the wireless connection. If you followed the above steps, you should have internet access and have an ip address in the 192.168.20.0 subnet.
8. Once the test is good, go to Network->Firewall and edit each setting so it matches the table below:
| Name | Input | Output | Forward | Masquerade & MSS clamping | Covered Networks | Allow Forward To | Allow Forward From |
| Lan | Accept | Accept | Accept | Both Blank | Lan | wan | |
| Wan | Reject | Accept | Reject | Both Checked | Wan | lan | |
| Slan | Accept | Accept | Reject | Both Blank | Slan | Ovpn 1 | |
| Ovpn 1 | Accept | Accept | Reject | Check Masquerade MSS Blank | Ovpn 1 | Slan |
1 See below for more information about ovpn firewall zone. Just edit Lan and Wan at this point. We’ll finish this below.
- The rest of the setup process will be on the command line so login to the router via SSH (see this page)
- Configure the network – edit file: /etc/config/network
- Add ovpn interface
- Configure the network – edit file: /etc/config/network
config 'interface' 'ovpn'
option 'ifname' 'tun0'
option 'defaultroute' '0'
option 'peerdns' '0'
option 'proto' 'none'10. Configure the firewall – edit file: /etc/config/firewall
- Configure forward zones (firewall)
config 'forwarding'
option 'dest' 'ovpn'
option 'src' 'slan'11. Configure OpenVPN zone (firewall)
config zone
option name 'ovpn'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'ovpn'- Add new table to routing table – edit file: /etc/iproute2/rt_tables
- install ip from software repo, if the iproute2 folder doesn’t exist
Add the one highlighted line below
# reserved values
#
255 local
254 main
253 default
10 vpn
0 unspec
#
# local
#
# 1 inr.ruhep