Some items were removed ( and marked with /// Info removed /// ) for security..
But I have also whiped the config clean, and installed the Basic Setup Wizard with no additional changes
and it still acts the same.
The VPN inferface is not being used and is Disabled.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify pia_route {
rule 10 {
action modify
description PIA
modify {
table 1
}
source {
address 192.168.1.0/24
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
address 192.168.1.1/24
aging 300
bridged-conntrack disable
description "Local Bridge"
firewall {
in {
modify pia_route
}
}
hello-time 2
max-age 20
priority 32768
promiscuous enable
stp false
}
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
bridge-group {
bridge br0
}
description MediaServer
duplex auto
speed auto
}
ethernet eth2 {
bridge-group {
bridge br0
}
description LivingRmSwitch
duplex auto
speed auto
}
ethernet eth3 {
bridge-group {
bridge br0
}
description MacMini
duplex auto
speed auto
}
ethernet eth4 {
bridge-group {
bridge br0
}
description WinPC
duplex auto
speed auto
}
ethernet eth5 {
bridge-group {
bridge br0
}
description WiFi
duplex auto
speed auto
}
ethernet eth6 {
bridge-group {
bridge br0
}
description NAS
duplex auto
speed auto
}
ethernet eth7 {
bridge-group {
bridge br0
}
description Switch
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
config-file /config/auth/udp-chi2_udp.ovpn
description "Private Internet Access"
disable
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface br0
rule 1 {
/// Rule Info Removed ///
}
wan-interface eth0
}
protocols {
static {
table 1 {
interface-route 0.0.0.0/0 {
next-hop-interface vtun0 {
}
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_BR {
authoritative enable
subnet 192.168.1.0/24 {
bootfile-name pxelinux.0
bootfile-server 192.168.1.54
default-router 192.168.1.1
dns-server 8.8.4.4
dns-server 8.8.8.8
lease 86400
start 192.168.1.100 {
stop 192.168.1.199
}
}
use-dnsmasq disable
}
dns {
dynamic {
interface eth0 {
service dyndns {
/// DYNDNS Info Removed ///
}
web dyndns
}
}
forwarding {
cache-size 150
listen-on br0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5000 {
description PIA
log disable
outbound-interface vtun0
source {
address 192.168.1.0/24
}
type masquerade
}
rule 5001 {
description default
log disable
outbound-interface eth0
source {
address 192.168.1.0/24
}
type masquerade
}
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
host-name Router
login {
/// Login info removed ///
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
custom-category SNews {
name snews
}
dpi enable
export enable
}
}
traffic-control {
}