This Problem has been solved! For the record I keep the report online.
SOLUTION:
this error/bug only appears when I'm using the internal eth0 on the Rpi3 and bridge it with the wlan0if I use the eth0 as my WAN
and the additional usb-net adapter eth1 as my LAN and birdge this with the wlan0all problems are solved!
So this must be a bug in openWRT or any of the packages.
I've now successfully compiled openWRT for Raspberry Pi3.
Added a USB-ETH adapter so I have 2 RJ45 devices on the Pi3.
The added Eth1 I use for my WAN.
The Eth0 used for my LAN.
Both working!
WLAN working.
Then I added oVPN, working. Had some problems with the encryption cipher but that's working now too.
After all is done and all is working, I noticed a strange behavior when connection a LAN device to the Eth0 on the Raspberry. For 10-30 seconds everything works, really fast!
ANd then the connection is dropped. I need to reboot the raspberry pi to use the eth0 again. But only for 10-30 seconds after I plugin the cat6 cable! Then it's gone again.
ADD: I just disabled the WLAN (which is working fine btw for the WLAN clients) and unbridged it.
then this problem doesn't arise.
ADD2: Bridging wireless (still inactive) doesn't kill the Eth0. So only just bridging isn't the problem.
ADD3: so both settings must be true:
WLAN activated(no clients) AND bridged to LAN
So probably some bridging issue? Any ideas?
eth0: kevent0 may have been dropped is the message I get after which the eth0 isn't accessible anymore.
I like to point out, this only happens when I bridge the wlan interface to the eth0!
SOLUTION:
this error/bug only appears when I'm using the internal eth0 on the Rpi3 and bridge it with the wlan0
if I use the eth0 as my WAN
and the additional usb-net adapter eth1 as my LAN and birdge this with the wlan0
all problems are solved!
So I now have my Rpi3 working as router with a WAN eth0 and a LAN Eth1 and a WLAN wlan0
and a oVPN via tap0 and everything properly bridged and firewalled.
Over oVPN upstream i get 10,5 Mbps (11 is officially my maximum) and downstream 48Mbps (52 is officially my maximum) so I consider Rpi3 fast enough to max out my current internet connection.
Soon I'll get 200/200 both up and downstream and will report how good it performs on that.
I'm sure I need another external usb/net adapter as the internal eth0 on the Rpi3 is very slow, 100Mbps max.
But at least the oVPN performance on the Rpi3 can compete with the 200 USD expensive wrt1900acs! And that's a great thumbs up for the makers of the Rpi3.
root@OpenWrt:~# vi /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'dd00:1:1:69::/64'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '172.22.69.1'
option netmask '255.255.0.0'
option ip6assign '64'
option _orig_ifname 'eth0 wlan0'
option _orig_bridge 'true'
option ifname 'eth0 tap0'
config interface 'WAN'
option proto 'dhcp'
option ifname 'eth1'
config interface 'ovpn'
option ifname 'tap0'
option proto 'dhcp'
config interface 'WAN6'
option proto 'dhcpv6'
option ifname 'eth1'
option reqaddress 'try'
option reqprefix 'auto'
root@OpenWrt:~# vi /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 WAN WAN6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
(Last edited by mrgenie on 27 Oct 2016, 12:32)