diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index d36272bf9..4a524dc8e 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -1,5 +1,25 @@
 #!/bin/sh
 
+if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then
+	uci -q batch <<-EOF >/dev/null
+		del firewall.@zone[2]
+		commit firewall
+	EOF
+fi
+
+if [ "$(uci -q get firewall.zone_vpn)" = "" ]; then
+    uci -q batch <<-EOF >/dev/null
+    set firewall.zone_vpn=zone
+    set firewall.zone_vpn.name=vpn
+    set firewall.zone_vpn.network=glorytun
+    set firewall.zone_vpn.masq=1
+    set firewall.zone_vpn.input=REJECT
+    set firewall.zone_vpn.forward=ACCEPT
+    set firewall.zone_vpn.output=ACCEPT
+    commit firewall
+    EOF
+fi
+
 if [ "$(uci -q show firewall | grep Allow-All-Ping)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		add firewall rule
diff --git a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
old mode 100644
new mode 100755
index a267fffd3..18504bbe0
--- a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
+++ b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
@@ -17,7 +17,7 @@ fi
 
 if [ "$(uci -q show firewall | grep omrvpn)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
-		add_list firewall.@zone[2].network=omrvpn
+		add_list firewall.zone_vpn.network=omrvpn
 		delete firewall.allow_dhcp_request_vpn
 		set firewall.allow_dhcp_request_vpn=rule
 		set firewall.allow_dhcp_request_vpn.name=Allow-DHCP-Request-VPN