Menu
What's new
By:
Filters Better Search

Asus RT-AC68U Merlin 384.6 OpenVPN Static Route

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

chupa

New Around Here
Good afternoon.
An incomprehensible problem, there is a home network behind the router and the client behind it is the address 172.20.21.99.
I can not understand why the address 172.20.21.99 is not available for the client.

On router openvpn-server:
ip r show:
Code: 
172.20.21.99 via 192.168.6.2 dev tun21
ip a:
Code: 
10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 60:45:cb:59:cf:10 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.30/27 brd 192.168.5.31 scope global br0
11: tun21: <POINTOPOINT,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100
    link/none 
    inet 192.168.6.1/27 brd 192.168.6.31 scope global tun21

iptables -nvL
Code: 
Chain OVPN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun21  *       0.0.0.0/0            192.168.5.0/27     

Chain PControls (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain PTCSRVLAN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain PTCSRVWAN (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain SECURITY (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02 limit: avg 1/sec burst 5
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04 limit: avg 1/sec burst 5
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain default_block (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "ACCEPT "
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "DROP "
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain other2wan (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
    4   240 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0


iptables -nvL -t nat
Code: 
Chain PREROUTING (policy ACCEPT 35246 packets, 2271K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2    84 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:21194
 7684  488K VSERVER    all  --  *      *       0.0.0.0/0            XXX.XXX.XXX.XXX        

Chain INPUT (policy ACCEPT 31574 packets, 1974K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1216 packets, 145K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1053 packets, 87791 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7194  525K PUPNP      all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
 6809  501K MASQUERADE  all  --  *      eth0   !XXX.XXX.XXX.XXX         0.0.0.0/0           
  177 60526 MASQUERADE  all  --  *      br0     192.168.5.0/27       192.168.5.0/27     

Chain DNSFILTER (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain LOCALSRV (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain PCREDIRECT (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain PUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  tcp  --  *      *       192.168.5.29         0.0.0.0/0            tcp spt:32400 masq ports: 23163

Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4672 to:192.168.5.30
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4665 to:192.168.5.30
    2   120 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4662 to:192.168.5.30
 1825  134K DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51413 to:192.168.5.30
 4609  236K DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413 to:192.168.5.30
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8481 to:192.168.5.30:8481
    2   104 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:192.168.5.30:8081
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091 to:192.168.5.29:9091
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32400 to:192.168.5.29:32400
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:32400 to:192.168.5.29:32400
   12   700 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3210 to:192.168.6.3:3210
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:3210 to:192.168.6.3:3210
 1234  117K VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23163 to:192.168.5.29:32400

On Client:
Code: 
Chain INPUT (policy ACCEPT 3642K packets, 4785M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
  
Chain OUTPUT (policy ACCEPT 2277K packets, 357M bytes)
 pkts bytes target     prot opt in     out     source               destination         

iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 3396 packets, 446K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2091 packets, 310K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 37599 packets, 2300K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 13340 packets, 837K bytes)
 pkts bytes target     prot opt in     out     source               destination         
24061 1451K MASQUERADE  all  --  *      *       192.168.6.0/27       0.0.0.0/0           
  204 13182 MASQUERADE  all  --  *      *       192.168.5.0/27       0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      *       192.168.1.0/24       0.0.0.0/0

Server
Code: 
cat /jffs/configs/openvpn/ccd1/ntkpc 

#!/bin/sh
ifconfig-push 192.168.6.2 255.255.255.224
push "route 192.168.4.0 255.255.225.224 192.168.6.1"
push "route 192.168.5.0 255.255.225.224 192.168.6.1"

iroute 172.20.21.99 255.255.255.255

Code: 
/etc/openvpn/server1/config.ovpn 
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 192.168.6.0 255.255.255.224
dev tun21
push "route 192.168.5.0 255.255.255.224 vpn_gateway 500"
route 172.20.21.99 255.255.255.255 192.168.6.2
 
You must log in or register to reply here.

Similar threads

octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
1K
octopus
octopus
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
v.y.k
iptables pkts & bytes numbers are too low on Merlin 3004.388
Replies
13
Views
666
v.y.k
v.y.k
A
ASUS Dual WAN Failover, Then Failback, Leaves Secondary LAN in "Hot Standby"
Replies
4
Views
601
Kingp1n
K
K
Can't get SNAT/MASQ to work.
2
Replies
24
Views
2K
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
C Where to Download GNUton's Asus Merlin For DSL-AC68U Asuswrt-Merlin 5
dbaser ASUS RT-AC68U not working after Merlin firmware update, did I brick it? Asuswrt-Merlin 15
J Solved *SOLVED* Asus RT-AX86U Pro on latest Merlin 3004.388.4, cannot get RT-AC68U (on any firmware) to connect as a AI Mesh Node Asuswrt-Merlin 3
B Two Asus RT-AC68U routers with Merlin software, connected via VPN - dhcp problem. Asuswrt-Merlin 5
S Asus Merlin 386.10 on AC68U - keep losing port forwarding table - no data in table Asuswrt-Merlin 2
H Asus RT-AC68U SSH not responsive after time, reboot not helping. Asuswrt-Merlin 4
Run5k Solved ASUS RT-AC68U router can't reach specific website - known issue? Asuswrt-Merlin 6
P asus ac68u firewall Asuswrt-Merlin 26
S How to auto-restart remote clients (an Asus RT-AC68U) OpenVPN client Asuswrt-Merlin 45
J In asus rt-ac68u router under VPN Client - VPN Server List missing OpenVPN Asuswrt-Merlin 30

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 706 (members: 26, guests: 680)
Top