Local LAN access OpenVPN on Asus ( Merlin)

[pmcd]

Is it possible for media players that access an Asus router running the OpenVPN client (Merlin firmware) to access local resources such as file servers and such? The Asus is an rt-56U with Merlin 380.57 firmware. It's wan is connected to an Ethernet port on the isp cable modem. I can port forward to get PleX but I cannot see any ftp/sftp/nfs/smb shares using for example Kodi. Would policies or port forwarding help there? The problem with port forwarding for sftp is it seems to be designed for the server to be behind the Asus router. I can ping units on the local LAN ( a NAS for example) but I can't see any kind of shares.

Edit: tried a simple policy which sent traffic from 10.0.1.100 ( a shield tv) to 192.168.2.13 ( a qnap) via wan and then via vpn. In both cases this seemed to force the Shield out of the vpn tunnel. Odd...

 

[netware5]

Is it possible for media players that access an Asus router running the OpenVPN client (Merlin firmware) to access local resources such as file servers and such? The Asus is an rt-56U with Merlin 380.57 firmware. It's wan is connected to an Ethernet port on the isp cable modem. I can port forward to get PleX but I cannot see any ftp/sftp/nfs/smb shares using for example Kodi. Would policies or port forwarding help there? The problem with port forwarding for sftp is it seems to be designed for the server to be behind the Asus router. I can ping units on the local LAN ( a NAS for example) but I can't see any kind of shares.

Edit: tried a simple policy which sent traffic from 10.0.1.100 ( a shield tv) to 192.168.2.13 ( a qnap) via wan and then via vpn. In both cases this seemed to force the Shield out of the vpn tunnel. Odd...

If you want to have access from WAN to ALL LAN resources, the easiest and trouble free method is to configure the OpenVPN server in TAP mode, so the OpenVPN will encapsulate not IP packets, but Ethernet frames. In such case, when the OpenVPN client is connected to the OpenVPN server, it will be equivalent to physical connection in your LAN. This is the most transparent and easy to understand and configure solution. I'm using this config more than 5 years and it is rock solid.

 

[pmcd]

Thanks. Right now I am using the OpenVPN client on the Asus (Merlin). Are you saying to run the VPN server on the Asus and the client on the media player?

The configuration is

media player -Ethernet-> Asus LAN port- OpenVPN on Asus - Asus WAN-> Rogers modem LAN -> internet

So anything connected to the Asus ( wired or wireless) connects to my vpn provider. But while the media player can ping items on the LAN it cannot access file shares.

I cannot run a vpn client on the media player(s).

Can you provide a link or a few more details regarding the OpenVPN server approach? Would I have to keep manually connecting and disconnecting?

Edit: I am not trying to get access from the Internet to my local LAN. I am trying to get access to the local LAN from some media player connected to the Asus which is itself on the Local LAN.

 

[netware5]

Thanks. Right now I am using the OpenVPN client on the Asus (Merlin). Are you saying to run the VPN server on the Asus and the client on the media player?

...........................................
Edit: I am not trying to get access from the Internet to my local LAN. I am trying to get access to the local LAN from some media player connected to the Asus which is itself on the Local LAN.

Sorry I misunderstood that you want to have access to your home LAN resources from outside, for example from your office or from your mobile device when on travel. Please ignore my previous post.

 

[pmcd]

Sorry I misunderstood that you want to have access to your home LAN resources from outside, for example from your office or from your mobile device when on travel. Please ignore my previous post.

No, I want to have access to my home LAN resources from a media player that is connected to a vpn router on the home LAN! I am not that interested in access to home from outside home. I think your original understanding is correct.

 

[Magissia]

As you're not going out of your home you may want to add a route, to allow proper routing back and forth.

 

[pmcd]

As you're not going out of your home you may want to add a route, to allow proper routing back and forth.

How would I do that? The Asus WAN port is connected to the Rogers modem LAN port. The Rogers modem doesn't allow static routing as far as I can tell. Mind you the Rogers modem does not have dhcp enabled. That is provided by a Synology NAS. The picture is sort of:

[ip's 10.0.1.xxx]—LAN ports/wireless of Asus —> via WAN of Asus —> LAN port of Rogers modem (192.168.2.1) —Rogers modem —> internet

Stuff in between Asus and Rogers are all on 192.168.2.xxx . Stuff before Asus 10.0.1.xxx which get routed.

Could I add a static route in the Asus modem to allow stuff to go back and forth? At the moment I can access the Asus from the LAN using a web browser ( I assigned the "WAN" address of 192.168.2.xxx to the Asus) or from the 10.0.1.xxx side.

Somehow I feel there is a simple answer here. I just don't know enough about networking.

Edit: I finally managed to get it working by enabling static routing and adding in the NAS ip for network/host ip, 255.255.255.0 for netmask, Rogers modem ip for gateway, 1 for metric though I am not sure if that number is correct. The interface is LAN