Port forwarding/DDNS ignores VPN rules

[ZakM]

Hello everyone,

I have setup a VPN with policy rules on my router, and have a client with routing going through the VPN.

However, if I turn DDNS on and I configure port forwarding to send one port's data to a particular computer, the IP for my DDNS is not that of the VPN but that of my ISP.

Now I don't know if all traffic for that client now skips the VPN or not. How can I even check?

Am I doing something wrong or is this unavoidable?

 

[Alfsu]

Hello everyone,

I have setup a VPN with policy rules on my router, and have a client with routing going through the VPN.

However, if I turn DDNS on and I configure port forwarding to send one port's data to a particular computer, the IP for my DDNS is not that of the VPN but that of my ISP.

Now I don't know if all traffic for that client now skips the VPN or not. How can I even check?

Am I doing something wrong or is this unavoidable?

For that you need to have control of the VPN server and route the ports from it.

If you are using a VPN provider then your goal cannot be accomplished. On the other hand you could lease a virtual server and configure it as a VPN server and DDNS, and switch from the VPN provider to your own.

Depending on what company you choose to lease the virtual server, the downside of it comes from content providers geolocation blocking.

But if not mistaken, I do remember someone saying to have circumvented this issue by adding a static IP address to the virtual server. It might it been @Xentrk.

 

[ZakM]

I see, yeah, that makes total sense. I just thought that it was weird that the firmware would just do that to allow the forward, without warning.
The natural behavior I expected is that the port forwarding would not work, because the client would be behind my VPN server and would not be reachable. Instead, Merlin on its own decided to exclude that client from the VPN route and open a tunnel.

Maybe this behavior could be changed in future revisions, for clarity.