What's new

Solved Access modem Web UI on WAN port in OpenVPN Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

abcxyz

Occasional Visitor

I followed this article and now I can access ISP modem web UI in LAN but when I used OPENVPN Server, I can’t access the ISP modem web UI (with IPSEC VPN server, I can access this ISP modem normally).

I’m using AX56U router with 386.3_2 Merlin firmware.

Please help me. Thanks alot!
 
What have you specified for "Client will use VPN to access" on the OpenVPN server? You'll need either Internet Only or Both. If you have LAN Only, it will only allow access to the private network (e.g., 192.168.1.0/24).

P.S. I suppose you could use LAN Only, as long as you added a firewall rule exception for the modem's IP network.

Code:
iptables -I FORWARD -s 10.8.0.0/24 -d 192.168.0.0/24 -j ACCEPT

I'm just assuming the OpenVPN server is using the default IP network of 10.8.0.0/24. If you've change it, adjust accordingly.
 
Last edited:
What have you specified for "Client will use VPN to access" on the OpenVPN server? You'll need either Internet Only or Both. If you have LAN Only, it will only allow access to the private network (e.g., 192.168.1.0/24).
I’ve chosen “Both” already but it didn’t work. I restored to lastest stock fw and chose “Both” and everything was ok. I don’t know why.
 
Another possibility. Unless you configured the OpenVPN client to use the OpenVPN server as its default gateway, it won't know that the 192.168.0.0/24 network is accessible over the VPN. You need to push that route from the server to the client in the OpenVPN server custom config field.

Code:
push "route 192.168.0.0 255.255.255.0"
 
What have you specified for "Client will use VPN to access" on the OpenVPN server? You'll need either Internet Only or Both. If you have LAN Only, it will only allow access to the private network (e.g., 192.168.1.0/24).

P.S. I suppose you could use LAN Only, as long as you added a firewall rule exception for the modem's IP network.

Code:
iptables -I FORWARD -s 10.8.0.0/24 -d 192.168.0.0/24 -j ACCEPT

I'm just assuming the OpenVPN server is using the default IP network of 10.8.0.0/24. If you've change it, adjust accordingly.

Thanks for your help. This solution work fines. Is there any way to add this rule in to router via Web UI instead of SSH-ing and adding into firewall-start file?
 
Thanks for your help. This solution work fines. Is there any way to add this rule in to router via Web UI instead of SSH-ing and adding into firewall-start file?

The only way to make it permanent is via the firewall-start script.
 
Another possibility. Unless you configured the OpenVPN client to use the OpenVPN server as its default gateway, it won't know that the 192.168.0.0/24 network is accessible over the VPN. You need to push that route from the server to the client in the OpenVPN server custom config field.

Code:
push "route 192.168.0.0 255.255.255.0"

I wrote your script to:

Code:
iptables -I FORWARD -s tun+ -d eth0 -j ACCEPT

And the script didn't work. I wrote script like that becauseI I don't want to change firewall-start if I change IP of ISP modem or OpenVPN server.
 
If you decide to use network interfaces in the firewall rule, then you need to change the options from -s and -d to -i for input-interface and -o for output-interface.

Code:
iptables -I FORWARD -i tun+ -o eth0 -j ACCEPT

Note: You may need to use vlan2 rather than eth0.
 
If you decide to use network interfaces in the firewall rule, then you need to change the options from -s and -d to -i for input-interface and -o for output-interface.

Code:
iptables -I FORWARD -i tun+ -o eth0 -j ACCEPT

Note: You may need to use vlan2 rather than eth0.

What is vlan2 interface? I try to use vlan2 but the comman didn't work. Eth0 is okay.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top