1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

access to openvpn server

Discussion in 'Asuswrt-Merlin' started by andresmorago, Jul 18, 2019.

  1. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    Hello

    Im setting up a openvpn server on a remote asus router (AC56R).

    Router ip is 192.168.1.1
    Router openvpn server ip is 10.0.3.1

    openvpn is working ok. i can remotely connect from another asus router (client #2) . ip address that i get is 10.0.3.2

    i have these 2 lines on the openvpn server custom configuration
    Code:
    push "route 192.168.1.0 255.255.255.0"
    push "route 10.0.3.0 255.255.255.0"
    i need to be able to access from my windows client to the routers web gui. here are my issues:

    *10.0.3.1 is pingable but no web gui access
    *192.168.1.1 is not pingable and no web gui access

    i will appreciate your help

    -andres
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    You shouldn't need either of those push statements. The first one ought to be automatically created by the "Push LAN to clients" option in the GUI, and the second one is not needed as that is the tunnel address.

    Is the LAN subnet of the client different from that of the server, e.g. not 192.168.1.x ?
     
  3. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    hello
    thanks for the feedback. i will remove the push statements.

    regarding the lan subnet of the client, yes, its different.

    server lan ip: 192.168.1.1
    server openvpn ip: 10.0.3.1
    client ip: 10.0.3.2

    i need to be able to access 10.0.3.1 from 10.0.3.2. right now i can ping but cant access tcp ports
     
    Last edited: Jul 18, 2019
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    Can you confirm the LAN IP address and netmask for the client router please.
     
  5. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    hi

    sorry. i didnt give you the information

    router running openvpn client
    10.0.0.1
    255.255.255.0
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    That all looks OK.

    Can you ping any other IP addresses on 192.168.1.x, for example a network printer? If you're pinging a Windows PC you'll probably have to temporarily turn off its firewall.
     
  7. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    hi

    from the openvpn client i cant ping any of the 192.168.1.x addresses. none of the devices are accessible from 10.0.3.0. none of the devices on 192.168.1.x are windows based.

    i can ping the openvpn server 10.0.3.1 but router web gui isnt accesible
     
    Last edited: Jul 18, 2019
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    If you try connecting with a different type of client, like a mobile phone app, does that work?
     
  9. bbunge

    bbunge Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    958
    Location:
    Pennsylvania USA
    Set your client router to an ip address other than 192.168.1.1


    Sent from my SM-T380 using Tapatalk
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    Thinking about this a bit more, I think you need to tell the server about the client's subnet and how to get to it. So I'd guess you would need something like this in the VPN server custom config:

    Code:
    iroute 10.0.0.0 255.255.255.0
    route 10.0.0.0 255.255.255.0
     
  11. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    hi @ColinTaylor
    somehow adding these 2 lines crashed my openvpn server and i no longer can access the server :(. i didnt have a backup access path this time so ill have to be on site tomorrow in order to restore access.
     
    Last edited: Jul 18, 2019
  12. andresmorago

    andresmorago Regular Contributor

    Joined:
    May 27, 2014
    Messages:
    128
    thanks bbunge but its not possible at this moment since i already have several clients on each network and it would mean to change a lot
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,079
    Location:
    UK
    Have a look at this thread. If I'm reading it correctly it means that you can use the "Manage Client-Specific Options" and then add the subnets in the "Allowed Clients" list. No need to specify iroute and route.