Asus AC87U can't access LAN devices via ports

tsu

New Around Here
Something peculiar happens with my router running Merlin. I may have found a Merlin bug.
While connected to a local network via OpenVPN server running on this Asus AC87U, I can access several devices via their ports as IPX: Port1, IPX: Port2, etc. (where IPX = a generic local IP as 192.168.30.200)
When connected to that router directly via WIFI I cannot access anymore those devices despite being in the same network as IPX.
 
Last edited:

eibgrad

Part of the Furniture
OpenVPN client or server?

What is IPX?

What does "connected to that router directly" mean? You mean remotely over the WAN as opposed to say the OpenVPN server?

You need to be more precise here. Your description is too ambiguous.
 

eibgrad

Part of the Furniture
Are those wifi clients bound to the router's OpenVPN client at the same time (e.g., ExpressVPN, NordVPN, etc.)?
 

tsu

New Around Here
Are those wifi clients bound to the router's OpenVPN client at the same time (e.g., ExpressVPN, NordVPN, etc.)?
It's just one client which it's either connected to Asus AC87U via its OpenVPN server (when outside the network) or locally via WiFi. No other VPN involved.
When the client connects via Ethernet (instead of WiFi) it's the same behavior: no access to those devices.
 
Last edited:

eibgrad

Part of the Furniture
It's just one WIFI client which it's either connected to Asus AC87U via its OpenVPN server (when outside the network) or locally via WiFi. No other VPN involved.
When the client connects via Ethernet (instead of WiFi) it's the same behavior: no access to those devices.

You're still confusing me. How can the *wifi* client be connected to the OpenVPN server when outside the network (i.e., on the internet side of the WAN)? It's either connected *remotely* to your home network via the OpenVPN server (e.g., cellular on your smartphone), OR, the client is connected locally via wifi.

Is this perhaps a case of you trying to have a device remain connected to the OpenVPN server at ALL TIMES, whether inside the LAN using wifi, or on the road and connected remotely on the internet side of the WAN? I know some ppl like to do this so they don't have to switch back and forth between being connected and unconnected to the OpenVPN server. It requires NAT loopback to make it work.

As you can see, I'm still struggling with your description.
 

ColinTaylor

Part of the Furniture
When the client connects via Ethernet (instead of WiFi) it's the same behavior: no access to those devices.
And you previously said this was only effecting 6 out of 8 LAN servers - and those servers couldn't access the internet.

This sounds like a) a really badly configured network, or b) a problem with the ACL on the servers.
 

tsu

New Around Here
And you previously said this was only effecting 6 out of 8 LAN servers - and those servers couldn't access the internet.

This sounds like a) a really badly configured network, or b) a problem with the ACL on the servers.
It's a 50-50 that I may be able to solve that issue (now I have an idea), but it's midnight and I don't want to start poking around.
As you can see, I'm still struggling with your description.

While I made a mistake keeping the WiFi and OpenVPN in the same sentence (now corrected), I'll make it clearer now:
Client -> OpenVPN server = LAN access and access to IPX: Port1 devices
Client -> WIFI/Ethernet = LAN access but no access to IPX: Port1 devices. Testing with client2 or 3 (which do not have OpenVPN installed) results in the same outcome: no access to IPX: Port1 devices.
 

eibgrad

Part of the Furniture
At this point, the best I can suggest is posting your OpenVPN server configuration. Maybe we'll see an issue. I assume all works normally if the OpenVPN server is NOT running.
 

tsu

New Around Here
Solved !
It seems the issue was created by setting both the WAN and the LAN addresses in the same range (i.e.,192.168.30.x/255.255.255.0, more exactly WAN: 192.168.30.201, LAN:192.168.30.202). I was aware about that bug in the system which was allowing me to set these addresses like this, but I strategically kept them like that.
Now that I set everything as it should and it works perfectly.

Thank you for your advices.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top