1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus RT-AC68U Merlin 384.6 OpenVPN Static Route

Discussion in 'Asuswrt-Merlin' started by chupa, Sep 21, 2018.

  1. chupa

    chupa New Around Here

    Joined:
    Sep 21, 2018
    Messages:
    1
    Good afternoon.
    An incomprehensible problem, there is a home network behind the router and the client behind it is the address 172.20.21.99.
    I can not understand why the address 172.20.21.99 is not available for the client.

    On router openvpn-server:
    ip r show:
    Code:
    172.20.21.99 via 192.168.6.2 dev tun21 
    
    ip a:
    Code:
    10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
        link/ether 60:45:cb:59:cf:10 brd ff:ff:ff:ff:ff:ff
        inet 192.168.5.30/27 brd 192.168.5.31 scope global br0
    11: tun21: <POINTOPOINT,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100
        link/none 
        inet 192.168.6.1/27 brd 192.168.6.31 scope global tun21
    
    iptables -nvL
    Code:
    Chain OVPN (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     all  --  tun21  *       0.0.0.0/0            192.168.5.0/27     
    
    Chain PControls (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain PTCSRVLAN (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain PTCSRVWAN (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain SECURITY (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02 limit: avg 1/sec burst 5
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02
        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04 limit: avg 1/sec burst 5
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04
        0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
        0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain default_block (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain logaccept (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "ACCEPT "
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain logdrop (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "DROP "
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain other2wan (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 RETURN     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
        4   240 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    

    iptables -nvL -t nat
    Code:
    Chain PREROUTING (policy ACCEPT 35246 packets, 2271K bytes)
     pkts bytes target     prot opt in     out     source               destination         
        2    84 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:21194
     7684  488K VSERVER    all  --  *      *       0.0.0.0/0            XXX.XXX.XXX.XXX        
    
    Chain INPUT (policy ACCEPT 31574 packets, 1974K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 1216 packets, 145K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 1053 packets, 87791 bytes)
     pkts bytes target     prot opt in     out     source               destination         
     7194  525K PUPNP      all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
     6809  501K MASQUERADE  all  --  *      eth0   !XXX.XXX.XXX.XXX         0.0.0.0/0           
      177 60526 MASQUERADE  all  --  *      br0     192.168.5.0/27       192.168.5.0/27     
    
    Chain DNSFILTER (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain LOCALSRV (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain PCREDIRECT (0 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain PUPNP (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 MASQUERADE  tcp  --  *      *       192.168.5.29         0.0.0.0/0            tcp spt:32400 masq ports: 23163
    
    Chain VSERVER (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4672 to:192.168.5.30
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4665 to:192.168.5.30
        2   120 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4662 to:192.168.5.30
     1825  134K DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51413 to:192.168.5.30
     4609  236K DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413 to:192.168.5.30
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8481 to:192.168.5.30:8481
        2   104 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:192.168.5.30:8081
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9091 to:192.168.5.29:9091
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32400 to:192.168.5.29:32400
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:32400 to:192.168.5.29:32400
       12   700 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3210 to:192.168.6.3:3210
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:3210 to:192.168.6.3:3210
     1234  117K VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    
    Chain VUPNP (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23163 to:192.168.5.29:32400
    
    On Client:
    Code:
    Chain INPUT (policy ACCEPT 3642K packets, 4785M bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0           
      
    Chain OUTPUT (policy ACCEPT 2277K packets, 357M bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    iptables -nvL -t nat
    Chain PREROUTING (policy ACCEPT 3396 packets, 446K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain INPUT (policy ACCEPT 2091 packets, 310K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 37599 packets, 2300K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain POSTROUTING (policy ACCEPT 13340 packets, 837K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    24061 1451K MASQUERADE  all  --  *      *       192.168.6.0/27       0.0.0.0/0           
      204 13182 MASQUERADE  all  --  *      *       192.168.5.0/27       0.0.0.0/0           
        0     0 MASQUERADE  all  --  *      *       192.168.1.0/24       0.0.0.0/0           
    
    Server
    Code:
    cat /jffs/configs/openvpn/ccd1/ntkpc 
    
    #!/bin/sh
    ifconfig-push 192.168.6.2 255.255.255.224
    push "route 192.168.4.0 255.255.225.224 192.168.6.1"
    push "route 192.168.5.0 255.255.225.224 192.168.6.1"
    
    iroute 172.20.21.99 255.255.255.255
    
    Code:
    /etc/openvpn/server1/config.ovpn 
    # Automatically generated configuration
    daemon ovpn-server1
    topology subnet
    server 192.168.6.0 255.255.255.224
    dev tun21
    push "route 192.168.5.0 255.255.255.224 vpn_gateway 500"
    route 172.20.21.99 255.255.255.255 192.168.6.2
    
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!