1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus RT-AC87U remote access question

Discussion in 'Routers' started by Ojee, Dec 13, 2018.

  1. Ojee

    Ojee Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    28
    I have an RT-AC87U running the latest MerlinWRT on it, and I'm very happy with it. When I'm out the door, I use a NAS with a VPN server running on it to connect to my network, and check in on my router.

    This works fine with the setting "Allow only specified IP address" switched to NO under "Remote Access Config" on the Systems tab.

    To increase security, I would like to switch it on. However when I do, I can't access the router anymore through my VPN as I used to. I tried adding the dynamic IP assigned by the VPN to the list, but it still won't allow me access. I feel like I'm missing something. What am I doing wrong?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Just to be clear.... Your VPN server is running on your NAS not the router. Correct?

    The Remote Access Config in the router's GUI only applies to accessing the router GUI. Not anything else, like your NAS.
     
  3. Ojee

    Ojee Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    28
    My VPN is running on my NAS, and I'm trying to access my router over the local network. However, it won't let me. I can access the router from the local network just fine, just not through my VPN.
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    OK.

    What IP address does your VPN client appear to have and how does that compare to your LAN address range? For example, is your client 10.8.0.3 and your LAN 192.168.1.x.
     
  5. Ojee

    Ojee Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    28
    Yeah that sounds about right. But when I add a rule allowing 10.x.x.x access, it does not work.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    OK I'll have to think about this.

    On the router under Remote Access Config can you try also enabling Web Access from WAN. You'll have to use HTTPS instead of HTTP if that is what you've been using. I'm just wondering if the router is classifying your VPN client as "web" because it's IP address doesn't match the LAN.
     
  7. Ojee

    Ojee Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    28
    But if it were classifying it as as web, then it shouldn't work regardless if "Allow only specified IP address" switched to NO or YES? But it does with it switched to NO.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,252
    Location:
    UK
    Logically yes. But I was just speculating that the logic might be broken when you select that option. Just thought it was worth a try, that's all.

    There was a slightly similar discussion here. IIRC in that case the NAS which was running the VPN server was masquerading the incoming connections so that instead of the client having a 10.8.0.x address it had the VPN server's address. Perhaps your VPN server has that option?