Solved (Asus Rt-ac88u) can connect openvpn but no access to LAN

admjral3

New Around Here
i enable openvpn server and i can connect to openvpn server but i can not access to LAN, only access to LAN when using putty to run command "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE"
rightnow i have to run this command everrytime after reboot, because after reboot again can not access LAN
firmware 368.1.2
this is my default setting openvpn server
unknown.png
 
Last edited:

ColinTaylor

Part of the Furniture
What do you have set under OpenVPN General settings > Client will use VPN to access ?
 

eibgrad

Part of the Furniture
The fact you're using that NAT rule and it works tells me the problem is local firewalls on the devices you're trying to access (e.g., Windows). That NAT rule is one way to circumvent the problem (or else updating the individual firewalls, which is often impractical).

The only thing you need to do is make the NAT rule permanent using a nat-start script.
 

admjral3

New Around Here
The fact you're using that NAT rule and it works tells me the problem is local firewalls on the devices you're trying to access (e.g., Windows). That NAT rule is one way to circumvent the problem (or else updating the individual firewalls, which is often impractical).

The only thing you need to do is make the NAT rule permanent using a nat-start script.
may you help me , i just have bought this router for 2 days
 

eibgrad

Part of the Furniture
may you help me , i just have bought this router for 2 days

Make sure JFFS and JFFS scripts is enabled under Administration->System. Then ssh into the router and copy/paste the script below into the window. It will automatically create and install the NAT rule. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/nat-start"

mkdir -p $SCRIPTS_DIR

function create_script() {
cat << "EOF" > $SCRIPT
#!/bin/sh
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi

Note, if there's a pre-existing nat-start script, it will NOT overwrite it. In that case, you'll have to manually add it to the pre-existing nat-start script.
 
Last edited:

admjral3

New Around Here
Make sure JFFS and JFFS scripts is enabled under Administration->System. Then ssh into the router and copy/paste the script below into the window. It will automtically create and install the NAT rule. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/nat-start"

mkdir -p $SCRIPTS_DIR

function create_script() {
cat << "EOF" > $SCRIPT
#!/bin/sh
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi

Note, if there's a pre-existing nat-start script, it will NOT overwrite it. In that case, you'll have to manually add it to the pre-existing nat-start script.
you are my savior, everything worked perfectly now
 

Toby the Cat

New Around Here
Thank you eibgrad, I had the same problem and after a few days searching and trying all sorts I found your script, and that did the job.

THANK YOU
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top