Solved (Asus Rt-ac88u) can connect openvpn but no access to LAN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

admjral3

New Around Here
i enable openvpn server and i can connect to openvpn server but i can not access to LAN, only access to LAN when using putty to run command "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE"
rightnow i have to run this command everrytime after reboot, because after reboot again can not access LAN
firmware 368.1.2
this is my default setting openvpn server
unknown.png
 
Last edited:

ColinTaylor

Part of the Furniture
What do you have set under OpenVPN General settings > Client will use VPN to access ?
 

eibgrad

Very Senior Member
The fact you're using that NAT rule and it works tells me the problem is local firewalls on the devices you're trying to access (e.g., Windows). That NAT rule is one way to circumvent the problem (or else updating the individual firewalls, which is often impractical).

The only thing you need to do is make the NAT rule permanent using a nat-start script.
 

admjral3

New Around Here
The fact you're using that NAT rule and it works tells me the problem is local firewalls on the devices you're trying to access (e.g., Windows). That NAT rule is one way to circumvent the problem (or else updating the individual firewalls, which is often impractical).

The only thing you need to do is make the NAT rule permanent using a nat-start script.
may you help me , i just have bought this router for 2 days
 

eibgrad

Very Senior Member
may you help me , i just have bought this router for 2 days

Make sure JFFS and JFFS scripts is enabled under Administration->System. Then ssh into the router and copy/paste the script below into the window. It will automatically create and install the NAT rule. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/nat-start"

mkdir -p $SCRIPTS_DIR

function create_script() {
cat << "EOF" > $SCRIPT
#!/bin/sh
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi

Note, if there's a pre-existing nat-start script, it will NOT overwrite it. In that case, you'll have to manually add it to the pre-existing nat-start script.
 
Last edited:

admjral3

New Around Here
Make sure JFFS and JFFS scripts is enabled under Administration->System. Then ssh into the router and copy/paste the script below into the window. It will automtically create and install the NAT rule. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/nat-start"

mkdir -p $SCRIPTS_DIR

function create_script() {
cat << "EOF" > $SCRIPT
#!/bin/sh
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi

Note, if there's a pre-existing nat-start script, it will NOT overwrite it. In that case, you'll have to manually add it to the pre-existing nat-start script.
you are my savior, everything worked perfectly now
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top