What's new

Bypassing openVPN client for WAN requests

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

grimy55

New Around Here
Hello,

This is my first post, but I already learned a lot from this forum. I especially thanks Merlin for his work.

I have a RT-AC66U (with the latest Merlin build and SSH access activated). I set an openVPN client on it to give all my LAN a secured access to the web. my VPN provider is AirVPN. That works pretty well except that, when the openVPN client is on, my hosted services (some HTTP/s, FTPes and SSH) are no longer available from the outside.

From here and there, I understood the requests from the web should reach my local devices, but the openVPN client redirects by defaults the response through the tunnel where the packets are lost. From a number of forums (e.g. that one), I gather these ip rules that tells such packets to use the router gateway/interface instead of the VPN's:

Code:
ip rule add from 192.168.0.X table 128
ip route add table 128 to 192.168.0.0/24 dev eth0
ip route add table 128 default via 192.168.0.2

where 192.168.0.X is my LAN device hosting web services, 192.168.0.0/24 is my LAN subnet, and 192.168.0.2 is my router LAN ip.

However, these settings do not work for me, whether they're done before or after the VPNclient starts.

If you had to go through this kind of issue, or if you have any idea, any help would be appreciated.
Thanks !
 
I think it has been said previously that it is not possible to use Asus Cloud services if VPN is running. I am wondering though if having a fixed IP for VPN would solve this issue?
 
Actually, I'm not using Asus cloud. I was talking about self-hosted services on my own server. I have a couple of websites along with an FTPES and SSH access to my NAS. My WAN ip is fixed and linked to a DNS anyway.
 
I have fixed IP as well, but the moment VPN is on I am unable to access AC56U remotely. What I am wondering is if having fixed VPN IP would help.

"If you wish to run a server (web server, ftp server, etc...) over VPN, you need a private static IP address."
 
Last edited:
Right now I do not have the need to access my router while openvpn is active, but for cloud services it could be interesting. So I would like to get the topic solved as well.

Here is my understanding:

I try to reach my router either using the wan ip or a dyndns accont. The router receives the request. As openvpn is established and the standard gateway is set to vpn the router responses using the vpn connection. And so the response never comes back to me. Is that right?

If so, how about changing the default geateway of the router itself after establishing the vpn connection to the wan gateway and not the openvpn gateway. Then the router gets the request using the wan gateway and responses wan gateway.
Would that be possible? I am thinking like selective routing but for the device itself. MAybe some of you knows, what to do to let the router itself be an exception of the openvpn tunnel? Just using the IP of the router is not working. I already checked it.
 
Last edited:
As I am using Astrill, they have been kind enough to allow me test fixed VPN IP for few days to see whether it works and guess what? It does! I am able to reach router home page via remote http connection when VPN is up on the router. So I assume it would work for cloud access as well.
 
@mw0208
That's basically my understanding too but I'm a noob in iptables settings. I have to dig around to change the default gateway. I think that thread there could be a starting point.

@Primitivo
Thanks for the feedback. But I guess I did not understand what a fixed VPN IP is exactly. I'm used to connect to a single VPN server (from AirVPN) whose IP is static. I thought that was the fixed VPN IP you were talking about but, in this configuration, incoming requests from the web to my LAN do not work.

Where did I get it wrong ?
 
Are you sure that your VPN provider gives a fixed IP? I doubt it. All VPN providers use dynamic IP, meaning you + thousands other customers on the same server can have the same IP, so in this case you are unable to connect to your router...

https://airvpn.org/plans/

They do not mention anything about fixed IP. Usually it is an extra feature that you have to pay for separately, see here at the bottom:
https://www.astrill.com/addons.php

Fixed IP allows you to run a server for instance, because the IP is dedicated to yourself only.
 
Ok, I misunderstood and I see what you mean now. No, AirVPN does not provide a dedicated fixed IP.

Since you are using Astrill, I saw that they have what seems to be a very nice applet for the Merlin firmware.

Sounds like it can set selective routing very easily. Did you try it ?
 
Of course, it works great and it is one of the main reason I choose them as my VPN provider as they simply go beyond the competition. They are a bit more expensive though as you pay extra for the unique solutions (RouterPro protocol) but the applet itself is free of course. You can trial them for 7 days for free and test their solutions.

Also read this whole post, their RouterPro VPN protocol can make wonders in terms of speed.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top