Cannot connect openvpn client and server at the same time

Andame67

Occasional Visitor
Hi everyone ,


My knowledge of routers and scripts is low but I do have patience to try things:cool:. I have an Asus RT-AX86sen that I have already equipped with the merlin software. I actually want to surf the internet safely from anywhere by setting up a VPN from anywhere and from my router to the internet via a VPNserver (privatevpn). I installed the script Eibgad mentioned in a other thread. It works independently of each other but not together. I also can't find a log that records where things go wrong. At the times when I try to connect I don't see any logs being created. I hope someone can help me further.

Thank you very much
 

eibgrad

Part of the Furniture
Just to clarify, that *other* thread the OP mentioned is the following.


There are two classic problems w/ managing the OpenVPN client and server at the same time on the router.

In that other thread, the problem has to do w/ an OpenVPN server and client that have already successfully connected at the same time, but the remote OpenVPN clients of the local OpenVPN server can NOT reach WLAN/LAN clients bound to the local OpenVPN client. And the problem is due to those local OpenVPN clients using a routing table that does NOT contain the network interface of the local OpenVPN server (e.g., tun21). There are two method suggested to correct the problem, one of which requires a script.

The other classic problem is when a remote OpenVPN client can't get connected to the local OpenVPN server, AT ALL! And this is typically due to having the router itself bound to the local OpenVPN client, just like the other WLAN/LAN clients. The solution is to use the VPN Director to selectively route your WLAN/LAN clients (even if that means the entire network, 192.168.1.0/24), thus removing the router itself from the local OpenVPN client and making its OpenVPN server accessible again.

So which one of these scenarios applies? Or perhaps it's something else entirely.
 
Last edited:

Andame67

Occasional Visitor
thanks for the quick response, i think the 2nd option applies to me, my asus router hangs with the wan behind isp. When i login to the home network from the isp with vpn client and go to the asus router vpn server then it is possible to use both vpn but when i enter my public ip in the vpn client i get no connection. With my mobile phone with wifi off it only works if i disable the vpn client in the router.
 

Andame67

Occasional Visitor
And if i onderstand correct i have to change my routers ip above 192.168.2.250. Than put a rule in VPN director. This i have to figure out. But why does it work from internal lan?
 

eibgrad

Part of the Furniture
And if i onderstand correct i have to change my routers ip above 192.168.2.250.

I don't know what that means.

What I'm saying is that if you want to use the local OpenVPN server and local OpenVPN client at the same time, the latter will have to be configured w/ the VPN Director (e.g., add a rule that routes all of the LAN (192.168.1.0/24) over the OpenVPN client).

But why does it work from internal lan?

If you're attempting to access the local OpenVPN server from within the same LAN on which it is running, this is meaningless! Unlike other remotely accessible services, the VPN changes the routing tables. And this can lead to all sorts of problems if accessed locally, since NOW you have the same LAN available both locally and over the VPN. Fortunately, the OpenVPN server in the case of Merlin pushes a metric of 500 for the LAN's network interface that prevents any lockups. But all that means is your remote access over the OpenVPN server isn't be routed over the VPN anyway. It's being routed locally, just as if the OpenVPN server wasn't running at all. As I said, it's meaningless.
 

Andame67

Occasional Visitor
Then I will first figure out how to use the vpn director and then I hope I can continue. It is all new for me but this way I learn fast. Thanks in advance again.
 

Andame67

Occasional Visitor
netwerk.png

I try to understand how to fill in the vpn director but i do not know where to start. I hope this drawing makes clear what I want to do. Can you help me to fill in the vpn director or point me to a topic that can help me?
 

Andame67

Occasional Visitor
Ok, I got it working but I do not know if it is safe to do it like this, can someone read the log and help me out with that?

The change I made inVPN director:
<1>>10.0.10.0/24>>WAN

My sys log (edditted):
 

Attachments

  • syslogbewrkt.txt
    11.6 KB · Views: 50

eibgrad

Part of the Furniture
Ok, I got it working but I do not know if it is safe to do it like this, can someone read the log and help me out with that?

The change I made inVPN director:
<1>>10.0.10.0/24>>WAN

My sys log (edditted):

Your solution is inconsistent w/ what you said you believed the problem to be. I gave two scenarios in post # 2. Creating a WAN rule for the OpenVPN server's IP network on the tunnel was the solution to the first case, whereas you thought your problem was the second case. But in the end it probably doesn't matter since in all likelihood, you would have needed to deal w/ both situations anyway. However, unless you also add rules to route clients of the 192.168.1.0/24 network over OVPN1 (appears to be PrivateVPN), they'll continue to use the WAN of the RT-AC68S.
 

Andame67

Occasional Visitor
Sorry, I'm trying a lot because I don't know enough about it. I thought I was dealing with the 2nd option.

I later did a factory reset as it stopped working and now i am back to where it works. Can I see if the script I ran is still active after the factory reset? And is there somewhere I can test whether my solution is safe?
 

eibgrad

Part of the Furniture
I don't know what you mean by "safe". Be specific.

To solve both problems, you need the WAN rule *and* one or more OVPN1 rules. The former solves the problem of accessing devices on your WLAN/LAN via remote OpenVPN clients of your local OpenVPN server that happen to also be bound to the local OpenVPN client. The latter is what actually binds any local WLAN/LAN clients to the local OpenVPN client.
 

L&LD

Part of the Furniture
Secure internet? Ha ha ha! :D

You're funny!
 

L&LD

Part of the Furniture
We all do our best to secure our (internal) networks, but the internet, inherently, isn't under that kind of control.
 

Andame67

Occasional Visitor
Thanks for point me in the right direction, I have most parts working now. But because I have created 5 guest networks with Yazfi I like to hide 4 of them, I use them for myself or smart device. Is it possible to hide ssid saperately?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top