What's new

Cannot connect openvpn client and server at the same time

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Andame67

Occasional Visitor
Hi everyone ,


My knowledge of routers and scripts is low but I do have patience to try things:cool:. I have an Asus RT-AX86sen that I have already equipped with the merlin software. I actually want to surf the internet safely from anywhere by setting up a VPN from anywhere and from my router to the internet via a VPNserver (privatevpn). I installed the script Eibgad mentioned in a other thread. It works independently of each other but not together. I also can't find a log that records where things go wrong. At the times when I try to connect I don't see any logs being created. I hope someone can help me further.

Thank you very much
 
Just to clarify, that *other* thread the OP mentioned is the following.


There are two classic problems w/ managing the OpenVPN client and server at the same time on the router.

In that other thread, the problem has to do w/ an OpenVPN server and client that have already successfully connected at the same time, but the remote OpenVPN clients of the local OpenVPN server can NOT reach WLAN/LAN clients bound to the local OpenVPN client. And the problem is due to those local OpenVPN clients using a routing table that does NOT contain the network interface of the local OpenVPN server (e.g., tun21). There are two method suggested to correct the problem, one of which requires a script.

The other classic problem is when a remote OpenVPN client can't get connected to the local OpenVPN server, AT ALL! And this is typically due to having the router itself bound to the local OpenVPN client, just like the other WLAN/LAN clients. The solution is to use the VPN Director to selectively route your WLAN/LAN clients (even if that means the entire network, 192.168.1.0/24), thus removing the router itself from the local OpenVPN client and making its OpenVPN server accessible again.

So which one of these scenarios applies? Or perhaps it's something else entirely.
 
Last edited:
thanks for the quick response, i think the 2nd option applies to me, my asus router hangs with the wan behind isp. When i login to the home network from the isp with vpn client and go to the asus router vpn server then it is possible to use both vpn but when i enter my public ip in the vpn client i get no connection. With my mobile phone with wifi off it only works if i disable the vpn client in the router.
 
And if i onderstand correct i have to change my routers ip above 192.168.2.250. Than put a rule in VPN director. This i have to figure out. But why does it work from internal lan?
 
And if i onderstand correct i have to change my routers ip above 192.168.2.250.

I don't know what that means.

What I'm saying is that if you want to use the local OpenVPN server and local OpenVPN client at the same time, the latter will have to be configured w/ the VPN Director (e.g., add a rule that routes all of the LAN (192.168.1.0/24) over the OpenVPN client).

But why does it work from internal lan?

If you're attempting to access the local OpenVPN server from within the same LAN on which it is running, this is meaningless! Unlike other remotely accessible services, the VPN changes the routing tables. And this can lead to all sorts of problems if accessed locally, since NOW you have the same LAN available both locally and over the VPN. Fortunately, the OpenVPN server in the case of Merlin pushes a metric of 500 for the LAN's network interface that prevents any lockups. But all that means is your remote access over the OpenVPN server isn't be routed over the VPN anyway. It's being routed locally, just as if the OpenVPN server wasn't running at all. As I said, it's meaningless.
 
Then I will first figure out how to use the vpn director and then I hope I can continue. It is all new for me but this way I learn fast. Thanks in advance again.
 
netwerk.png

I try to understand how to fill in the vpn director but i do not know where to start. I hope this drawing makes clear what I want to do. Can you help me to fill in the vpn director or point me to a topic that can help me?
 
Ok, I got it working but I do not know if it is safe to do it like this, can someone read the log and help me out with that?

The change I made inVPN director:
<1>>10.0.10.0/24>>WAN

My sys log (edditted):
 

Attachments

  • syslogbewrkt.txt
    11.6 KB · Views: 106
Ok, I got it working but I do not know if it is safe to do it like this, can someone read the log and help me out with that?

The change I made inVPN director:
<1>>10.0.10.0/24>>WAN

My sys log (edditted):

Your solution is inconsistent w/ what you said you believed the problem to be. I gave two scenarios in post # 2. Creating a WAN rule for the OpenVPN server's IP network on the tunnel was the solution to the first case, whereas you thought your problem was the second case. But in the end it probably doesn't matter since in all likelihood, you would have needed to deal w/ both situations anyway. However, unless you also add rules to route clients of the 192.168.1.0/24 network over OVPN1 (appears to be PrivateVPN), they'll continue to use the WAN of the RT-AC68S.
 
Sorry, I'm trying a lot because I don't know enough about it. I thought I was dealing with the 2nd option.

I later did a factory reset as it stopped working and now i am back to where it works. Can I see if the script I ran is still active after the factory reset? And is there somewhere I can test whether my solution is safe?
 
I don't know what you mean by "safe". Be specific.

To solve both problems, you need the WAN rule *and* one or more OVPN1 rules. The former solves the problem of accessing devices on your WLAN/LAN via remote OpenVPN clients of your local OpenVPN server that happen to also be bound to the local OpenVPN client. The latter is what actually binds any local WLAN/LAN clients to the local OpenVPN client.
 
Secure internet? Ha ha ha! :D

You're funny!
 
We all do our best to secure our (internal) networks, but the internet, inherently, isn't under that kind of control.
 
Thanks for point me in the right direction, I have most parts working now. But because I have created 5 guest networks with Yazfi I like to hide 4 of them, I use them for myself or smart device. Is it possible to hide ssid saperately?
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top