Menu
What's new
By:
Filters Better Search

Client access to LAN whilst connected to OpenVPN Client [AsusWrt Merlin]

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

7

7h1nk

New Around Here
I have several WiFi clients behind an Asus AC3200 running AsusWrt Merlin but only 2 of which I'd like to go out via the VPN but also be able to access local resources on the LAN.

The LAN is slightly complex because it consists of the following:-

WiFi Clients > Asus > Switch > Firewall > Internet
Wired Clients > Switch > Firewall > Internet

WiFi clients are on 192.168.2.x and clients wired into the switch are on 192.168.1.x. WiFi clients can currently access LAN resources on the 192.168.1.x network.

The Asus does DHCP for WiFi clients, then has an IP of 192.168.1.2 on its WAN interface. I also have the OpenVPN client configured.

Using policy based routing, what is best practice please with regards to sending a WiFi client through the tunnel but allowing it to access to the LAN at the same time?

Should I set the Policy Rules to Strict, and then rules for the cient as below...

- 192.168.2.11 to 0.0.0.0 Iface of VPN
- 192.168.2.11 to 192.168.1.0/24 Iface WAN
- 192.168.2.11 to 192.168.2.0/24 Iface WAN

...and then repeat for the other WiFi client, and a single client which is hardwired into the Asus. Or is there a better method I should be looking at please?
 
7h1nk said:
I have several WiFi clients behind an Asus AC3200 running AsusWrt Merlin but only 2 of which I'd like to go out via the VPN but also be able to access local resources on the LAN.

The LAN is slightly complex because it consists of the following:-

WiFi Clients > Asus > Switch > Firewall > Internet
Wired Clients > Switch > Firewall > Internet

WiFi clients are on 192.168.2.x and clients wired into the switch are on 192.168.1.x. WiFi clients can currently access LAN resources on the 192.168.1.x network.

The Asus does DHCP for WiFi clients, then has an IP of 192.168.1.2 on its WAN interface. I also have the OpenVPN client configured.

Using policy based routing, what is best practice please with regards to sending a WiFi client through the tunnel but allowing it to access to the LAN at the same time?

Should I set the Policy Rules to Strict, and then rules for the cient as below...

- 192.168.2.11 to 0.0.0.0 Iface of VPN
- 192.168.2.11 to 192.168.1.0/24 Iface WAN
- 192.168.2.11 to 192.168.2.0/24 Iface WAN

...and then repeat for the other WiFi client, and a single client which is hardwired into the Asus. Or is there a better method I should be looking at please?
Click to expand...
I advice you to put your in LAN/ DHCP server / IP Pool like this 191.68.11.100 - 192.168.11.254
Next I assume that router A lan goes to router B WAN?
if so then find out the IP address that your router A is giving to router B
Go to DHCP server and enable Enable Manual Assignment
Look for the Router B in the MAC address section and choose it. Then assign another IP to ROUTER B
and keep it under .100 example 192.168.2.65
now create one rule
192.168.2.65 0.0.0. 0 VPN
All of Router 2 will be on VPN and every other device will be on WAN

If you want to have LAN shares on both then I would suggest you keep the same subnet for both routers.
router A 192.168.1.1 router B 192.168.1.2
then its even easier all you have to do is create a rule on Router A for router B which will have all internet via VPN
192.168.1.2 0.0.0.0 VPN

if you want only 2 clients from the second router that are on wifi but the rest to be on local ISP
then look for the 2 clients that are connected on router B and give them an IP address under .100 in Router A policy rules.
so if your wi fi cleints are 192.168.1.106 and 192.168.1.150 go to Manually Assigned IP around the DHCP list in LAN/ DHCP and change their IP to 192.168.1.50 and 192.168.1.51
now create a rule on router A
192.168.1.50 0.0.0.0 VPN
192.168.1.51 0.0.0.0 VPN
these 2 devices will be on the VPN and everything else on local ISP
you can also do CDIR range but if you only have a couple of devices its not worth the hassle.

Hope that helps
 
One thing I forgot to mention
if you do LAN to LAN you have to disable DHCP on router 2 and when you force the DHCP server to give a sepcific address which goes to the VPN unplug the network cable from Router A that goes to Router B so that the IP address changes.
if you do LAN to WAN reboot router B for the new IP address to take effect.
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
328
elorimer
E
R
How to route/bridge OpenVPN TUN Client to LAN/BR0?
Replies
0
Views
523
RandomUser777
R
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
584
Drihha
D
P
Solved router connected to ISP router
Replies
7
Views
277
paque1960
P
P
Connect OpenVPN server with Client networks
Replies
3
Views
610
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
O TV with OpenVPN client VPN 15
tagfoto Pulse Secure Desktop Client Failing VPN 8
S How to start client VPN from the CLI on tomato firmware VPN 0
R How to route/bridge OpenVPN TUN Client to LAN/BR0? VPN 0
Stardust VPN server running but Linux Client can't connect? VPN 4
C Cant create client wireguard ac865U VPN 5
J Anyone using Data Channel Offload (OVPN-DCO) on any of your client devices/networks yet? VPN 48
gdgross Setting up VPN server (router?) for offsite access VPN 13
C Instant Guard IPsec VPN Log Showing Regular Access Attempts VPN 3
G Remote Access Transmission Torrent Behind VPN on interface OVPN1 VPN 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 842 (members: 14, guests: 828)
Top