What's new

Clients can’t connect to my OpenVPN server in my LAN because of ISP’s router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DiegoCJ

New Around Here
My Asus router (flashed with Merlin firmware) connects to my ISP router via static IP because my ISP blocks their router config, so I cannot put it on bridge mode.

I also have NAT on because I do not trust my ISP’s router security.

Since I needed to create a VPN server, I had to call my ISP to ask them to open ports for it. They opened two ports (let’s say 7777 and 7778, these are not the real ones by the way) and gave me a public IP for my clients to connect. But there is a catch, the ports are only available to the device with the assigned IP 192.168.15.254 in their router LAN.

So, I went to WAN and set the static IP to 192.168.15.254. This way I can create a VPN server in my Asus router and my clients can connect using the public IP provided by the ISP.

My Asus router uses DHCP and the LAN IP is 192.168.1.0, all my devices connect to my Asus Router.

The problem is that if I create the OpenVPN server on my PC behind my router (let’s give it the IP 192.168.1.200) my VPN clients cannot connect to it.

How can I route the incoming connections to my PC running the VPN server?



Here is what I’ve also enabled in my Asus router:

Port forwarding:
  • External Port / Internal Port = 7777
  • Internal IP Address = 192.168.1.200
  • Protocol = Both
  • Source IP = blank
NAT Passthrough:
  • PPTP, L2TP, IPSec passthrough are all enabled
  • RTSP, H.323 and SIP passthrough are all enabled + NAT helper


What else am I missing? Sorry if it is something simple or a stupid question, I’m mostly self-taught using internet tutorials and the good old “trial and error”.

I never had issues creating OpenVPN servers on my LAN devices with my older ISP (I could set their router to bridge mode), but my current ISP is the only one serving fiber where I live.

I even tried messing with static routes in the WAN config, but I don’t fully understand how they work, and my attempts amounted to nothing.
 
Correct me if I misread things. Is the port forwarding set up on the ISP Router or the ASUS Router? It reads to me that you set up the port forward on the ASUS Router.

If I read right, you will need to set up a port forward on the ISP Router to forward traffic received on the public internet side to the IP address of the ASUS Router.

Any particular reason why your ISP will not allow you to put the ISP box into bridge mode?
 
The ISP did the port forwarding in their router (since they have remote access to it). Because of CGNAT they don't allow their users to mess around in their router settings.

The server does work on my Asus router built in OpenVPN service, it's just that any device behind my Asus router that don't work.

And I just noticed I posted this question in the wrong section, sorry mods! :(
 
Here is what I’ve also enabled in my Asus router:

Port forwarding:
  • External Port / Internal Port = 7777
  • Internal IP Address = 192.168.1.200
  • Protocol = Both
  • Source IP = blank
Is the VPN server at 192.168.1.200 actually listening on its port 7777? If not then you need to change the Internal Port to match what it's using.
 
The ISP did the port forwarding in their router (since they have remote access to it). Because of CGNAT they don't allow their users to mess around in their router settings.

The server does work on my Asus router built in OpenVPN service, it's just that any device behind my Asus router that don't work.

And I just noticed I posted this question in the wrong section, sorry mods! :(

Thanks for the clarification. And I see @ColinTaylor beat me to the next question .....
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top