Expose certain ports to wan instead of vpn client and other vpn question..

[Matthew Patrick]

So here's what I was thinking. Since my vpn provider doesn't allow port forwarding. So . My questions are..

1. Is it possible to expose certain ports to the wan instead ? And let the other traffic thru the vpn tunnel?? That way I can port forward say my game servers thru wan instead of it going thru the vpn.
2. So the vpn has devices limit of 5 . And I have a lot of devices. So is it possible to run the openvpn client on my router running the vpn profile, and then running the openvpn server on the router so that it will route traffic thru the vpn?? So basically when I'm outside I can connect my phone to the openvpn server on my home which will go thru the vpn tunnel at home.

anyways just for info. I'm using the AC86U. And yeah I know that it's gonna be as fast as the slowest link . Which is my home network. But it's okay since I usually don't use that much bandwidth. Thanks!

 

[ColinTaylor]

1. https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

2. Yes, I believe there are various posts in the forum from members doing that.

 

[Matthew Patrick]

1. https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

2. Yes, I believe there are various posts in the forum from members doing that.

Thanks for your reply. But it seems like number one only shows ways based on ip . There is a link regarding port routing but it's not recommend. So idk where to go now. I'm not that knowledgeable in terms of these things haha

 

[ColinTaylor]

Use these instructions for port based routing.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-Port-routing-(manual-method)

 

[JonEngland]

I know it's not the answer to your question but just throwing out an alternate solution to post 4.
If you're not set on sticking with your existing vpn, you could change to a vpn provider that does allow port forwarding, e.g. https://airvpn.org/ (there may be others)

then add entries to nat-start, e.g.

iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 52038 -j DNAT --to-destination 192.168.1.10
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 9351 -j DNAT --to-destination 192.168.1.10 
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 9008 -j DNAT --to-destination 192.168.1.10 
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 7001 -j DNAT --to-destination 192.168.1.10 
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8001 -j DNAT --to-destination 192.168.1.10

 

[Matthew Patrick]

Oh thanks . That's the new one I guess. I'll check it out later. Now just gotta figure out how to make the vpn server go thru the vpn client

 

[JonEngland]

Now just gotta figure out how to make the vpn server go thru the vpn client

VPN Server to VPN Client Routing:

GitHub - Xentrk/x3mRouting: Selectively route LAN clients, website or streaming media traffic over the WAN or OpenVPN client interfaces on Asuswrt-Merlin firmware

Selectively route LAN clients, website or streaming media traffic over the WAN or OpenVPN client interfaces on Asuswrt-Merlin firmware - Xentrk/x3mRouting

github.com