What's new

Help with remote openvpn connection and lan communication

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bfizzle

Occasional Visitor
Hi everyone,

I've been on a crash course, learning about networks, routers, etc. I've flashed a AC3100 w/Merlin 380.68.2; I'm currently connected to a VPN as a client where I have two computers and a QNAP 251+ routed through that VPN and everything else through WAN.

What I want to accomplish (since port forwarding through the VPN is not advised) is to remote connect (by android phone) to my LAN by running OpenVPN as a server, then connecting to the various QNAP servers as if within that LAN network.

I've read that TAP protocol is "easier" but not preferred d/t increased security risk (I tried it anyway - it didn't work) but TUN would be a better process to use but would require additional routing as input through the additional commands in setup...I found one line, which I also tried: no dice.

In all attempts, I could "connect" but not see anything on the network, including external internet sites.

Any advice (or questions that I can answer to clarify the process thus far)?

Thank you!!
 
....port forwarding through the VPN is not advised

I think you will find that there are many happy-campers who are successfully (consistently and reliably) selectively routing ports/domains/ipsets via a VPN Client (whilst not officially supported via the GUI).

.....remote connect (by android phone) to my LAN by running OpenVPN as a server, then connecting to the various QNAP servers as if within that LAN network.
Does this help? i.e. OpenVPN Server inbound clients 'passthru' outbound via OpenVPN Client connection:
https://www.snbforums.com/threads/openvpn-server-and-client-question.38378/#post-316743
 
I think you will find that there are many happy-campers who are successfully (consistently and reliably) selectively routing ports/domains/ipsets via a VPN Client (whilst not officially supported via the GUI).


Does this help? i.e. OpenVPN Server inbound clients 'passthru' outbound via OpenVPN Client connection:
https://www.snbforums.com/threads/openvpn-server-and-client-question.38378/#post-316743

Thanks; I was using a DD-WRT build (on an old router) previously that had areas to inject the scripts but I can't find the area where to do that in Merlin...and while I've found some information on script writing, I haven't found anything on how to actually write it to the jffs (I'm assuming I'd need to ssh, but having some guides would be preferred so I don't bork something).
 
Thanks; I was using a DD-WRT build (on an old router) previously that had areas to inject the scripts but I can't find the area where to do that in Merlin...and while I've found some information on script writing, I haven't found anything on how to actually write it to the jffs (I'm assuming I'd need to ssh, but having some guides would be preferred so I don't bork something).

Update: I'm finally in - tinkering around and at least still have internet access - wish me luck!
 
I think you will find that there are many happy-campers who are successfully (consistently and reliably) selectively routing ports/domains/ipsets via a VPN Client (whilst not officially supported via the GUI).


Does this help? i.e. OpenVPN Server inbound clients 'passthru' outbound via OpenVPN Client connection:
https://www.snbforums.com/threads/openvpn-server-and-client-question.38378/#post-316743

Ok - I tried this, I added it as firewall-start, rebooted, but the results were the same - I could connect to the VPN and get authorized, but had no access to network or outside internet. I tried to upload a pic of my settings (they are the defaults). Any other ideas? Areas that I may have overlooked in the settings?

Edit: sorry for the multiple uploads: I'm striking out tonight - I should just turn everything off and go to bed.
 

Attachments

  • ASUS Wireless Router RT-AC3100 - VPN Server.pdf
    227.2 KB · Views: 377
  • ASUS Wireless Router RT-AC3100 - VPN Server.pdf
    227.2 KB · Views: 312
  • ASUS Wireless Router RT-AC3100 - VPN Server.pdf
    227.2 KB · Views: 285
  • ASUS Wireless Router RT-AC3100 - VPN Server.pdf
    227.2 KB · Views: 369
UPDATE: I realized that my settings were on TAP and not TUN on the previous attempt. I re worked the setup as TUN and I do have access to the outside internet, but am still not able to connect to my internal devices. Admittedly, this may have to do with the fact that they are behind the "client" VPN. That said, I don't have any problem when I'm physically connected to the network, so my thinking is that it shouldn't matter if connected via VPN (am I wrong on that?)

These are some of the current settings

Push LAN to clients Yes
Direct clients to redirect Internet traffic No
Respond to DNS No

Is that right?

thanks

UPDATE:

I found yorgi's guide here: https://www.snbforums.com/threads/h...with-asus-routers-380-68-updated-08-24.33638/

reworked everything, new cert to load on phone - with and without the firewall-start script and while I can connect to the VPN, I still cannot access the QNAP or the servers running on the QNAP. FYI: I also have my ip pool as .2 to .254, my QNAP is at .5 as set by the router DHCP.

It's good to be closer, but still not quite there - thanks for any help!
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top