How to access my ONT (bridge mode) from router (via VPN Server)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Senior Member

I was wondering: would be technical possible to connect to ONT (in bridged mode) while being connected to LAN remotely via build-in VPN Server (Asuswrt-Merlin)? (i.e. LAN, SSH are accessible).
I mention that connectivity LAN <>ONT can be configured like mentioned here > [Solved] How to access my ONT from router.

Or it would be a loop?

Thank you,
Last edited:


New Around Here

It should be possible as long as the VPN LAN IP addressing, LAN IP addressing, ONT IP addressing doesn't overlap, I think the router VPN push the local routes to clients...


Senior Member

Thank you for help. I think this condition is met, there is no overlap:
VPN Server IP belongs to 10.*
ONT have
LAN have 172.*

Also, I mention that I can access the LTE USB stick used as Secondary WAN:
( ------- LTE ------[Secondary WAN] --> working from VPN Server
( -- ONT ---- [bridge mode] -------> failed connectivity using VPN Server (I have ping fired from VPNS to but failing to

Both are working from LAN.

I solved LTE USB for LAN by adding into nat-start below rule:
iptables -t nat -I POSTROUTING -o eth8 -j MASQUERADE

I solved ONT for LAN by adding into nat-start below rule:
ifconfig $(nvram get wan0_ifname):0 netmask

Please find below some outputs:

AX88>191716/tmp/home/root#:ip route
10.xx.xx.xx/24 dev tun21  proto kernel  scope link  src 10.xx.xx.x dev eth8  proto kernel  scope link  src dev eth0  proto kernel  scope link  src

System Log - Routing Table
IPv4 Routing table

AX88>191726/tmp/home/root#:ifconfig -a
eth0      Link encap:Ethernet 
          inet  Bcast:  Mask:
          RX packets:45091850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24841698 errors:0 dropped:104 overruns:0 carrier:0

eth0:0    Link encap:Ethernet
          inet addr:  Bcast:  Mask:
eth8      Link encap:Ethernet
          inet addr:  Bcast:  Mask:
          RX packets:15033 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39437 errors:0 dropped:0 overruns:0 carrier:0

AX88>191736/tmp/home/root#:netstat -rn
Kernel IP routing table
Destination _____Gateway______Genmask _______Flags____MSS Window  irtt____Iface _____U________0_____0______0____eth8

AX88>033349/tmp/home/root#:iptables -t nat -L POSTROUTING -n -v --line-numbers
Chain POSTROUTING (policy ACCEPT 69 packets, 4227 bytes)

[Maybe #1]:
I have to add something like below --- -because I cannot see a rule for eth0:0 at last command 033349 -- (I tested below, but this one is not working):
iptables -t nat -I POSTROUTING -o eth0:0 -j MASQUERADE

[Maybe #2]:
because of #9 and this negative: ! >:
#9 0 0 MASQUERADE all -- * eth0 !

[Maybe #3]:
ifconfig $(nvram get wan0_ifname):0 netmask --> [gui for www is not x....2]
Please, if anybody have a clue, please share. I will search myself in the meantime in order to mark this thread as solved to help us all :)


Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!