How to access my ONT (bridge mode) from router (via VPN Server)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

amplatfus

Senior Member
Hi,

I was wondering: would be technical possible to connect to ONT (in bridged mode) while being connected to LAN remotely via build-in VPN Server (Asuswrt-Merlin)? (i.e. LAN, SSH are accessible).
I mention that connectivity LAN <>ONT can be configured like mentioned here > [Solved] How to access my ONT from router.

Or it would be a loop?

Thank you,
amplatfus
 
Last edited:

Kyo

New Around Here
Hello

It should be possible as long as the VPN LAN IP addressing, LAN IP addressing, ONT IP addressing doesn't overlap, I think the router VPN push the local routes to clients...
 

amplatfus

Senior Member
Hi,

Thank you for help. I think this condition is met, there is no overlap:
VPN Server IP belongs to 10.*
ONT have 192.168.100.1
LAN have 172.*

Also, I mention that I can access the LTE USB stick used as Secondary WAN:
(192.168.3.1) ------- LTE ------[Secondary WAN] --> working from VPN Server
(192.168.100.1) -- ONT ---- [bridge mode] -------> failed connectivity using VPN Server (I have ping fired from VPNS to 192.168.100.2 but failing to 192.168.100.1)

Both are working from LAN.

I solved LTE USB for LAN by adding into nat-start below rule:
iptables -t nat -I POSTROUTING -o eth8 -j MASQUERADE

I solved ONT for LAN by adding into nat-start below rule:
ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0

Please find below some outputs:

Code:
AX88>191716/tmp/home/root#:ip route
10.xx.xx.xx/24 dev tun21  proto kernel  scope link  src 10.xx.xx.x 
192.168.7.0/24 dev eth8  proto kernel  scope link  src 192.168.7.122 
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.2



System Log - Routing Table
IPv4 Routing table
Destination_______Gateway_______Genmask________Flags____Metric____Ref_____Use_____Iface
169.254.0.0__________*________255.255.0.0__________U_________0_______0_______0_______MAN
192.168.7.0__________*________255.255.255.0_______U__________0_______0_______0_______WAN
192.168.100.0________*________255.255.255.0______U__________0_______0_______0_______MAN
[...]   



AX88>191726/tmp/home/root#:ifconfig -a
eth0      Link encap:Ethernet 
          inet addr:169.254.x.xxx  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45091850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24841698 errors:0 dropped:104 overruns:0 carrier:0

eth0:0    Link encap:Ethernet
          inet addr:192.168.100.2  Bcast:192.168.100.255  Mask:255.255.255.0
[...]
eth8      Link encap:Ethernet
          inet addr:192.168.7.122  Bcast:192.168.7.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15033 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39437 errors:0 dropped:0 overruns:0 carrier:0



AX88>191736/tmp/home/root#:netstat -rn
Kernel IP routing table
Destination _____Gateway______Genmask _______Flags____MSS Window  irtt____Iface
192.168.7.0______0.0.0.0______255.255.255.0 _____U________0_____0______0____eth8
192.168.100.0____0.0.0.0______255.255.255.0_____U________0_____0_______0____eth0
[...]



AX88>033349/tmp/home/root#:iptables -t nat -L POSTROUTING -n -v --line-numbers
Chain POSTROUTING (policy ACCEPT 69 packets, 4227 bytes)
#num____pkts____bytes_____target_____________prot_______opt____in_____out_______source_________destination         
#5_______59______358______MASQUERADE_____all_________--_____*______eth8_____0.0.0.0/0__________0.0.0.0/0
#9________0________0_______MASQUERADE_____all_________--_____*______eth0_____!169.254.x.xxx____ 0.0.0.0/0

[Maybe #1]:
I have to add something like below --- -because I cannot see a rule for eth0:0 at last command 033349 -- (I tested below, but this one is not working):
iptables -t nat -I POSTROUTING -o eth0:0 -j MASQUERADE

[Maybe #2]:
because of #9 and this negative: !169.254.x.xxx? >:
#9 0 0 MASQUERADE all -- * eth0 !169.254.x.xxx 0.0.0.0/0

[Maybe #3]:
ifconfig $(nvram get wan0_ifname):0 192.168.100.2 netmask 255.255.255.0 --> [gui for www is 192.168.100.1 not x....2]
Please, if anybody have a clue, please share. I will search myself in the meantime in order to mark this thread as solved to help us all :)

BR,
amplatfus
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top