How to make this VPN Director working?

gjf

Senior Member
A small retrospective: I have configured VPN client before to make my home network behinf NAT visible for me when remote.
It worked like a charm. But now we have new firmware update - and it was broken.
I've tried to configure VPN Director to allow a correct routing:
View attachment 35699

It does not work though.

Any idea how to make working what was confiured before? I cannot find any detailed documentation on this VPN Director. Is it possible to just leave as it was - disabling any new routing features?
 

RMerlin

Asuswrt-Merlin dev

gjf

Senior Member
There's a whole page dedicated to it on the Wiki.

I read it. And - as stated and displayed above - I set 192.168.111.0/24 (my home IPs) to be available to 172.27.224.0/20 (VPN IPs) and vice versa via OVPN3. But it does not work: I cannot connect to home IPs when connecting to VPN. What is wrong?
OR - "vice versa" is not controlled by VPN Director so traffic will go to VPN clients but cannot go from VPN to router? But it worked previously - by simple adding
Code:
route 172.27.224.0 255.255.240.0
to OpenVPN client additional config.
No I cannot add it - possibly because it was substituted by VPN Director. So what should I put to make it working again?
 
Last edited:

gjf

Senior Member
And one more strange thing:
1.jpg
but:
2.jpg

So where are "VPN Director" option there? Adding any "Policy Rule" by the way does not work - it simply disappears after applying (similar to adding route as mentioned above).
Maybe it is the source of my problem?
 

ColinTaylor

Part of the Furniture
And one more strange thing:
View attachment 36120
but:
View attachment 36119

So where are "VPN Director" option there? Adding any "Policy Rule" by the way does not work - it simply disappears after applying (similar to adding route as mentioned above).
Maybe it is the source of my problem?
That interface looks messed up. The options at the bottom aren't from Merlin. Are you using a VPN addon script of some kind?
 
  • Like
Reactions: gjf

gjf

Senior Member
That interface looks messed up. The options at the bottom aren't from Merlin. Are you using a VPN addon script of some kind?
YES - the mess was caused by x3mrouting. I removed it. Now options are OK and the problem is solved.
THANK YOU!
But still very weird - please see the routing table from the router now:
3.jpg
Please compare with VPN Director settings - definetely 172.27.224.0/20 is not 172.27.224.0/255.255.255.0 but 172.27.224.0/255.255.240.0.
 
Last edited:

ColinTaylor

Part of the Furniture
A quick search suggests the mangled VPN UI is from the x3mRouting addon.
 
  • Like
Reactions: gjf

chongnt

Senior Member
YES - the mess was caused by x3mrouting. I removed it. Now options are OK and the problem is solved.
THANK YOU!
But still very weird - please see the routing table from the router now:
View attachment 36121
Please compare with VPN Director settings - definetely 172.27.224.0/20 is not 172.27.224.0/255.255.255.0 but 172.27.224.0/255.255.240.0.
A bit off topic to your question. I have the exact issue with VPN client GUI and x3mRouting option 2. x3mRouting option 3 still works fine.

I don’t have this setup but as you mentioned the 172 subnet mask is different. I suppose “ifconfig tun13” and “nvram get vpn_client3_nm” will show the network mask 255.255.255.0. I am not sure if nvram set is the way to change it though.
 

gjf

Senior Member
A bit off topic to your question. I have the exact issue with VPN client GUI and x3mRouting option 2. x3mRouting option 3 still works fine.

I don’t have this setup but as you mentioned the 172 subnet mask is different. I suppose “ifconfig tun13” and “nvram get vpn_client3_nm” will show the network mask 255.255.255.0. I am not sure if nvram set is the way to change it though.
In fact none of x3mrouting options were active in my case. However the interface was broken so I have to uninstall x3mrouting completely to have correct options.
As for the mask - you are right: both “ifconfig tun13” and “nvram get vpn_client3_nm” shows the network mask 255.255.255.0.
I can understand it as my router is configured for 255 DHCP clients.
Buy VPN server is configured for more clients - and I want all of them be able to connect to my home network.
That's why I need exactly 172.27.224.0/20 in my routing table.
 

chongnt

Senior Member
In fact none of x3mrouting options were active in my case. However the interface was broken so I have to uninstall x3mrouting completely to have correct options.
As for the mask - you are right: both “ifconfig tun13” and “nvram get vpn_client3_nm” shows the network mask 255.255.255.0.
I can understand it as my router is configured for 255 DHCP clients.
Buy VPN server is configured for more clients - and I want all of them be able to connect to my home network.
That's why I need exactly 172.27.224.0/20 in my routing table.
I did some test, my openvpn client1 is connected to NordVPN. It seems only remote ip range are routed via ovpn1 while other ip are routed through WAN via PPPoE.

1630746406077.png


Code:
[email protected]:/jffs/scripts# ip rule
0:      from all lookup local
10210:  from 192.168.1.21 to 172.27.224.0/20 lookup ovpnc1
...snipped...
32766:  from all lookup main
32767:  from all lookup default
[email protected]:/jffs/scripts# ip route show table ovpnc1
default via 10.7.1.1 dev tun11 
10.7.1.0/24 dev tun11 proto kernel scope link src 10.7.1.4 
a.b.c.d via x.x.x.x dev ppp0 
x.x.x.x dev ppp0 proto kernel scope link 
127.0.0.0/8 dev lo scope link 
...shipped...
[email protected]:/jffs/scripts# 
[email protected]:/jffs/scripts# 
[email protected]:/jffs/scripts# ip route get 8.8.8.8 from 192.168.1.21 iif eth0
8.8.8.8 from 192.168.1.21 via x.x.x.x dev ppp0 
    cache iif eth0 
[email protected]:/jffs/scripts# ip route get 172.27.223.1 from 192.168.1.21 iif eth0
172.27.223.1 from 192.168.1.21 via x.x.x.x dev ppp0 
    cache iif eth0 
[email protected]:/jffs/scripts# ip route get 172.27.224.1 from 192.168.1.21 iif eth0
172.27.224.1 from 192.168.1.21 via 10.7.1.1 dev tun11 
    cache iif eth0 
[email protected]:/jffs/scripts# ip route get 172.27.239.254 from 192.168.1.21 iif eth0
172.27.239.254 from 192.168.1.21 via 10.7.1.1 dev tun11 
    cache iif eth0 
[email protected]:/jffs/scripts# ip route get 172.27.240.254 from 192.168.1.21 iif eth0
172.27.240.254 from 192.168.1.21 via x.x.x.x dev ppp0 
    cache iif eth0 
[email protected]:/jffs/scripts#
 

gjf

Senior Member
I did some test, my openvpn client1 is connected to NordVPN. It seems only remote ip range are routed via ovpn1 while other ip are routed through WAN via PPPoE.
Maybe because you have routed a single IP. In My case I want all router clients be routed.
 

chongnt

Senior Member
Maybe because you have routed a single IP. In My case I want all router clients be routed.
Maybe yes. Have you try run “ip rule” and see the route?

1630758782568.png


Code:
10612:  from 192.168.1.96/27 to 172.27.224.0/20 lookup ovpnc3
 

chongnt

Senior Member
How about "ip route show table ovpnc3"?
By the way, just noticed in your ip rule output, there is priority 9993 for table ovpnc3. This seems to be from x3mRouting if I remember correctly. Not sure why it is still there since you have uninstall it already.
 
Last edited:

gjf

Senior Member
How about "ip route show table ovpnc3"?
By the way, just noticed in your ip rule output, there is priority 9993 for table ovpnc3. This seems to be from x3mRouting if I remember correctly. Not sure why it is still there since you have uninstall it already.
Because I didn't reboot after that.
Now you can see that reboot cleans the output.
And really "ip route show table ovpnc3" shows correct routing.
Weird, why simple "ip route" doesn't show that? And it seems GUI IP Routing table shows the same output as "ip route" does...
Screenshot 2021-09-04 163802.jpg
 

chongnt

Senior Member
Because I didn't reboot after that.
Now you can see that reboot cleans the output.
And really "ip route show table ovpnc3" shows correct routing.
Weird, why simple "ip route" doesn't show that? And it seems GUI IP Routing table shows the same output as "ip route" does...
View attachment 36129
Looks much better after reboot. The route is normal, it is how linux works. Now if you do a trace route from your client to any hosts ip from the172.27.240/20 subnet, is it routed correctly via vpn client 3? Ip route show table ovpnc3 output seems a bit messy. I am not sure if you have other changes done before this. If it is still not working perhaps can try remove all vpn client config, reboot then setup your vpn client again.
 

gjf

Senior Member
Looks much better after reboot. The route is normal, it is how linux works. Now if you do a trace route from your client to any hosts ip from the172.27.240/20 subnet, is it routed correctly via vpn client 3? Ip route show table ovpnc3 output seems a bit messy. I am not sure if you have other changes done before this. If it is still not working perhaps can try remove all vpn client config, reboot then setup your vpn client again.
As I told before - everything is working now. I just want to understand why GUI shows a wrong routing based on ip route output.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top