Logging into Router remotely with a VPN on......

houghton19

Regular Contributor
Hi everyone,

Looking for a bit of guidance is possible please, I have a Asus RT-5300, had this for many years but starting to use VPN more often these days. To save money on the stupidly increasing electric costs in the UK, i have noticed that if have my PC in sleep mode I can use WOL to wake my pc up, great, However seems like if i am behind a VPN I cant log into the router (I have is set for all traffic to go via vpn at the moment). I wondered if it was just a timing thing and it needs to wait for the new VPN ip to populate and align with the free ASUS DDNS where you can log in with xxxxxxxx.asuscomm.com. So, not sure the best way to achieve what I want....... or the correct questions to ask really.... But my end goal is so that I can log in to my router via the web browser to ping my PC to wake up, then use an app like RealVNC to control PC whilst out and about if required.


So...... is it possible to have the IP address associated with my DDNS update more often (i do not have a static IP so if my connection resets it changes my IP......... also would this forward to the VPN ip?)
I have an ASUS DDNS account and also a No-IP account (free) if either is best, I have noticed whilst playing around that now i have changed the router settingd to my No-IP account from the ASUS one, both are working to forward to the router now....i assume that its just until the one not selected updates and realises that its not being used/different IP?!

just been having a play about and it seems i can get this to work if i have the VPN on and set to Director instead of all and I can just set the devices I want, All traffic would be cool if possible, if not i could settle for just some.


any thoughts/ advice is very very welcome.

thanks.
 

ColinTaylor

Part of the Furniture
The DDNS should sort itself out when necessary without you having to do anything extra.

just been having a play about and it seems i can get this to work if i have the VPN on and set to Director instead of all and I can just set the devices I want, All traffic would be cool if possible, if not i could settle for just some.
IIRC enabling VPN Director is the way to do this. You can use it to route the entire LAN via the VPN client but still be able to remotely access the router itself.

P.S. Enabling remote web access to the router is strongly discouraged as this seems to be the most frequent way that Asus routers have been compromised. If you need remote access it's much better to use the router's built-in VPN server. It may also solve your VPN client issue at the same time.
 
Last edited:

sbsnb

Very Senior Member
If you have the router connected to a VPN service you will not be able to reach it from the outside. Like ColinTaylor says, you should be able to route outbound traffic from the LAN through the VPN without doing the same for the router itself. That should allow you to access it.
 

houghton19

Regular Contributor
Thanks for such fast responses, When i go into director I only seem to have the ability to choose "WAN" or one of the 5 VPN profiles, after selecting a profile it looks like I can only add devices individually, unless its on a different page and I am missing it.
 

ColinTaylor

Part of the Furniture
Thanks for such fast responses, When i go into director I only seem to have the ability to choose "WAN" or one of the 5 VPN profiles, after selecting a profile it looks like I can only add devices individually, unless its on a different page and I am missing it.
You should be able to enter the entire LAN subnet, e.g. 192.168.1.0/24

 

sbsnb

Very Senior Member
I presume you'd have to set another rule to keep the router out of the VPN by setting its IP and the interface to WAN.
 

eibgrad

Part of the Furniture
I presume you'd have to set another rule to keep the router out of the VPN by setting its IP and the interface to WAN.

The mere act of enabling the VPN Director automatically takes the router itself OFF the VPN. There's nothing special the OP has to do. In fact, because it does, it can lead to other problems. For example, there may be other apps/services hosted by the router the user *assumes* are bound to the VPN, when in fact they are NOT! A classic case is Transmission. You now have to take extra steps to bind that app/service to the LAN network interface so it returns to VPN.

P.S. Enabling remote web access to the router is strongly discouraged as this seems to be the most frequent way that Asus routers have been compromised. If you need remote access it's much better to use the router's built-in VPN server. It may also solve your VPN client issue at the same time.

The OP will still need to use the VPN Director when using his own OpenVPN server. Getting the initial connection to the server over the WAN remains a problem if the router itself is still bound to the local OpenVPN client. Once established, the tunnel's IP network is NOT subject to this problem.
 

houghton19

Regular Contributor
so far on director I only have one device (most important) connected to vpn and it allows me to log in so I’ll have a read of the guide posted above for director. Thanks for all the comments.
 

houghton19

Regular Contributor
so had a little play about. If I have it set on director with just the one device then I can log in ok, if I set it to 192.168.1.1/24 the I am back to square one with not being able to log in… unless the DNS just takes a long time to see the ip change to the vpn IP, or is it literally the vpn not letting me in again?
Is there any way to have them all on apart from
Router or is it just manually set all devices to static and make rules for all devices to pass through vpn?
 

eibgrad

Part of the Furniture
so had a little play about. If I have it set on director with just the one device then I can log in ok, if I set it to 192.168.1.1/24 the I am back to square one with not being able to log in… unless the DNS just takes a long time to see the ip change to the vpn IP, or is it literally the vpn not letting me in again?
Is there any way to have them all on apart from
Router or is it just manually set all devices to static and make rules for all devices to pass through vpn?

FYI, it needs to be 192.168.1.1, NOT 192.168.1.1/24. The latter isn't even valid CIDR notation. The system will accept it and correct it, but it will do so as 192.168.1.0/24, which means the entire network!

As far as DNS, if you are using router.asus.com as your reference, that will only work if also "Advertise DNS to client" on the OpenVPN server config.
 

houghton19

Regular Contributor
FYI, it needs to be 192.168.1.1, NOT 192.168.1.1/24. The latter isn't even valid CIDR notation. The system will accept it and correct it, but it will do so as 192.168.1.0/24, which means the entire network!

As far as DNS, if you are using router.asus.com as your reference, that will only work if also "Advertise DNS to client" on the OpenVPN server config.
My router ip is 192.168.1.1 so I would need to set 192.168.0.1?
I have never found Advertise DNS to client so I’ll keep looking. Thanks for your reply.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top