Need help with OpenVPN Client > VPN Server Connect Issues

Dee dee

Regular Contributor
I need some help with a possibly trivial Q I have with my home network setup.

I have a openvpn server and openvpn client (Nordvpn) setup on my router.

When i am at home I can set local IP's in the Client and they route correctly and use skynet(to block certain sites etc).

But, when I am remote as I am now,
Remote Location >Home VPN (Connected)(Server)(all websites work) > Nordvpn(canada)(NO websites work).

I added my local VPN Ip's to the " Rules for routing client traffic through the tunnel " thusly:
Name> Local VPN Connection User
Source IP >10.8.0.0/24
Destination IP > 0.0.0.0
Iface >VPN.

I can attach screenshots of places if need be.

Could it be because my Openvpn server is running as TUN mode instead of TAP?

I am not too confident of changing it as I don't want to not be able to connect to my home network again if I mess it up.

Thanks for reading and any insight anyone can provide.
 

Xentrk

Part of the Furniture
I need some help with a possibly trivial Q I have with my home network setup.

I have a openvpn server and openvpn client (Nordvpn) setup on my router.

When i am at home I can set local IP's in the Client and they route correctly and use skynet(to block certain sites etc).

But, when I am remote as I am now,
Remote Location >Home VPN (Connected)(Server)(all websites work) > Nordvpn(canada)(NO websites work).

I added my local VPN Ip's to the " Rules for routing client traffic through the tunnel " thusly:
Name> Local VPN Connection User
Source IP >10.8.0.0/24
Destination IP > 0.0.0.0
Iface >VPN.

I can attach screenshots of places if need be.

Could it be because my Openvpn server is running as TUN mode instead of TAP?

I am not too confident of changing it as I don't want to not be able to connect to my home network again if I mess it up.

Thanks for reading and any insight anyone can provide.
You are missing the postrouting and prerouting iptables rules.

x3mRouting has VPN server to VPN client routing available as an option and will perform all of the setup. Install x3mRouting from amtm. Then, install option 3. To route VPN Server 1 traffic to VPN Client 1 traffic is: x3mRouting server=1 client=1

To remove the rules, add the 'del' parm at the end: x3mRouting server=1 client=1 del
See usage instruction here: VPN Server to VPN Client Routing

For help and support, please visit the Asuswrt-Merlin x3mRouting support thread on snbforums.com
 

Dee dee

Regular Contributor
You are missing the postrouting and prerouting iptables rules.

x3mRouting has VPN server to VPN client routing available as an option and will perform all of the setup. Install x3mRouting from amtm. Then, install option 3. To route VPN Server 1 traffic to VPN Client 1 traffic is: x3mRouting server=1 client=1

To remove the rules, add the 'del' parm at the end: x3mRouting server=1 client=1 del
See usage instruction here: VPN Server to VPN Client Routing

For help and support, please visit the Asuswrt-Merlin x3mRouting support thread on snbforums.com
Thank you so much xentrk will try it shortly.
 

Dee dee

Regular Contributor
You are missing the postrouting and prerouting iptables rules.

x3mRouting has VPN server to VPN client routing available as an option and will perform all of the setup. Install x3mRouting from amtm. Then, install option 3. To route VPN Server 1 traffic to VPN Client 1 traffic is: x3mRouting server=1 client=1

To remove the rules, add the 'del' parm at the end: x3mRouting server=1 client=1 del
See usage instruction here: VPN Server to VPN Client Routing

For help and support, please visit the Asuswrt-Merlin x3mRouting support thread on snbforums.com
@Xentrk xentrk

one more question if I do this will this disable my ability to remote connection into my router and disallow my access to my lan over my openvpn server
 

Dee dee

Regular Contributor
Secondly,

I noticed someone putting a ipset called Netflix and routing it through a VPN server.

Can you or someone link me to a article describing how to do that.

Would that work with the custom DNS of my router to bypass country restrictions?
 

Xentrk

Part of the Furniture
Secondly,

I noticed someone putting a ipset called Netflix and routing it through a VPN server.

Can you or someone link me to a article describing how to do that.

Would that work with the custom DNS of my router to bypass country restrictions?
The use case is for people who want to connect to their home network when outside the home and want their device so use the same routing rules for IPSET lists and LAN clients when connected via VPN.

x3mRouting allows one to route IPSET lists to a VPN Client or create a rule to have the IPSET list bypass the VPN. For example, there may be a rule for a LAN device or the entire LAN to route to the VPN, but they need to bypass Netflix traffic since Netflix blocks known VPN servers.

You first need to create the IPSET list and create a routing rule for it. Lately, I AS2906 stopped working on it's own and I had to combine the asnum and dnsmasq methods.

Code:
x3mRouting 1 0 NETFLIX asnum=AS2906
x3mRouting 1 0 NETFLIX  dnsmasq=netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net
Once that is done, you can create the VPN Server to IPSET List Routing rule using the usage syntax in the link.
 

Xentrk

Part of the Furniture
@Xentrk xentrk

one more question if I do this will this disable my ability to remote connection into my router and disallow my access to my lan over my openvpn server
I just did a test and confirmed it does exactly that. I will do some more analysis.
 

Dee dee

Regular Contributor
Ty xentrk I will not do it until you advise it is safe for me to do so and keep my lan access
 

Xentrk

Part of the Furniture
You can setup VPN Server 2 for access to the router gui and LAN. Then use VPN Server 1 when you want to connect to home router and have it behave like you are on the local network when at home.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top