1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN and access to LAN from outside

Discussion in 'Asuswrt-Merlin' started by Gilbert, Apr 10, 2020.

  1. Gilbert

    Gilbert New Around Here

    Joined:
    Apr 10, 2020
    Messages:
    6
    Hello,

    I use openVPN in my Asus AC86u (Asus WRT-Merlin 384.14) Router.
    When i enable OpenVPN its connect to my VPN provider and i can access the internet from my devices.
    But i can't access my devices (like Domoticz) from the outside anymore. I have search for solution, but i couldn't solve the problem. Can someone tell me what to do?

    Greetz
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,663
    Location:
    UK
  3. Gilbert

    Gilbert New Around Here

    Joined:
    Apr 10, 2020
    Messages:
    6
    I tried that, i don't work for me.
    What ever i configure, i can't access my device from the wan (example : WANIP.COM:12345)
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,663
    Location:
    UK
    What policy rules are you using?
     
  5. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    I had this issue and managed to solve it in two ways, either:
    a) setting policy routing to "Policy Rules", i.e. not strict.
    b) adding the router ip address to the openVPN client to route through the WAN
     
    madfusker likes this.
  6. Gilbert

    Gilbert New Around Here

    Joined:
    Apr 10, 2020
    Messages:
    6
    Where in the router? Can you provide me with screen dumps?

    I found the policy rules....

    for b, you mean this?:

    Rules for routing client traffic through the tunnel (Max Limit : 100)
    Description Source IP Destination IP Iface
     
    Last edited: Apr 10, 2020
  7. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    See attached screenshot. 5th entry down is what I mean. This is found under the VPN client settings.
     

    Attached Files:

    cplay likes this.
  8. cplay

    cplay Regular Contributor

    Joined:
    Mar 23, 2020
    Messages:
    162
    I did letter a to fix my problem.

    However, could you quickly tell me how to do b?
     
  9. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    VPN >> VPN Client >> Rules for routing client traffic...

    Add an entry to the table with the following:
    192.168.1.1 - 0.0.0.0 - WAN

    I tried a) at first, but I wanted to retain strict policy routes, as otherwise it would occasionally mess with some settings that I have for specific WAN routes on my network. In the end b) was the one that worked in my use-case.

    Also, stating the obvious here but you never know - make sure that your VPN server setting has "both" set under the "Client will use VPN to access" setting.
     
  10. cplay

    cplay Regular Contributor

    Joined:
    Mar 23, 2020
    Messages:
    162
    Yeah I have those set up in kill switch:

    192.168.1.0/24 , VPN
    192.168.1.1 WAN

    However, when VPN is enabled I can't access my 4g modem (192.168.5.1) that is connected to the wan port of the asus router (192.168.1.1).

    Only way I've found to remedy this issue is by chaning policy rules from strict to policy rules.
     
  11. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    Try adding to the client table:

    0.0.0.0 - 192.168.5.1 - WAN

    (kind of like my entry for "ISP router" in the screenshot I posted, but with your IP address.)
     
    cplay likes this.
  12. Gilbert

    Gilbert New Around Here

    Joined:
    Apr 10, 2020
    Messages:
    6
    Thanx, I have added the rule with router IP.
    But when i enable VPN client. I seems that VPN now expose my own ISP IP adress. What i am missing.
    With Policy settings to No. My IP is hidden....
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,663
    Location:
    UK
    Show us a screenshot of your policy rules.
     
  14. Gilbert

    Gilbert New Around Here

    Joined:
    Apr 10, 2020
    Messages:
    6
    upload_2020-4-10_19-22-51.png

    Or do i need to configure it for every device that i want to use with VPN?
     
  15. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,663
    Location:
    UK
    https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing
     
  16. cplay

    cplay Regular Contributor

    Joined:
    Mar 23, 2020
    Messages:
    162
  17. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    Did you try my suggestion? I have the situation when the router is behind the modem and the exception rule I gave works.
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,663
    Location:
    UK
    I would try creating a rule that specifies the IP address of the modem as the destination address.

    EDIT: Yes, like @Chris_J said.
     
  19. cplay

    cplay Regular Contributor

    Joined:
    Mar 23, 2020
    Messages:
    162
    it doesn’t for me.

    I have exclusive set for dns.
    Policy rules strict and with all ips with vpn, and the router ip and modem ip set up to wan (I added the modem up per your instruction) and it won’t allow me access to my modem if policy rules are set to strict not just policy rules?
     
  20. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    113
    Location:
    UK
    Can you send a screenshot of your policy rules table?