OpenVPN server / Firewall question on AX88u.

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Tvbaas

New Around Here
I have successfully configured a OpenVPN server on my Asus ax88u running Merlin 386.3_2 firmware and the remote client connects instantly.
However I do have a question on how the remote clients are able to connect without opening the assign port in the Firewall of the AX88u for this?
When checking for additional port forwarding's for the OpenVPN server , I can't find any.
Can someone explain how this works?
 

netware5

Very Senior Member
I have successfully configured a OpenVPN server on my Asus ax88u running Merlin 386.3_2 firmware and the remote client connects instantly.
However I do have a question on how the remote clients are able to connect without opening the assign port in the Firewall of the AX88u for this?
When checking for additional port forwarding's for the OpenVPN server , I can't find any.
Can someone explain how this works?
It is because the OpenVPN server listens on its port to the WAN, so this port is permanently open. Then OpenVPN client communicates with the OpenVPN server using that port and creates tunnel. No other ports are used, so that is the reason you don't see any forwarded port.
 

Tvbaas

New Around Here
Thank you @netware5 for your feedback. I would still expect that there are some firewall rules added to let the OpenVPN server communicate on the assigned WAN port, but cant find any...
 

ColinTaylor

Part of the Furniture
I would still expect that there are some firewall rules added to let the OpenVPN server communicate on the assigned WAN port, but cant find any...
It's the first rule in the PREROUTING chain in the nat table and the first rule in the INPUT chain in the filter table.
 

Tvbaas

New Around Here
It's the first rule in the PREROUTING chain in the nat table and the first rule in the INPUT chain in the filter table.
Could be me looking at the wrong place , but can not find any lines which include the assigned OpenVPN server port number. Not in filter_rules nor in nat_rules.
 

ColinTaylor

Part of the Furniture
Could be me looking at the wrong place , but can not find any lines which include the assigned OpenVPN server port number. Not in filter_rules nor in nat_rules.
Don't look in those files in /tmp as they don't contain modifications made by services like OpenVPN. Look at the actual output of the iptables command.
 

Tvbaas

New Around Here
Don't look in those files in /tmp as they don't contain modifications made by services like OpenVPN. Look at the actual output of the iptables command.
Thank you @ColinTaylor , found them. Good to know that services like OpenVPN will created these entries themselves and don't show up in the Asus Router GUI.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top