1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVpn server on router being blocked by router itself

Discussion in 'Asuswrt-Merlin' started by ^Tripper^, Sep 14, 2019.

  1. ^Tripper^

    ^Tripper^ Regular Contributor

    Joined:
    Aug 16, 2014
    Messages:
    133
    Location:
    Disneyland with the death penalty
    Hi all.

    Been trying to get the openvpn server running on my 86U so that I can vpn back into my router when I'm out. I'm running merlin 381.13 on a 86U with diversion and Skynet installed. So 'I've followed all the great guides posted in here and it seems like I've been able to get the server up, export the config file to my iPhone and actually connect. Excecpt for the following which shows up in the system logs;

    Code:
    Sep 14 20:31:56 kernel: [BLOCKED - INVALID] IN=tun21 OUT= MAC= SRC=10.8.0.2 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=255 ID=23624 PROTO=UDP SPT=61199 DPT=53 LEN=44 MARK=0x1
    So the iPhone is connected but it cannot load any pages. Being as how it seemed to be a firewall block, I disabled the firewall and everything worked great! Disabling the firewall allows the vpn connection to work before Skynet kicks in and turns the firewall back on.

    Except I shouldn't be disabling the firewall should I? I've not seen anyone else mention that or face this issue.

    Any advice oh knowledgeable ones?

    Thank you!!
     
  2. Adamm

    Adamm Part of the Furniture

    Joined:
    Mar 26, 2013
    Messages:
    2,238

    The log posted is from the routers SPI firewall, Skynet just formats it neatly to fit in with other logs.

    Sounds like you may have set "Client will use VPN to access" to "LAN only", rather then "Both" which would allow both access to the internet and your local network remotely.
     
  3. ^Tripper^

    ^Tripper^ Regular Contributor

    Joined:
    Aug 16, 2014
    Messages:
    133
    Location:
    Disneyland with the death penalty
    I actually set it to ‘internet’ only as that’s all I’d be using it for. I want to be able to use the router and all its diversiony and skynetty goodness. Won’t be accessing the LAN equipment at all. But I’ll try setting it to “both” & “LAN” only and see how that works.
     
  4. ^Tripper^

    ^Tripper^ Regular Contributor

    Joined:
    Aug 16, 2014
    Messages:
    133
    Location:
    Disneyland with the death penalty
    Woah. Looks like selecting "both" has worked. Glad it does but strange no? To be sure, I tried "internet" only and the firewall kicked back in.

    Happy its working now, shall test and investigate further.

    Thank you Adamm!!!!
     
    Adamm likes this.
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,425
    Location:
    UK
    The error message says it is blocking your access to the DNS server on the router, which makes sense if you have set the VPN to "internet only".
     
    dave14305, netware5 and martinr like this.