OpenVpn server on router being blocked by router itself

[^Tripper^]

Hi all.

Been trying to get the openvpn server running on my 86U so that I can vpn back into my router when I'm out. I'm running merlin 381.13 on a 86U with diversion and Skynet installed. So 'I've followed all the great guides posted in here and it seems like I've been able to get the server up, export the config file to my iPhone and actually connect. Excecpt for the following which shows up in the system logs;

Sep 14 20:31:56 kernel: [BLOCKED - INVALID] IN=tun21 OUT= MAC= SRC=10.8.0.2 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=255 ID=23624 PROTO=UDP SPT=61199 DPT=53 LEN=44 MARK=0x1

So the iPhone is connected but it cannot load any pages. Being as how it seemed to be a firewall block, I disabled the firewall and everything worked great! Disabling the firewall allows the vpn connection to work before Skynet kicks in and turns the firewall back on.

Except I shouldn't be disabling the firewall should I? I've not seen anyone else mention that or face this issue.

Any advice oh knowledgeable ones?

Thank you!!

 

[Adamm]

Hi all.

Been trying to get the openvpn server running on my 86U so that I can vpn back into my router when I'm out. I'm running merlin 381.13 on a 86U with diversion and Skynet installed. So 'I've followed all the great guides posted in here and it seems like I've been able to get the server up, export the config file to my iPhone and actually connect. Excecpt for the following which shows up in the system logs;

Sep 14 20:31:56 kernel: [BLOCKED - INVALID] IN=tun21 OUT= MAC= SRC=10.8.0.2 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=255 ID=23624 PROTO=UDP SPT=61199 DPT=53 LEN=44 MARK=0x1

So the iPhone is connected but it cannot load any pages. Being as how it seemed to be a firewall block, I disabled the firewall and everything worked great! Disabling the firewall allows the vpn connection to work before Skynet kicks in and turns the firewall back on.

Except I shouldn't be disabling the firewall should I? I've not seen anyone else mention that or face this issue.

Any advice oh knowledgeable ones?

Thank you!!

The log posted is from the routers SPI firewall, Skynet just formats it neatly to fit in with other logs.

Sounds like you may have set "Client will use VPN to access" to "LAN only", rather then "Both" which would allow both access to the internet and your local network remotely.

 

[^Tripper^]

The log posted is from the routers SPI firewall, Skynet just formats it neatly to fit in with other logs.

Sounds like you may have set "Client will use VPN to access" to "LAN only", rather then "Both" which would allow both access to the internet and your local network remotely.

I actually set it to ‘internet’ only as that’s all I’d be using it for. I want to be able to use the router and all its diversiony and skynetty goodness. Won’t be accessing the LAN equipment at all. But I’ll try setting it to “both” & “LAN” only and see how that works.

 

[^Tripper^]

Woah. Looks like selecting "both" has worked. Glad it does but strange no? To be sure, I tried "internet" only and the firewall kicked back in.

Happy its working now, shall test and investigate further.

Thank you Adamm!!!!

 

[ColinTaylor]

Woah. Looks like selecting "both" has worked. Glad it does but strange no? To be sure, I tried "internet" only and the firewall kicked back in.

The error message says it is blocking your access to the DNS server on the router, which makes sense if you have set the VPN to "internet only".