Menu
What's new
By:
Filters Better Search

OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

Travison

Occasional Visitor
Hey,

I'm having some issues with OpenVPN after I updated to 384.5 on my RT-AC68U, from version 384.4_2.

After the update my VPN client (on my phone) connected successfully to the router but could not connect to the internet, but it was working before the update. I think the problem lies in "Client will use VPN to access [ ] LAN only [x] Internet only [ ] Both" because I had it set to Internet only. Once I changed it to Both, everything seemed to work fine. I don't however wish to give access to my LAN so I hope this is a temporary bug.

I'm guessing it's because I advertise my local LAN DNS (the router) to the vpn clients so firewall/route rules are preventing access?
 
Travison said:
I don't however wish to give access to my LAN so I hope this is a temporary bug.

I'm guessing it's because I advertise my local LAN DNS (the router) to the vpn clients so firewall/route rules are preventing access?
Click to expand...

No, the previous behaviour is the bug.

But you’re right about why it’s not working. Going forward you’ll have to either advertise a different DNS server or give VPN access to LAN.
 
kfp said:
No, the previous behaviour is the bug.

But you’re right about why it’s not working. Going forward you’ll have to either advertise a different DNS server or give VPN access to LAN.
Click to expand...

There is just an option for "Advertise DNS to clients", that seems to advertise the DHCP dns. If I select 'No' what DNS will be used on the client? Will it be the WAN DNS on the router?

Isn't it possible to have a firewall script allowing only access to the DNS on the lan? Something like (where vpn network is 10.x.x.x and localnetwork 192.168.x.x):

iptables -A INPUT -s 10.x.x.x -d 192.168.x.x --dport 53 -j ALLOW
 
Travison said:
There is just an option for "Advertise DNS to clients", that seems to advertise the DHCP dns. If I select 'No' what DNS will be used on the client? Will it be the WAN DNS on the router?

Isn't it possible to have a firewall script allowing only access to the DNS on the lan? Something like (where vpn network is 10.x.x.x and localnetwork 192.168.x.x):

iptables -A INPUT -s 10.x.x.x -d 192.168.x.x --dport 53 -j ALLOW
Click to expand...

You can do that in the .opvn configuration file, search for ‘dhcp-option’

https://openvpn.net/index.php/open-source/documentation/howto.html

And yes it is possible change the behaviour by adding iptable rules.
 
You must log in or register to reply here.

Similar threads

W
OpenVPN Server set to LAN only allows browsing
Replies
14
Views
658
ColinTaylor
C
J
Reverse internet access through Asus-Merlin OpenVPN client.
Replies
0
Views
448
Johnco2
J
S
VPN blocking MMS text messages
Replies
8
Views
585
Piotrek
P
P
OpenVPN Client will use VPN to access...
Replies
2
Views
731
elorimer
E
S
OpenVPN cloudconnexa connector egress configuration in Merlin GT-AXE16000
Replies
4
Views
731
blackdot
B
Similar threads
Thread starter Title Forum Replies Date
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 37
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
M For AX68U and AX86S Merlin users: openvpn server - max user qty? Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 931 (members: 19, guests: 912)
Top