R7800 VPN Service

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mfifield01

New Around Here
Is anyone using their R7800 as a VPN Server? I currently can't connect with Voxel R7800-V1.0.2.84SF. I have tried using OpenVPN on my Windows laptop and my Android phone. No luck at all. On previous stock firmwares, I was able to connect.
 

n1llam1

Regular Contributor
Is anyone using their R7800 as a VPN Server? I currently can't connect with Voxel R7800-V1.0.2.84SF. I have tried using OpenVPN on my Windows laptop and my Android phone. No luck at all. On previous stock firmwares, I was able to connect.
My R7800 operating in router mode (Voxel R7800-V1.0.2.85SF as well as prior versions) is working fine as a VPN server.

My experience has been that it will not work both as VPN client and a VPN server. Also, previously when using stock firmware, I had also run into a problem and was not able to connect to my VPN server. The problem was resolved by disabling the VPN service, re-enabling the VPN service and using the new OpenVPN configuration package download.

I hope that helps.
 

n1llam1

Regular Contributor
Did you need to go in and turn off the VPN client? I haven't configured anything to use it as a client.
You may just need to disable and then enable the VPN Service. I think behind the scenes that will generate a new encryption certificate for the clients to be able to connect. The old certificate may have expired.

I was experimenting with enabling the OpenVPN client using the Kamoj Add-on. When I saw with the VPN client enabled, my android phone was no longer able to connect to the R7800 VPN Service. The R7800 VPN Service is more important to me than the VPN client, so I disabled the VPN client (also using the Kamoj Add-on to do so).

My android phone and Windows laptop are able to use an OpenVPN client app to establish a VPN connection to my home network.
 

R. Gerrits

Senior Member
I was experimenting with enabling the OpenVPN client using the Kamoj Add-on. When I saw with the VPN client enabled, my android phone was no longer able to connect to the R7800 VPN Service. The R7800 VPN Service is more important to me than the VPN client, so I disabled the VPN client (also using the Kamoj Add-on to do so).
yep, known issue.

Potential causes:
If you use IP-address in your VPN config, or if you configured a static DNS entry, then:
Traffic towards your VPN server is sent directly via your ISP, but return traffic is sent via VPN provider thus never can be matched to the original request and is dropped.

If you use dynamicDNS in your VPN config:
Shortly after enabling VPN client, the previous still applies.
But at the next DDNS renewal, the ddns record will contain your VPN IP. -> whether it then again would start working, depends if you have a VPN provider that supports port-forwarding and whether you configured that port-forwarding for the VPN server.

Other potential issues with the 2nd situation:
I'm sure that starting / restarting the VPN client actually triggers a DDNS update. And also, if your VPN IP address would change, then I'm not sure that the DDNS immediatelly detects the IP-address change and updates the dns record.

my workaround:
I've put my router itself on the VPN bypass list. This is not possible via GUI, but requires editing /usr/bin/addon_bypassvpnip.sh
and then add this line somewhere just above the last "ip route flush cache"
Code:
[ "$(ip rule list | grep -c "iif lo lookup $NOVPN_TABLE")" = "0" ] && ip rule add iif lo table $NOVPN_TABLE

This workaround ensures that DDNS will still register my real public IP with DDNS. And it allows port-forwarded traffic to work again.
 

n1llam1

Regular Contributor
yep, known issue.

Potential causes:
If you use IP-address in your VPN config, or if you configured a static DNS entry, then:
Traffic towards your VPN server is sent directly via your ISP, but return traffic is sent via VPN provider thus never can be matched to the original request and is dropped.

If you use dynamicDNS in your VPN config:
Shortly after enabling VPN client, the previous still applies.
But at the next DDNS renewal, the ddns record will contain your VPN IP. -> whether it then again would start working, depends if you have a VPN provider that supports port-forwarding and whether you configured that port-forwarding for the VPN server.

Other potential issues with the 2nd situation:
I'm sure that starting / restarting the VPN client actually triggers a DDNS update. And also, if your VPN IP address would change, then I'm not sure that the DDNS immediatelly detects the IP-address change and updates the dns record.

my workaround:
I've put my router itself on the VPN bypass list. This is not possible via GUI, but requires editing /usr/bin/addon_bypassvpnip.sh
and then add this line somewhere just above the last "ip route flush cache"
Code:
[ "$(ip rule list | grep -c "iif lo lookup $NOVPN_TABLE")" = "0" ] && ip rule add iif lo table $NOVPN_TABLE

This workaround ensures that DDNS will still register my real public IP with DDNS. And it allows port-forwarded traffic to work again.
Thank you for the info. In my case I do use DDNS, although that is configured on my ISP router. My R7800 router is double-NATed and sits behind the ISP router. Internet<->ISP<->ISP Router<->R7800 (in router mode). If I get a chance I'll try your workaround to see if that works for my setup as well. Thanks again.
 

mfifield01

New Around Here
It ended up being DDNS. I've been using DDNS for a while, but for some reason the router wasn't sending the correct IP to the DDNS site. I checked the site and it had an incorrect IP. I just disabled DDNS, applied it, and enabled it again. It sent the correct IP. My Android phone and Windows laptop are now working fine.
 

kamoj

Very Senior Member
:oops:It is now possible with latest add-on version.
Thank you for highlighting this now and then so I don't forget it!:cool:
..I've put my router itself on the VPN bypass list. This is not possible via GUI, but requires editing /usr/bin/addon_bypassvpnip.sh
..
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top