Menu
What's new
By:
Filters Better Search

remote in to a client behind a VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

G

gdallas

Occasional Visitor
Evening,

I have a local client 192.168.0.37 , Raspberry Pi, running Tranmsisson Torrent. I intend to sit it behind my VPN on the RT-AC86U. right now, I am able to remote in using a Transmission android remote app, with a NOIP DDNS pointing at the correct port. Will I still be able to remote in when I sit the client behind the VPN on the router?
 
Thanks for your response. Can I just check I have understood it correctly?

  1. I didn't have a nat-start file so I created one by first navigating to jffs/scripts/, then 'nano nat-start' to create the file.
  2. I believe example 2 was what Im after, so I created as script as follows, noting that iv added iptable rules to the end of that script to for my local IP 192.168.0.37:9092. is that correct?
  3. then chmod a+rx /jffs/scripts/nat-start to make the script executable.

  4. anything else? have I understood this correctly?

Code: 
#!/bin/sh

sleep 10  # During the boot process nat-start may run multiple times so this is required              

# Ensure duplicate rules are not created
for VPN_ID in 0 1 2 3 4 5
   do
      ip rule del prio 999$VPN_ID  2>/dev/null
   done

# Create the RPDB rules
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark
ip rule add from 0/0 fwmark "0x7000/0x7000" table ovpnc4 prio 9991        # VPN 4 fwmark
ip rule add from 0/0 fwmark "0x3000/0x3000" table ovpnc5 prio 9992        # VPN 5 fwmark
ip rule add from 0/0 fwmark "0x1000/0x1000" table ovpnc1 prio 9993        # VPN 1 fwmark
ip rule add from 0/0 fwmark "0x2000/0x2000" table ovpnc2 prio 9994        # VPN 2 fwmark
ip rule add from 0/0 fwmark "0x4000/0x4000" table ovpnc3 prio 9995        # VPN 3 fwmark

# iptables rule to Selectively route the desired Ports via the designated VPN Client
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.0.37 -p tcp -m multiport --sport 9092 -j MARK --set-mark 0x8000/0x8000
 
Last edited:
My firmware works differently to yours so don't know for sure whether it will work. All I know is what I read on the wiki. But my understanding is that you've done everything correctly. The only thing that remains is for you to setup a port forwarding rule for 192.168.0.37:9092 in the router's GUI.
 
ColinTaylor said:
My firmware works differently to yours so don't know for sure whether it will work. All I know is what I read on the wiki. But my understanding is that you've done everything correctly. The only thing that remains is for you to setup a port forwarding rule for 192.168.0.37:9092 in the router's GUI.
Click to expand...


Thanks. I will give that a go and see what happens
 
ColinTaylor said:
My firmware works differently to yours so don't know for sure whether it will work. All I know is what I read on the wiki. But my understanding is that you've done everything correctly. The only thing that remains is for you to setup a port forwarding rule for 192.168.0.37:9092 in the router's GUI.
Click to expand...


Actually seems to be working! well I never! Again, can I just run my firewall config past you to ensure its right/safe!?

for my firewall rule, I made my external port the same as the WAN IP rule in that script, 9990. presume thats right? internal port is 9092 which is what I set my PI with.

Service Name External Port Internal Port Internal IP Address Protocol
Transmission 9990 9092 192.168.0.37 BOTH
 
That looks good. The only change I'd make is to set the Protocol to "TCP" instead of "BOTH" as the remote interface doesn't use UDP (AFAIK).
 
Last edited:
Sorry, just to add...

gdallas said:
for my firewall rule, I made my external port the same as the WAN IP rule in that script, 9990. presume thats right? internal port is 9092 which is what I set my PI with.
Click to expand...

The "9990" is the packet priority, it is not a port number. For your purposes you can ignore that. You can set the external port to anything you like.
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
357
elorimer
E
G
Remote Access Transmission Torrent Behind VPN on interface OVPN1
Replies
1
Views
518
gdallas
G
P
OpenVPN Client will use VPN to access...
Replies
2
Views
759
elorimer
E
F
OpenVPN client not resolving server local DNS names
Replies
9
Views
1K
felixdd
F
J
Reverse internet access through Asus-Merlin OpenVPN client.
Replies
0
Views
465
Johnco2
J
Similar threads
Thread starter Title Forum Replies Date
J How to route domain from server side lan via remote ovpn client Asuswrt-Merlin 6
S How to auto-restart remote clients (an Asus RT-AC68U) OpenVPN client Asuswrt-Merlin 45
JA93 Easiest setup for remote log server Asuswrt-Merlin 0
M Isolating home security cameras and providing remote access? Asuswrt-Merlin 5
C How to turn **off** remote logging? Asuswrt-Merlin 3
S OpenVPN - can't connect to remote port 80 Asuswrt-Merlin 0
A Remote SSH Login setting not sticking Asuswrt-Merlin 7
S Prevent client from connecting to router but allow connection to internet via access point Asuswrt-Merlin 4
H add_wlc_event_tbl(1040): client table was full Asuswrt-Merlin 0
A Restart WireGuard client when fails Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 759 (members: 28, guests: 731)
Top