Solved RT-AX86U OpenVPN Server clients can ping+ssh but no web UI

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

NoNaym

New Around Here
Hi All,

I'm looking for some help with OpenVPN on my new RT-AX86U running current Marlin 386.3_2 (Which just replaced a Linksys WRT3200ACM that I had OpenVPN server working perfect on with OpenWRT). The main issue I am facing is that when I connect to the VPN (I have only attempted connecting from an Android device, but yes, always from an outside network), I can ping the OpenVPN server (router at 192.168.1.1), other local 192.168.1.* devices, public websites, and I can even SSH and RDP without issue. But when I try to access the router's web UI, any local servers, or any public website in a web browser over the VPN, it refuses to load.

I have tried and/or made sure:
  • Compression is disabled on both ends
  • Client specific options on and off
  • Client-to-client on and off
  • Temporarily disabling firewall
  • Enabling static routes and adding a static route (not sure if I did this correctly or if this is even the right thing to do)
  • All sorts of jffs startup scripts and custom OpenVPN settings (also not sure if I did these things correctly, but felt these were the most likely solutions)
    • I can confirm that I do have jffs set up properly though
  • Probably tried some other stuff, but I'm open to any suggestions (I very well may have been on the right track with something above, but maybe did it wrong?)
Below are a couple screenshots of my OpenVPN server settings in Merlin (no custom configuration at the moment). I'm sure I left out some more useful details so let me know if any clarification is needed anywhere. Otherwise, thanks in advance!

1634602917073.png

1634602324807.png
 

eibgrad

Very Senior Member
Are you're also running an OpenVPN client on that router at the same time? If so, disable it and see if things return to normal.
 
Last edited:

L&LD

Part of the Furniture
Welcome to the forums @NoNaym.

Try with the TCP Protocol.
 

eibgrad

Very Senior Member
I have tried and/or made sure:
  • All sorts of jffs startup scripts and custom OpenVPN settings (also not sure if I did these things correctly, but felt these were the most likely solutions

I'm not sure what you're saying here. Do you have active scripts in /jffs/scripts? Are you saying you tried eliminating them and it made no difference? Such scripts are always a bit suspect. For example, I've had a few users lately configuring nat-start scripts w/ rules that rightly belong in the firewall-start script. And when they made that mistake, it corrupted the firewall. And when that happens, you can get all kinds of weird, inconsistent behavior.

IOW, there's all kinds of opportunities for conflicts in a situation like this, and sometimes users don't provide information they think is relevant, but it just may be. That's why I asked you about the OpenVPN client.

When all else fails, it helps to just dump as much data as possible in hopes of seeing if something is amiss.

Code:
ifconfig
ip route
ip rule
iptables -vnL
iptables -t nat -vnL
 

NoNaym

New Around Here
I'm not sure what you're saying here. Do you have active scripts in /jffs/scripts? Are you saying you tried eliminating them and it made no difference?
I do not currently have any active scripts in /jffs/scripts. I have tried a few in nat-start and maybe some in firewall-start, but none have made a difference. Can't say exactly what I put in those scripts, but I'm basically just saying that I've tried some scripts without success (and currently no scripts enabled/inside scripts directory).

I'll try to provide a data dump when I have some time later today/this week. Thanks again!!
 

NoNaym

New Around Here
Newish development: Just tried connecting to my home VPN from my workplace wifi (on my Android phone), and everything appears to be working as expected. I could have sworn I had already tried this but with undesirable results, but could be wrong...

I have been doing most of my testing from home using my Android phone while disconnected from wifi (but connected to mobile data via Mint mobile). Not sure if Mint (or other mobile carriers) block VPNs, but again I'm pretty sure I was able to use my old router's VPN when using my phone's mobile data connection.

So it appears the real issue I am facing is that my VPN connects when using mobile data on Android, and (from OP) "I can ping the OpenVPN server (router at 192.168.1.1), other local 192.168.1.* devices, public websites, and I can even SSH and RDP without issue. But when I try to access the router's web UI, any local servers, or any public website in a web browser over the VPN, it refuses to load."

While not as critical (I mainly want my VPN for public wifi), I am curious if anybody has any thoughts on what might be going on when I try to connect via mobile data. Is this normal with mobile carriers, or am I maybe missing something here?

I really appreciate the support! Assuming I don't have an immediate solution to the VPN over mobile data issue, I'll probably start a new thread when I'm really ready to continue troubleshooting that issue in particular.
 

NoNaym

New Around Here
One more follow-up: After looking further into why my VPN connection did not work as expected while on mobile data connection (via Mint Mobile), I came across this Reddit thread (Traffic Trottling when using VPN) which points out that:

I finally inspected the APN settings and realized I was using the settings from when your device first connects to the network (fast.t-mobile.com). I followed this guide: https://www.mintmobile.com/setup-for-android, restarted my device and my VPN is working!

Somehow, when the VPN traffic goes directly through t-mobile it gets throttled, but other types of traffic go through just fine... go figure.

After following the guide (linked in quoted text above) on Mint's website, I can confirm that my VPN does now work as expected over mobile networks. Huzzah!

Also, something to keep in mind is that if you factory reset your phone (which I recently did), then you will likely need to reconfigure these APN settings. Wish I realized this sooner!

Thanks again for the support All!
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top