TorGuard OpenVPN Client on ASUS Merlin (as workaround to CGN / LSN)

[Sully]

Hi All, new here but I've been visiting the site for some time. I wanted to pick your collective brains with an issue.

My Problem: I live in a high rise condo who recently changed ISPs. With the former ISP port forwarding and DDNS worked as they should, but the new ISP uses Carrier-grade NAT (CGN) or large-scale NAT (LSN) and as such port forwarding and DDNS won't work. Internet Access to my QNAP worked without issue previously. They want $20/month for a static IP which is outrageous in my opinion. I'd like to deploy a workaround to CGN/LSN without paying $240/year for a static IP address so I can access my QNAP NASes from the internet (external) again.

What I have done so far:
1. Opened Ports for TorGuard IP address (those ports are the http / https QNAP NAS Management Ports).
2. Successfully Configured OpenVPN Client on my ASUS RT-AC66U router (Asuswrt-Merlin firmware). Note: As shown in the attachments I'm using selective routing to only pass needed traffic (QNAP NAS) through the VPN, thus not taking a performance hit on non-QNAP NAS traffic.

Current Problem: While I believe I'm getting close to a solution, when I visit IPADDRESSORT, where IPADDRESS is the TorGuard IP address with opened ports and PORT is the opened port which is the same as the QNAP NAS Management port, I cannot get the QNAP NAS Manament UI to resolve.

Any thoughts on what I have missed here? Port forwarding? Something else?

Thanks in advance for your help.

 

[Sully]

Closed. I was missing this: https://torguard.net/knowledgebase.php?action=displayarticle&catid=60&id=165, the nat-start script.

#!/bin/sh

iptables -I FORWARD -i tun11 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun11 -p udp --dport port -j DNAT --to-destination destIP

chmod a+rx /jffs/scripts/nat-start