unable to connecting to Router admin page via OPENVPN ip address

[ekachaiz]

Hi guys, this may sound silly but I'm tring to access to client router (10.8.1.2 refer to digram) configuration page but unable to and vice versa. Currently im only able to connect to the openvpn server via DDNS. Since ISP on the client side does not provide public IP address so I though using OPENVPN could provide path to access client router. What setting should i be adjusted in order for this to work?

 

[eibgrad]

Not a lot of detail here. I'll just assume both routers are using the latest version of Asuswrt-Merlin. If I had to make a quick guess based on no details, perhaps you have the Inbound Firewall option on the OpenVPN client set to Block (the default), when it needs to be set to Allow if you expect unsolicited inbound connections from the server over the tunnel.

 

[ekachaiz]

Not a lot of detail here. I'll just assume both routers are using the latest version of Asuswrt-Merlin. If I had to make a quick guess based on no details, perhaps you have the Inbound Firewall option on the OpenVPN client set to Block (the default), when it needs to be set to Allow if you expect unsolicited inbound connections from the server over the tunnel.

Sorry for the lack of info. This is my current setting on client now ( ignore the VPN IP 10.8.1.22 as im organising my devices IP at the moment) both router using firmware 386.3_2

 

[eibgrad]

A continuing problem here is the lack of information. You have to be very precise about how you have BOTH routers configured.

Before even considering whether access to the GUI on the OpenVPN client is possible, I first want to know if you can at least ping the OpenVPN client (10.8.0.2) from the OpenVPN server. And by OpenVPN server, on mean from the router hosting that OpenVPN server (i.e., using ssh). You need to verify you have basic connectivity before considering specific application-level protocols (e.g., http/https).

Assuming that works, that does NOT mean that clients behind the OpenVPN server on its private network can likewise ping across the tunnel (and by extension, use applications-level protocols). For that to work, you either have to configure the OpenVPN client and server as "site-to-site" (which means each side knows how to route to/from the others private networks), *or* you've NAT'd the tunnel on the OpenVPN server side (not just on the OpenVPN client). But when configuring site-to-site, you don't normally NAT either side. Instead, you have the server push its own private network to the client, and then configure the Manage Client-Specific Options field on the server to inform it of the private network that lies behind the OpenVPN client. In this way, each side can route between the other w/o the need for NAT.

In short, the devil is in the details. There's a lot of reasons things could go wrong. And I could spend page after page trying to guess what might be at issue here. But my gut tells me you haven't properly/fully configured these two routers for site-to-site (the fact the OpenVPN client is still NAT'd strongly suggests that's the case).

 

[JGrana]

Hi guys, this may sound silly but I'm tring to access to client router (10.8.1.2 refer to digram) configuration page but unable to and vice versa. Currently im only able to connect to the openvpn server via DDNS. Since ISP on the client side does not provide public IP address so I though using OPENVPN could provide path to access client router. What setting should i be adjusted in order for this to work?
View attachment 37996

Why not use the firmwares built in Asus DDNS for the client side?
I am running site to site, both client and server routers have a public ip using the built in DDNS/Asus.
Also, on the server side, do you have the clients side, do you have the clients subnet under Allowed Clients - and make sure push = no?