Unable to reach VPN server in two-router setting

[YPNvexed]

I was just referring to when the router is put in AP mode, a bunch of the menu items disappear. I really like the merlin firmware.

Yes, the connections between the two routers are LAN to LAN ports.

ip r returned the following:

10.16.0.0/24 dev tun22 proto kernel scope link src 10.16.0.1
10.168.2.0/24 dev br0 proto kernel scope link src 10.168.2.11 - is this where the issue is? - should this read: 10.168.2.0/24 dev br0 proto kernel scope link src 10.168.2.1?
127.0.0.0/8 dev lo scope link

This is a screen shot of the WAN menu settings on Router 2 (10.168.2.11). I have disabled WAN, NAT and uPNP, The IP Address under WAN IP Setting is set to 10.168.2.11.

The LAN IP under the LAN menu is set to 10.168.2.11, and the DHCP in the LAN menu is also turned off.

 

[YPNvexed]

hi rogue

ip r now reads as follows:
10.16.0.0/24 dev tun22 proto kernel scope link src 10.16.0.1
10.168.2.0/24 dev br0 proto kernel scope link src 10.168.2.11
127.0.0.0/8 dev lo scope link
default via 10.168.2.1 dev br0

Success! I can VPN in from outside now. One small issue still exists. I cannot ping www.google.com from the cli, but a ping to 8.8.8.8 works (so does the connection to the ntp server when connecting by IP, but not when using pool.ntp.org)! To me this means there is something not right from the DNS perspective, but not sure how to fix this... Any idea?

cat /tmp/resolv.conf is empty, and I think that is the issue, but not sure how to fix.

Thank you again for all your help - this has my network functioning just the way I want it now.

 

[degrub]

do you have dns resolver issues while using the VPN normally ?

 

[roguetr]

cat /tmp/resolv.conf is empty, and I think that is the issue, but not sure how to fix.

Thank you again for all your help - this has my network functioning just the way I want it now.

Yep that's definitely your issue. On mine:
roguetr@replicator:/tmp/home/root# cat /tmp/resolv.conf
nameserver 203.12.160.35
nameserver 203.12.160.36

A quick check of my nvram shows:
wan0_dns=203.12.160.35 203.12.160.36
dnsfilter_custom1=203.12.160.35
wan0_dns=203.12.160.35 203.12.160.36
dnsfilter_custom2=203.12.160.36
wan_dns=203.12.160.35 203.12.160.36

So I'd say just ensure the WAN static config has your required DNS, which in this case can be the IP of router 1. I doubt resolv is using the dnsfilter custom entries.

I'm glad I could help, no problem at all

 

[roguetr]

10.168.2.0/24 dev br0 proto kernel scope link src 10.168.2.11 - is this where the issue is? - should this read: 10.168.2.0/24 dev br0 proto kernel scope link src 10.168.2.1?

Sorry I just saw this post. I know it's kind of irrelevant now but just to clarify, src is the address used when initiating an outbound connection. In a situation where you have multiple IP addresses assigned, src will be the address used when a process is not bound to a specific IP address.

 

[bodziec]

Yep that's definitely your issue. On mine:
roguetr@replicator:/tmp/home/root# cat /tmp/resolv.conf
nameserver 203.12.160.35
nameserver 203.12.160.36

A quick check of my nvram shows:
wan0_dns=203.12.160.35 203.12.160.36
dnsfilter_custom1=203.12.160.35
wan0_dns=203.12.160.35 203.12.160.36
dnsfilter_custom2=203.12.160.36
wan_dns=203.12.160.35 203.12.160.36

So I'd say just ensure the WAN static config has your required DNS, which in this case can be the IP of router 1. I doubt resolv is using the dnsfilter custom entries.

I'm glad I could help, no problem at all

roguetr, I would like to do an exactly the same setup on my network where I have one router from ISP and second Asus RT-AC68U conected LAN-to-LAN where I would like to set up VPN server.
Would you be able to paste in your router cfg screenshots?
I'm in the exact step you were before where VPN works when connecting internally, but not from internet (port opened on the ISP router)

 

[roguetr]

roguetr, I would like to do an exactly the same setup on my network where I have one router from ISP and second Asus RT-AC68U conected LAN-to-LAN where I would like to set up VPN server.
Would you be able to paste in your router cfg screenshots?
I'm in the exact step you were before where VPN works when connecting internally, but not from internet (port opened on the ISP router)

Hi

Although this thread is lengthy and probably overly complicated, the primary issue with this setup is just ensuring your routing is correct, which is pretty much just your default gateway assignment on router 2. It also doesn't hurt to have DNS functioning properly.

I don't use this particular setup, though I have in this form and various others in the past. It's no different than running a VPN server in general behind a firewall, though using a router you need to be mindful of the router's filtering and switch configuration. All the info you would need is already in this thread. I suppose though that it could be bullet pointed or listed as a step by step guide.

If you think you need me to detail the steps I could try and find some time. I'm currently overseas so can't guarantee a quick response.