Use OpenVPN on a GliNET device to VPN into Merlin Router as Server?

jksmurf

Regular Contributor
Hi,

Searched the Merlin forum and asked on GliNET's forum to no avail, but it's a pretty simple task (or so I thought).

I have a working OpenVPN Server on an RT-AX86U with Merlin 386.7 into which I can connect and RDP from Windows Notebooks and multiple IOS devices using the exported OpenVPN profiles. Works great.
Used the same exported OpenVPN profile on the GliNET Slate AX and it works to CONNECT to the VPN Server OK (I use LAN Only).

BUT, unlike above, RDP then does not work (and traffic seems to only be up to the Asus Router (VPN Sever) and not down).

Has anyone else that has one of the GliNET devices flicked a setting in the Asus Server (or GliNET) that makes it work please?

Thanks a lot!

k.
 

eibgrad

Part of the Furniture
What your description lacks is precisely *how* these various devices are connected to your network. Many users make the mistake of testing the VPN from *inside* the LAN on which the OpenVPN server is running. That is NOT a valid test of remote access since it depends on NAT loopback to support it.

Then there's the GliNET Slate AX. Should we assume this is acting as a router that's connected via cellular over its WAN to your remote IP on the internet side of the WAN, or perhaps also connected via wifi while inside the LAN?

IOW, you've simply stated stuff is "connected" w/ no details. How you're actually connected can make all the difference in what does and doesn't work.
 

jksmurf

Regular Contributor
What your description lacks is precisely *how* these various devices are connected to your network. Many users make the mistake of testing the VPN from *inside* the LAN on which the OpenVPN server is running. That is NOT a valid test of remote access since it depends on NAT loopback to support it.

Then there's the GliNET Slate AX. Should we assume this is acting as a router that's connected via cellular over its WAN to your remote IP on the internet side of the WAN, or perhaps also connected via wifi while inside the LAN?

IOW, you've simply stated stuff is "connected" w/ no details. How you're actually connected can make all the difference in what does and doesn't work.
Right you are, and my apologies for that. OK, so I am testing this setup with a Slate AX at work, connected to a Public Wifi (actually close to an Airport which IMO is a good a test bed for what I want it for). Not on cellular.

Now, with my trusty iPhone I can Tunnel to my home PC (via Asus Router VPN Server) from the same Wifi network, using OpenVPN + RDP Apps on the Phone, with the oVPN profile exported from my Router.

I put that same oVPN profile into my Slate AX, connected the Slate to the Airport Wifi in repeater mode. The Slate connects OK TO my Router (according to teh connected messages. My phone is then connected to the Slate via a separate Wifi SSID. The RDP (from the Phone) does not work to connect to my home PC.

Hopefully that provides what you need, bear with me, not an expert here!

k.
 

eibgrad

Part of the Furniture
Your phone is connected to the GliNET in repeater mode? If so, then your phone is probably NOT being routed through the GliNET. And that's usually the problem.

Anytime you're bridged to some device that is itself connected to a remote network over a VPN, that does NOT mean that any other devices that share that same bridge are necessarily going to be routed through its VPN! In such a configuration, *only* the device itself is able to take advantage of the VPN.

It's no different than if you had established an OpenVPN client on some LAN device at home rather than the router, then expected for other devices to suddenly be routed through it. It's just NOT going to happen unless those other devices are reconfigured to use that LAN device as their default gateway rather than the primary router. That's why you typically run the OpenVPN client on the primary router.

Having the GliNET in repeater mode does nothing more than bridge your phone to the wifi hotspot network through the repeater. The repeater is essentially invisible at that point. In order for the phone to take advantage of the OpenVPN client on the GliNET, the GliNET needs to be in a *routed* configuration, so it becomes the default gateway to your phone!

That's why ideally you want a travel router that is capable of client mode (aka WISP (wireless ISP) mode), where it's able to virtualize its WAN over a wireless client to the local wifi hotspot. Now your phone is *routed* through the GliNET. And if it happens to have an active OpenVPN client, routed through that as well.

If the GliNET is not capable of client mode (I have no idea, I don't own one and know nothing about it), then you're forced to use either its wired or cellular WAN instead. Those are both routed configurations.
 
Last edited:

elorimer

Very Senior Member
What GL-iNet refers to as "repeater mode" is actually WISP; "extender mode" is what we ordinarily call "repeater mode". So the Slate forms a WAN connection with the public wifi, and runs its own wired and wireless network on its LAN. He has an openvpn client on the Slate connected to his home ax86u, and he's trying to get a PC connected to the Slate LAN to connect to a device on his home LAN. The Slate client is the same config that allows a phone to do that.

The problem I think is on the GL-Inet side and how it handles the route pushed by the ax86. There's a discussion about this going on on the GL-iNet forums: https://forum.gl-inet.com/t/slate-a...iour-for-windows-ios-based-solutions/23363/15
 

jksmurf

Regular Contributor
Thank you elorimer I will watch both threads with interest!

Thank you also to eibgrad for the explanation, much appreciated.

k.
 
Last edited:

jksmurf

Regular Contributor
For some closure on this (in this forum), I tested it using two different Wi-Fi hotspots, one with and one without a captive portal … and both worked.

So it seems like the Airport Wi-Fi (that didn't work via the Slate AX to my Asus RT-AX86U) has some other setup or routing which prevents OpenVPN working over the Slate AX (only); noting that it doesn’t prevent it working over a direct connection to that same Wi-Fi.

k.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top