Vpn Client and Server at the same time - Risk of leakage ?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

LabTwissel

New Around Here
Using Openvpn Client and Server at the same time - Is there a risk of leakage ?

Hi all ! First post after years of learning on this forum :)

I am currently running my RT AC68U with Merlin in openvpn server and client mode simultaneously.
The client mode is for the outgoing connections from my NAS.
The server is to allow me to access my LAN devices remotely.

In vpn client config page, my NAS is specified to be behind VPN, policy rule is set to "strict", and "block routed clients if tunnel goes down" is checked.

In vpn server config page, "clients will use VPN to access LAN ONLY" is checked.

As I understand it, this config does not allow me to reach my NAS from remote, because the NAS responds through the client VPN connection whereas I am talking to the NAS from WAN (through vpn server).

Now, in the vpn client config page, if I add a second rule regarding my NAS and put as "Destination IP" the sub-network range specified in the vpn server config page, and WAN as interface, this restores the ability for me to talk with the NAS from remote through the vpn server.

However, I am wondering if this will somewhat breach the "strict" policy rule of the vpn client ? In other words, will this allow the NAS to reach the internet through the vpn server ?

I suppose no because the NAS is not supposed to initiate connections to the vpn server but only to respond to incoming connections, and also because the vpn server is not configured to allow wan outgoing connections from the clients.

But as I am far from being a network or computer science pro, I wished to have some confirmation...
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top