VPN Director & Port Forwarding?

[ChitlinNoodleSoup]

Please bear with me.... I'm probably making this more complicated than it needs to be.

I just set up VPN Director with a couple of VPNs that I use frequently. I was running the clients individually on each machine but I got bored and decided to play with VPN Director. I have all of that working as expected but I can't seem to figure out how to make AirVPN's port forwarding feature work with this configuration. It worked fine with the client installed directly on the machine instead of the router. I have it set up on the AirVPN side but I can't route those ports to the machine using that client. I am trying to forward ports 56767 and 56768 to LAN IP 192.168.50.10. I found a post on their forums that mentions using iptables to forward ports from TUN to LAN. I have never attempted this before so I thought I'd ask here before I wasted too much time with it. Is this doable with Merlin firmware 386.7 running on an RT-AX86U? If so, how would I go about doing this?

 

[eibgrad]

FYI, whenever using multiple, concurrent OpenVPN clients, you should *always* use the VPN Director, at least whenever one or more is configured as the default gateway. If you do NOT, inevitably one will be nested inside the other, which is generally undesirable for performance reasons. It also makes one tunnel dependent on the good standing of another. You can't even be sure which gets nested inside the other, since you can't control the order in which they get connected. Just avoid it.

As far as port forwarding, this has been discussed many times on the forum. So much so, I have my own script for those purposes.

T-mobile gateway, ASUS Merlin, trust.zone, OpenVPN, - need to get RDP forwarded!

I am switching to T-Mobile home internet, and have run into a snag. I previously had used port forwarding on the router to publish RDP onto the internet on a non-standard port (let’s call it 1234). So, if you hit , a port forwarding rule would route that to 192.168.1.2:3389. Worked great...

www.snbforums.com

 

[ChitlinNoodleSoup]

FYI, whenever using multiple, concurrent OpenVPN clients, you should *always* use the VPN Director, at least whenever one or more is configured as the default gateway. If you do NOT, inevitably one will be nested inside the other, which is generally undesirable for performance reasons. It also makes one tunnel dependent on the good standing of another. You can't even be sure which gets nested inside the other, since you can't control the order in which they get connected. Just avoid it.

As far as port forwarding, this has been discussed many times on the forum. So much so, I have my own script for those purposes.

T-mobile gateway, ASUS Merlin, trust.zone, OpenVPN, - need to get RDP forwarded!

I am switching to T-Mobile home internet, and have run into a snag. I previously had used port forwarding on the router to publish RDP onto the internet on a non-standard port (let’s call it 1234). So, if you hit , a port forwarding rule would route that to 192.168.1.2:3389. Worked great...

www.snbforums.com

Understood. I was never running multiple clients on the router without VPN Director. I was running a separate client on each machine.

So is this the script you're referring to? I'm a little confused about how to edit this for my particular use. From what I've read elsewhere, tun11 would be client 1? So I'm guessing I would want tun11 0.0.0.0/0 TCP 56767 192.16.50.15 56767 and tun11 0.0.0.0/0 TCP 56768 192.168.50.15 56768 somewhere in the script?

 

[eibgrad]

So is this the script you're referring to? I'm a little confused about how to edit this for my particular use. From what I've read elsewhere, tun11 would be client 1? So I'm guessing I would want tun11 0.0.0.0/0 TCP 56767 192.16.50.15 56767 and tun11 0.0.0.0/0 TCP 56768 192.168.50.15 56768 somewhere in the script?

Yes. The script provides various examples. Delete those and replace it w/ your own rules.

PORT_FORWARDS="
tun11 0.0.0.0/0 tcp 56767 192.16.50.15 56767
tun11 0.0.0.0/0 tcp 56768 192.168.50.15 56768
"

 

[abir1909]

So i have the same issue with wireguard on 388.1... i dont seem to be able to make Torguard's port forwarding working with wireguard.
same server works fine with openvpn.
any ideas?

 

[ragnaroknroll]

Hi @eibgrad

I'm looking to piece together information from a few posts on the forum here, including the ones discussing your script at https://pastebin.com/SqReWZnB to forward a port from a Wireguard client connection to TorGuard VPN established on my Asus RT-AX86U router running Merlin firmware 388.1, to my desktop PC which is directly connected to the router.

I just wanted to ask if the script is still expected to work for a WireGuard, given it seems to be set up for OpenVPN, before I spend the number of hours I might take to figure out how that script works, and to make it do what I'm trying to achieve.

Thanks!

 

[ragnaroknroll]

Okay, I seem to have gotten this to work using the following line in the script, with a lot lesser effort than expected!

wgc1 0.0.0.0/0 tcp <external port> <my PC's ip address> <internal port>

Nevertheless, I just wanted to ask if 0.0.0.0/0 is the appropriate source IP address to use, or should I be able to get away with entering the IP address of the TorGuard server the WireGuard client connects to here? I tried doing this, but the port forward doesn't seem to work when I do.

Secondly, if I'd like to access my router's configuration site through TorGuard's WireGuard VPN as well, can I do so by forwarding the HTTPS port using the same script? I couldn't seem to be able to get this to work despite repeated efforts.

Any help would be much appreciated.

 

[abir1909]

Okay, I seem to have gotten this to work using the following line in the script, with a lot lesser effort than expected!

wgc1 0.0.0.0/0 tcp <external port> <my PC's ip address> <internal port>

Nevertheless, I just wanted to ask if 0.0.0.0/0 is the appropriate source IP address to use, or should I be able to get away with entering the IP address of the TorGuard server the WireGuard client connects to here? I tried doing this, but the port forward doesn't seem to work when I do.

Secondly, if I'd like to access my router's configuration site through TorGuard's WireGuard VPN as well, can I do so by forwarding the HTTPS port using the same script? I couldn't seem to be able to get this to work despite repeated efforts.

Any help would be much appreciated.

Where did you enter that line?

 

[ragnaroknroll]

Where did you enter that line?

In this script: https://pastebin.com/SqReWZnB, under PORT_FORWARDS, after following the installation instructions provided in the comments.

 

[abir1909]

In this script: https://pastebin.com/SqReWZnB, under PORT_FORWARDS, after following the installation instructions provided in the comments.

So basically delete lines 32-36 and replace them with the line you wrote?

 

[ragnaroknroll]

When I ran the command "curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s SqReWZnB" on my router, it installed an abridged version of the script in my /jffs/scripts directory. So yes, delete those lines and replace them with my line, but the exact line numbers in the abridged version of the script might be a bit different from 32-36.

 

[abir1909]

When I ran the command "curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s SqReWZnB" on my router, it installed an abridged version of the script in my /jffs/scripts directory. So yes, delete those lines and replace them with my line, but the exact line numbers in the abridged version of the script might be a bit different from 32-36.

Will try it, thank you

 

[ragnaroknroll]

Have also been trying to access my router's WireGuard server via the TorGuard VPN service via port forwarding over the VPN. Not been having much success at this either despite much effort. Any advice would be much appreciated.

 

[abir1909]

When I ran the command "curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s SqReWZnB" on my router, it installed an abridged version of the script in my /jffs/scripts directory. So yes, delete those lines and replace them with my line, but the exact line numbers in the abridged version of the script might be a bit different from 32-36.

finally got a min to test it. it's still showing the port is closed for me. I assume the external port is the one you set on torguard port forwarding right? what's the internal one? thanks

 

[ragnaroknroll]

The internal one would be the port on the PC you're looking to forward connections to. And I presume you have the application that will accept these connections open while testing whether or not the port forwarding is working. If the application is closed, the port will also show as closed, even if the port forwarding is correctly set up.

 

[ragnaroknroll]

Okay, I seem to have gotten this to work using the following line in the script, with a lot lesser effort than expected!

wgc1 0.0.0.0/0 tcp <external port> <my PC's ip address> <internal port>

Nevertheless, I just wanted to ask if 0.0.0.0/0 is the appropriate source IP address to use, or should I be able to get away with entering the IP address of the TorGuard server the WireGuard client connects to here? I tried doing this, but the port forward doesn't seem to work when I do.

Secondly, if I'd like to access my router's configuration site through TorGuard's WireGuard VPN as well, can I do so by forwarding the HTTPS port using the same script? I couldn't seem to be able to get this to work despite repeated efforts.

Any help would be much appreciated.

Hi All. Any help with these questions would be really appreciated. Thanks in advance.

 

[L&LD]

Sorry, can't offer any suggestions, but consider this a bump to your questions.

 

[GeorePuleos]

I am in a similar situation. Anyone get it working? TIA

 

[abir1909]

Hi All. Any help with these questions would be really appreciated. Thanks in advance.

did you get anywhere with this?

 

[ragnaroknroll]

Not really. I gave up trying to direct my router's Wireguard server via TorGuard, since it appears to be accessible via my public IP address directly, even if my router is connected to the TorGuard VPN service as a client.