What's new

VPN Director rules and WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
Hi all,

I have found this forum incredibly useful over the last six months of my foray into self-hosting.

I have an ASUS AX6000, running the latest (Dec 2022) version of Merlin. My entire LAN is protected behind an Open VPN connection via NordVPN. This was achieved by using a CIDR range so that everything except my guest wifi network was behind the VPN.

I now have an old laptop I am using as an Ubuntu server. The server “sees” the internet just fine when it is behind the VPN. But, I would like to self-host a few services that are exposed to the Internet. I therefore added a VPN Director rule to allow that laptop (that has a manual IP address of to just be WAN with no VPN protection. Or at least I thought I did. The problem is that, when the rule is enacted, the Ubuntu server cannot interact with the internet. Pinging google doesn’t work. I can control the laptop with other devices on the LAN via the CLI.

Bizarrely, though, when I enable port forwarding, I *can* reach the Ubuntu server via the Internet (I am using my cell phone so I have excluded my network entirely).

I have posted the VPN Director rules below.

To summarize, my Ubuntu server:
- reaches the Internet OK when behind the VPN
- does NOT reach the Internet when supposedly on WAN via a VPN Director rule
- DOES interact normally for specific port(s) when on WAN via VPN Director AND when ports are forwarded.

I am an intermediate networking person, having been using the Internet (via lynx) since 1993. But I am not advanced. I would greatly appreciate any help! Thank you.



New Around Here
Hi @propofol,

I'm not an expert on this, but from setup perspective everything looks alright. I have a similar configuration but with one noticeable difference – I don't explicitly assign my server (which runs on a Raspberry Pi) to WAN.

Screenshot 2022-12-22 at 09.44.44.png

My Raspberry Pi server has a manually set IP outside of, which makes it an exception to the rules entirely (or to better put it, it's not even covered by the rules). From what I can see in your config, you explicitly set your Ubuntu server to WAN (which has the highest priority), and then all other clients within /24 to OVPN. According to the documentation, your Ubuntu laptop should therefore be excluded from your second rule. Could you try replicate my setup and see if that works? Just limit the IP pool to something like - (which is /25), assign your router to WAN and give your Ubuntu server an IP outside /25, for example and see if it works. However, I remember assigning my Pi to WAN and it worked perfectly fine, I could reach the internet.


New Around Here
Thanks for your reply. I followed your helpful suggestion and it works! I remain uncertain why my initial attempt failed.

I appreciate the help — Merry Christmas!

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!