1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

VPN in AP Mode

Discussion in 'Asuswrt-Merlin' started by Nogtail, Oct 20, 2018.

  1. Nogtail

    Nogtail New Around Here

    Joined:
    Oct 20, 2018
    Messages:
    4
    I have a RT-87U used as an access point behind my ISP's piece of s*** ™ router. I'd like to use the OpenVPN server to access my local network when I'm away from home.

    I can enable the VPN server in in access point mode by going to /Advanced_VPN_OpenVPN.asp. After port forwarding I can access the router over the VPN, however I can't access any other devices on the local network.

    I've looked at openvpn.c and it seems to be doing some routing/firewall stuff. I'm no expert but I'll assume this is specific to the router mode and is preventing me accessing other devices when in AP mode.

    Is there a way of using the OpenVPN server in access point mode?

    Note: for various reasons I have to use my ISP's router and I'd rather not double NAT.

    Thanks!
     
  2. Hawk

    Hawk Senior Member

    Joined:
    Mar 9, 2014
    Messages:
    210
    Location:
    Toronto, Ontario, Canada
    Vpn mode operate in router mode. I am not aware any workaround, may be other member can tell you different options.
     
  3. JDB

    JDB Very Senior Member

    Joined:
    Aug 28, 2016
    Messages:
    624
    Did you TUN or TAP? Try the other to what your did (one is L2 and the other is L3 routed)

    I’m a bit surprised if the VPN works and you can access the router other devices don’t also to be honest.


    Sent from my iPhone using Tapatalk
     
  4. Nogtail

    Nogtail New Around Here

    Joined:
    Oct 20, 2018
    Messages:
    4
    I was originally using TUN.

    I tried again with TAP and it worked flawlessly, thanks for the suggestion!

    I'd rather use TUN if anyone knows a way of making it work. Has anyone tried manually configuring OpenVPN? I understand there is a writable area of flash that scripts can be stored?

    Thanks again!

    Edit:
    With TUN in a subnet topology, is there any NAT occurring? My local network is 10.0.0.x and VPN clients are on a 10.8.0.x subnet. If there is no NAT between networks then packets would be directed towards the router which presumably discards them, perhaps explaining why TUN isn't working. I really have no idea what I'm talking about so correct me if I'm wrong.
     
    Last edited: Oct 20, 2018
  5. JDB

    JDB Very Senior Member

    Joined:
    Aug 28, 2016
    Messages:
    624
    With TUN the VPN Server is doing NAT yes, which actually is probably why that doesn’t work...
    Normally in router mode it would NAT client traffic to its own local LAN IP/Ports, in AP mode the AP has a local IP on its WAN port, which I’m surmising is messing with the VPN server settings as ports are not where it expects as it’s not in router mode.
    You might be able to work around it by putting it in router mode, disabling DHCP (and other router functions) and connect it via its LAN ports to the ISP’s router (leaving its WAN port disconnected). This would require the VPN server to listen on the LAN side as well as WAN side (which I’m not sure it does).


    Sent from my iPhone using Tapatalk
     
  6. agilani

    agilani Senior Member

    Joined:
    Nov 30, 2012
    Messages:
    454
    Get your own modem to replace your ISP router and use your ac87 as a router or learn to live with double nat.

    Some isp routers can be put in bridge mode. If that's possible, you can use your router as a router.

    or last option use something like tinc to establish the outgoing connection and reverse shell.

    https://www.tinc-vpn.org/
     
  7. Nogtail

    Nogtail New Around Here

    Joined:
    Oct 20, 2018
    Messages:
    4
    I'm using the ISP's router as a VoIP adaptor, and my ISP refuses to release VoIP details so I can't use another device. VoIP data is also given dedicated bandwidth so I can't throw the ISP's box behind another router or it doesn't work. Putting it in bridge mode works but also disables all VoIP functionality.

    I've tried a double NAT but it causes issues with a bunch of online games, even when within router 1's DMZ.

    The ISP keeps patching the firmware to remove anything remotely useful. It was originally possible to Telnet or SSH into the router, now you can't even set your own DNS server.
     
  8. agilani

    agilani Senior Member

    Joined:
    Nov 30, 2012
    Messages:
    454
    Never combine services. Better to use ooma or vonage and port your number over. Voip uses almost no bandwith (all of 56 to 128kb/s) and will just about have no impact on your traffic. Get our own modem and switch to ooma for voip.

    You can try to live with double nat, but will have to setup double port forwarding. It won't be pretty and will not support upnp.
     
  9. Nogtail

    Nogtail New Around Here

    Joined:
    Oct 20, 2018
    Messages:
    4
    You overestimate my connection speed! During peak times speeds can be around 100kb/s with 50% packet loss. All providers in my area bundle a phone connection with the internet and I can't afford to pay for a secondary VoIP service. The only other option would be satellite - and I'm not willing to endure satellite latency.
     
  10. JDB

    JDB Very Senior Member

    Joined:
    Aug 28, 2016
    Messages:
    624
    Wow, don’t think I’ve had those speeds since the late nineties! How do you do anything aside from ping!?


    Sent from my iPhone using Tapatalk