VPN not working - RT AC86U

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

danielrdutra

New Around Here
Hi,
why, if my router (AC86U) have assigned a public ip, vpn server is telling me my ip is private (see photos attached)?

Thanks in advance for any help
 

Attachments

  • asus.jpg
    asus.jpg
    67.5 KB · Views: 142

danielrdutra

New Around Here
Tue Sep 08 10:37:58 2020 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Tue Sep 08 10:37:58 2020 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Tue Sep 08 10:37:58 2020 OpenVPN 2.5_beta3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 1 2020
Tue Sep 08 10:37:58 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Tue Sep 08 10:37:58 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Tue Sep 08 10:38:05 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:38:05 2020 UDP link local: (not bound)
Tue Sep 08 10:38:05 2020 UDP link remote: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:38:35 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Sep 08 10:38:35 2020 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 08 10:38:40 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:38:40 2020 UDP link local: (not bound)
Tue Sep 08 10:38:40 2020 UDP link remote: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:39:10 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Sep 08 10:39:10 2020 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 08 10:39:15 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:39:15 2020 UDP link local: (not bound)
Tue Sep 08 10:39:15 2020 UDP link remote: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:39:45 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Sep 08 10:39:45 2020 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 08 10:39:51 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:39:51 2020 UDP link local: (not bound)
Tue Sep 08 10:39:51 2020 UDP link remote: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:40:21 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Sep 08 10:40:21 2020 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 08 10:40:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:40:26 2020 UDP link local: (not bound)
Tue Sep 08 10:40:26 2020 UDP link remote: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:40:56 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Sep 08 10:40:56 2020 SIGUSR1[soft,ping-restart] received, process restarting
Tue Sep 08 10:41:06 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]100.64.31.xx:1194
Tue Sep 08 10:41:06 2020 UDP link local: (not bound)
 

ColinTaylor

Part of the Furniture
why, if my router (AC86U) have assigned a public ip, vpn server is telling me my ip is private (see photos attached)?

Because 100.64.0.0/10 addresses are private not public. Those addresses are used by ISPs for CGNAT.
 
Last edited:

danielrdutra

New Around Here
Because 100.64.0.0/10 addresses are private not public. Those addresses are used by ISPs for CGNAT.
ok, i understood.

I discovered that my real public ip is 45.235.82.xxx. So, why the router (as i said, responsible to login ISP, PPPOE mode) is assigned as private IP?

is there any setup in router to do to fix this issue?

PS: i had another asus router (N17U), in this same setup and this problem didn´t exist. I could see the public ip, VPN worked fine
 

Attachments

  • asus2.jpg
    asus2.jpg
    40.9 KB · Views: 58

ColinTaylor

Part of the Furniture
I discovered that my real public ip is 45.235.82.xxx. So, why the router (as i said, responsible to login ISP, PPPOE mode) is assigned as private IP?

is there any setup in router to do to fix this issue?
The 45.235.82.xxx address is shared by your ISP with other customers. That's why your ISP has assigned you a CGNAT address.

You will have to speak to your ISP and ask them to give you a public IP address.

PS: i had another asus router (N17U), in this same setup and this problem didn´t exist. I could see the public ip, VPN worked fine
You could try cloning the WAN MAC address of your N17U onto the RT-AC86U. It might then give you your old IP address.
 

danielrdutra

New Around Here
The 45.235.82.xxx address is shared by your ISP with other customers. That's why your ISP has assigned you a CGNAT address.

You will have to speak to your ISP and ask them to give you a public IP address.


You could try cloning the WAN MAC address of your N17U onto the RT-AC86U. It might then give you your old IP address.
Collin, you got it, i understood.

Unfortunately, this was not a solution for my issue. I phoned my ISP e they told me: "i´m sorry, we can´t help you, since IPV4 is too crowded and yes, we "NAT" 50% of our IPs."

I tried use another DDNS service (no-ip) and the problem persisted. i can´t connect in my VPN, despite NO-IP assigned the correct public IP.

There is any possible solution in VPN setup to make my VPN connection works? "ASUS Merlin" could be a possible solution?
 

Attachments

  • asus3.jpg
    asus3.jpg
    45.2 KB · Views: 53

Jeffrey Young

Senior Member
I have the same issue. I ended up using Merlin's Firmware and installing Softethervpn. That project offers both NAT hole punching (which has worked very well) and Azure relay service. Both for free.

It was a bit of work setting it up (custom Scripting to get the bridging to work and determine the WAN address to adjust the config file), but it works very well for me. Using their client software, I get speeds very close to my ISP rated speed (50mbit).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top