What's new

VPN Server and Client running at the same time

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Aircub

Occasional Visitor
I have a RT-AC86U running 384.14_2 and I want to run a OpenVPN in from NORDVPN and a Server out so I can access when I am abroad working.

Each time I set the server up after about 5 minus the ASUS disconnects from the internet and won't reconnect unless I stop the server.

Is there something extra I should put into the configuration of the server??
 
This topic is a fairly regular one. If you haven’t already done a search, try this one:


https://www.snbforums.com/threads/simultaneous-vpn-server-and-vpn-client.39508/



You can search using the forum’s search facility but it’s well worth doing a separate Google search of this forum alone. Google search


Probably worth concentrating on the more recent threads first.

If you find the solution, please post your feedback for future reference.

(And after over 4 years on the forum, I finally managed to embed a link in text!)
 
Last edited:
Many thanks, your link to the posting was exactly what I needed. I changed the subnet of the server and the port to be different from the client and all is working as expected with no dropped internet connections.
 
Many thanks, your link to the posting was exactly what I needed. I changed the subnet of the server and the port to be different from the client and all is working as expected with no dropped internet connections.
Can I change the subnet with the oringal ASUS firmware (RT-AX58U)? I am using a vpn client connected to ExpressVPN (IPSec) and a vpn server (IPSec) for remote access and they do not work at the same time. Do I have to use Merlin to achieve this or is there another way?
 
Can I change the subnet with the oringal ASUS firmware (RT-AX58U)? I am using a vpn client connected to ExpressVPN (IPSec) and a vpn server (IPSec) for remote access and they do not work at the same time. Do I have to use Merlin to achieve this or is there another way?

This thread has been primarily concerned w/ OpenVPN client/server conflicts. So I can't speak to all potential IPsec client/server conflicts. But in most cases, I suspect the problem is due to the client routing ALL its traffic over the VPN, including that of the router, making the server unreachable over the WAN. When using OpenVPN client, it's possible to use the VPN Director to get around the problem since it removes the router itself from the VPN, making the router's services (any of them) reachable again over the WAN. But again, I can't speak to what's possible w/ the IPsec client. You'd need something similar to the VPN Director to remove the router from the IPsec client tin order to make the IPsec server reachable over the WAN.

Of course, the easiest solution is to use OpenVPN for the client (or both client and server), but I don't know how much you are depending on IPsec for your solution.
 
This thread has been primarily concerned w/ OpenVPN client/server conflicts. So I can't speak to all potential IPsec client/server conflicts. But in most cases, I suspect the problem is due to the client routing ALL its traffic over the VPN, including that of the router, making the server unreachable over the WAN. When using OpenVPN client, it's possible to use the VPN Director to get around the problem since it removes the router itself from the VPN, making the router's services (any of them) reachable again over the WAN. But again, I can't speak to what's possible w/ the IPsec client. You'd need something similar to the VPN Director to remove the router from the IPsec client tin order to make the IPsec server reachable over the WAN.

Of course, the easiest solution is to use OpenVPN for the client (or both client and server), but I don't know how much you are depending on IPsec for your solution.
Thankns for the reply.

I just installed Merlin and it has a lot more stuff than I'm used to handling. The reason for using IPsec is for a speed issue. With OpenVPN I get about 45 Mbps and with IPsec 170 Mbs. I have a 200Mbps service.

But from what I am reading it is quite complicated to run IPsec Server and IPsec Client at the same time. I was able to create the OpenVPN client and connect my computer. Maybe later I will ask some more concrete questions. At the moment I just want to know how do I connect all the users to the OpenVPN tunnel. At the moment I only know how to do it one by one in the Add New Rule part of the VPN Director.
 
Thankns for the reply.

I just installed Merlin and it has a lot more stuff than I'm used to handling. The reason for using IPsec is for a speed issue. With OpenVPN I get about 45 Mbps and with IPsec 170 Mbs. I have a 200Mbps service.

But from what I am reading it is quite complicated to run IPsec Server and IPsec Client at the same time. I was able to create the OpenVPN client and connect my computer. Maybe later I will ask some more concrete questions. At the moment I just want to know how do I connect all the users to the OpenVPN tunnel. At the moment I only know how to do it one by one in the Add New Rule part of the VPN Director.

You can use 192.168.1.0/24 (assuming that's your private network) as a a rule.
 
You can use 192.168.1.0/24 (assuming that's your private network) as a a rule.
Also another method I discovered was to change the Redirect Internet traffic through tunnel setting to Yes (all). This setting allowed all devices to browse through OpenVPN.
I also made the OpenVPN Server, but the only thing I don't know is what values to put in the VPN Subnet / Netmask so that I can have both the VPN client and VPN Server running at the same time. By default I have these values 10.8.0.0.0 / 255.255.255.0 on the server.
 
Also another method I discovered was to change the Redirect Internet traffic through tunnel setting to Yes (all). This setting allowed all devices to browse through OpenVPN.
I also made the OpenVPN Server, but the only thing I don't know is what values to put in the VPN Subnet / Netmask so that I can have both the VPN client and VPN Server running at the same time. By default I have these values 10.8.0.0.0 / 255.255.255.0 on the server.

You missed an important point here.

Anytime the router is configured to route "Yes (all)" traffic over the local OpenVPN client (i.e., without the use of the VPN Director), that will make any services on the router (e.g., the OpenVPN server) unreachable over the WAN! As I stated before, w/ "Yes (all)" the router becomes bound to the local OpenVPN client just like the rest of the WLAN/LAN devices, and so any attempt to reach the router and its various services via the WAN will have its replies routed over the VPN too. That won't work due to RPF (reverse path filtering).

IOW, use of the VPN Director (NOT "Yes (all)") is a necessity here in order to remove the router itself from the local OpenVPN client, thus making its services reachable again over the WAN.
 
You missed an important point here.

Anytime the router is configured to route "Yes (all)" traffic over the local OpenVPN client (i.e., without the use of the VPN Director), that will make any services on the router (e.g., the OpenVPN server) unreachable over the WAN! As I stated before, w/ "Yes (all)" the router becomes bound to the local OpenVPN client just like the rest of the WLAN/LAN devices, and so any attempt to reach the router and its various services via the WAN will have its replies routed over the VPN too. That won't work due to RPF (reverse path filtering).

IOW, use of the VPN Director (NOT "Yes (all)") is a necessity here in order to remove the router itself from the local OpenVPN client, thus making its services reachable again over the WAN.
Changing to VPN Director. Mi local is 10.169.3.18. What address should I put in the VPN Director so that all the devices are tunneled? I'm sorry, but my knowledge of VPN is a little more limited.
 

Attachments

  • Screen Shot 2022-08-14 at 10.19.34 PM.png
    Screen Shot 2022-08-14 at 10.19.34 PM.png
    165.8 KB · Views: 102
  • Screen Shot 2022-08-14 at 10.38.50 PM.png
    Screen Shot 2022-08-14 at 10.38.50 PM.png
    77.5 KB · Views: 93
Changing to VPN Director. Mi local is 10.169.3.18. What address should I put in the VPN Director so that all the devices are tunneled? I'm sorry, but my knowledge of VPN is a little more limited.

10.169.3.0/24
 
Thank you very much for your support, little by little I am making progress. I can tell you that I was able to connect all the devices through VPN director. I also changed the subnet in the VPN Server and I was able to connect both VPN client and server at the same time but something strange happened to me.
Yesterday I did some live tests connecting to my router through the VPN server and using the external cellular network and it was a success. Today, when I wanted to test from another location via wifi to get the GUI of my router I got the GUI of a router that I don't have ZyXEL. Any ideas? Am I hacking someone? lol.
10.169.3.0/24
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top