Jump to content
Not connected, Your IP: 3.136.154.103
AirVPN
germain85

ANSWERED Port forward on Awus Merlin

By germain85, ... in Troubleshooting and Problems

Recommended Posts

germain85    1

germain85
Posted ...

Hi I want to configure port forward to my router.. and I don't know how with Awus Merlin... on router N66... Thanks

Share this post

Link to post

go558a83nk    352

go558a83nk
Posted ...

 

assuming openvpn running on router have to use iptables like tomato and dd-wrt for TUN to LAN. the web GUI does WAN to LAN. 

 

if people are not running openvpn on router then we should discourage them from opening ports at all as it's a security hazard (correlation attack).

 

anyway, this question gets asked about every other day.  really tired of people not searching the forum.

Share this post

Link to post

germain85    1

germain85
Posted ...
Aug 20 00:09:05 rc_service: httpd 243:notify_rc start_vpnclient5
Aug 20 00:09:05 kernel: tun: Universal TUN/TAP device driver, 1.6
Aug 20 00:09:05 kernel: tun: © 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Aug 20 00:09:05 openvpn[576]: OpenVPN 2.3.10 mipsel-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 10 2016
Aug 20 00:09:05 openvpn[576]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Aug 20 00:09:05 openvpn[578]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 20 00:09:05 openvpn[578]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Aug 20 00:09:05 openvpn[578]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 00:09:05 openvpn[578]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 00:09:05 openvpn[578]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Aug 20 00:09:06 openvpn[578]: UDPv4 link local: [undef]
Aug 20 00:09:06 openvpn[578]: UDPv4 link remote: [AF_INET]71.19.252.113:443
Aug 20 00:09:08 openvpn[578]: TLS: Initial packet from [AF_INET]71.19.252.113:443, sid=348ba18c 68484b8d
Aug 20 00:09:08 openvpn[578]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 20 00:09:08 openvpn[578]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Aug 20 00:09:08 openvpn[578]: Validating certificate key usage
Aug 20 00:09:08 openvpn[578]: ++ Certificate has key usage  00a0, expects 00a0
Aug 20 00:09:08 openvpn[578]: VERIFY KU OK
Aug 20 00:09:08 openvpn[578]: Validating certificate extended key usage
Aug 20 00:09:08 openvpn[578]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 20 00:09:08 openvpn[578]: VERIFY EKU OK
Aug 20 00:09:08 openvpn[578]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Aug 20 00:09:14 openvpn[578]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 20 00:09:14 openvpn[578]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 00:09:14 openvpn[578]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 20 00:09:14 openvpn[578]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 00:09:14 openvpn[578]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Aug 20 00:09:14 openvpn[578]: [server] Peer Connection Initiated with [AF_INET]71.19.252.113:443
Aug 20 00:09:16 openvpn[578]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Aug 20 00:09:16 openvpn[578]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.33.143 255.255.0.0'
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: LZO parms modified
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: route options modified
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: route-related options modified
Aug 20 00:09:16 openvpn[578]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 20 00:09:16 openvpn[578]: TUN/TAP device tun15 opened
Aug 20 00:09:16 openvpn[578]: TUN/TAP TX queue length set to 100
Aug 20 00:09:16 openvpn[578]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 20 00:09:16 openvpn[578]: /usr/sbin/ip addr add dev tun15 10.4.33.143/16 broadcast 10.4.255.255

 

 
 
 
 
 
my nat start is:
 
#!/bin/sh

 

iptables -I FORWARD -i br0 -o tun15 -j ACCEPT

iptables -I FORWARD -i tun15 -o br0 -j ACCEPT

iptables -I FORWARD -i br0 -o vlan1 -j DROP

iptables -I INPUT -i tun15 -j REJECT

iptables -t nat -A POSTROUTING -o tun15 -j MASQUERADE

 

iptables -I FORWARD -i tun15 -p udp -d 192.168.1.102 --dport 41232 -j ACCEPT

iptables -I FORWARD -i tun15 -p tcp -d 192.168.1.102 --dport 41232 -j ACCEPT

iptables -t nat -I PREROUTING -i tun15 -p tcp --dport 41232 -j DNAT --to-destination 192.168.1.102

iptables -t nat -I PREROUTING -i tun15 -p udp --dport 41232 -j DNAT --to-destination 192.168.1.102

 

 

 

tun15 is client 5 on vpn asuswrt-merlin

Share this post

Link to post

go558a83nk    352

go558a83nk
Posted ...

@germain85, Asus merlin openvpn client gui has an option for automatic firewall.  there's no need to have a script running for more firewall stuff.  and your port forwarding IP tables look correct.

 

so it seems you DO know how to configure your router.

Share this post

Link to post

germain85    1

germain85
Posted ...

Thnks buddy!!

 

 

after editing iptables

 

Aug 20 11:38:42 rc_service: httpd 243:notify_rc start_vpnclient5

Aug 20 11:38:42 kernel: tun: Universal TUN/TAP device driver, 1.6
Aug 20 11:38:42 kernel: tun: © 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Aug 20 11:38:42 openvpn[1166]: OpenVPN 2.3.10 mipsel-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 10 2016
Aug 20 11:38:42 openvpn[1166]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Aug 20 11:38:42 openvpn[1170]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 20 11:38:42 openvpn[1170]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Aug 20 11:38:42 openvpn[1170]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 11:38:42 openvpn[1170]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 11:38:42 openvpn[1170]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Aug 20 11:38:42 openvpn[1170]: UDPv4 link local: [undef]
Aug 20 11:38:42 openvpn[1170]: UDPv4 link remote: [AF_INET]184.75.223.194:443
Aug 20 11:38:42 openvpn[1170]: TLS: Initial packet from [AF_INET]184.75.223.194:443, sid=b29159d2 e18b09df
Aug 20 11:38:42 openvpn[1170]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 20 11:38:42 openvpn[1170]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Aug 20 11:38:42 openvpn[1170]: Validating certificate key usage
Aug 20 11:38:42 openvpn[1170]: ++ Certificate has key usage  00a0, expects 00a0
Aug 20 11:38:42 openvpn[1170]: VERIFY KU OK
Aug 20 11:38:42 openvpn[1170]: Validating certificate extended key usage
Aug 20 11:38:42 openvpn[1170]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 20 11:38:42 openvpn[1170]: VERIFY EKU OK
Aug 20 11:38:42 openvpn[1170]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Aug 20 11:38:51 openvpn[1170]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 20 11:38:51 openvpn[1170]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 11:38:51 openvpn[1170]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 20 11:38:51 openvpn[1170]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 20 11:38:54 openvpn[1170]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Aug 20 11:38:54 openvpn[1170]: [server] Peer Connection Initiated with [AF_INET]184.75.223.194:443
Aug 20 11:38:56 openvpn[1170]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Aug 20 11:38:56 openvpn[1170]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.52.91 255.255.0.0'
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: LZO parms modified
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: route options modified
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: route-related options modified
Aug 20 11:38:56 openvpn[1170]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 20 11:38:56 openvpn[1170]: TUN/TAP device tun15 opened
Aug 20 11:38:56 openvpn[1170]: TUN/TAP TX queue length set to 100
Aug 20 11:38:56 openvpn[1170]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 20 11:38:56 openvpn[1170]: /usr/sbin/ip link set dev tun15 up mtu 1500
Aug 20 11:38:56 rc_service: service 1225:notify_rc updateresolv
Aug 20 11:38:56 dnsmasq[1159]: read /etc/hosts - 5 addresses
Aug 20 11:38:56 dnsmasq[1159]: using nameserver 10.4.0.1#53
Aug 20 11:39:02 openvpn[1170]: /usr/sbin/ip route add 184.75.223.194/32 via ( my real ip)
Aug 20 11:39:02 openvpn[1170]: /usr/sbin/ip route add 0.0.0.0/1 via 10.4.0.1
Aug 20 11:39:02 openvpn[1170]: /usr/sbin/ip route add 128.0.0.0/1 via 10.4.0.1
Aug 20 11:39:02 openvpn-routing: Skipping, client 5 not in routing policy mode
Aug 20 11:39:02 openvpn[1170]: Initialization Sequence Completed

Share this post

Link to post

germain85    1

germain85
Posted ...

@germain85, Asus merlin openvpn client gui has an option for automatic firewall.  there's no need to have a script running for more firewall stuff.  and your port forwarding IP tables look correct.

 

so it seems you DO know how to configure your router.

 

lol! Maybe!

KennethVPN reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...