Jump to content
Not connected, Your IP: 3.137.181.194
Sign in to follow this  
mountje1981

can't connect to my own VPN server on Asus router due to airvpn

Recommended Posts

Hello,

 

previous my situation was as follow

 

I was running a vpn server on my asus RT-AC68U router. With my android phone and tablet i could connect from outside my home to the VPN server on the asus router and therefore communicate with all my home network devices.

 

New situation:

 

I have taken a test subscription with AirVPN to browse the web a bit safeir. So i entered the Airvpn config file into my Asus router and can connect to my new airvpn server. But here is the problem that i can't connect anymore from outside my home to my internal home network. Reason will problably that all my traffice now goes through the VPN tunnel of Airvpn. So my DynDNS name in my asus router is not reconizing my external WAN adress anymore.

 

Is there any solution to fix this or do i constantly have to login to my asus router -> disable Airvpn and then i can connect again from outside my home?

Or can i communicate with my home devices when AirVPN is still active?

 

regards

Share this post


Link to post

You can forward a high port and use that port as your OpenVPN server port.

 

 

Hi, do i have to forward that high port in my asus router or somewhere else? I have just started with taking a VPN subscription and still have to learn about that. 

Can you give an example of wat i have to do?

 

Thx

Share this post


Link to post

The forwarded port should be on the AirVPN server you are connecting to.

You can find more info in this section:

https://airvpn.org/ports

 

Your OpenVPN server on the router has to listen on the port you are forwarding.

Some more routing rules might be required but this is the first step.

 

The next step would be setting your OpenVPN client with the "route-nopull"

directive, and manually create a firewall rule to force all NAT clients to use the

gateway you have from the AirVPN connection.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Ok AirVPN has generated a port for the server i am connected to. In my Asus router i filled in this generated port into the server config.

 

My OpenVPN client is my android phone. Where can i find this route-nopull directive. I am using the openVPN app on my android phone

 

Thx

Share this post


Link to post

Your OpenVPN client is your router, which acts both as a client and as a server.

Note that this is an advanced routing and configuration, and this is not part of the supported configurations.

You will need at least medium networking and iptables knowledge in order to achieve this yourself.

 

The OpenVPN forum is full of threads like this, but chances are that you are on your own.

https://forums.openvpn.net/viewtopic.php?t=21533

 

Read that thread, add the route-nopull option, adjust the iptables rules to match your LAN subnet,

and this should work.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Hi,

 

I have managed to get i work by adjusting the config file i use in my android phone. If i fill in the ip adres that i see in "Client area" visible in internet with IP (exit) together with the port i forwarded on the airvpn server i can connect to all my local devices and network while my router is still connected to the airvpn server.

Ofcours once that ip adres changes or i connect to another airvpn server it wil be broken again until i adjust the ip adres again.

Not the best solution i think

 

Regards

Share this post


Link to post

...

I was running a vpn server on my asus RT-AC68U router.

...

So i entered the Airvpn config file into my Asus router and can connect to my new airvpn server. But here is the problem that i can't connect anymore from outside my home to my internal home network. Reason will problably that all my traffice now goes through the VPN tunnel of Airvpn. So my DynDNS name in my asus router is not reconizing my external WAN adress anymore.

...

 

Is this router running a version of Linux inside? Like WRT? If so and you have access to add a start up script somewhere you can do as described here:

 

https://airvpn.org/topic/12274-ubuntu-vm-cant-connect-through-openvpn/?p=44812

 

That refers to SSH connections on the real IP interface from outside, but it applies to any connection type.

 

...

UPDATE 2:

 

I did not actually explain the problem above. The problem is that the default gateway gets changed by OpenVPN, and that breaks your current SSH connection unless you set up appropriate routes before you start OpenVPN.

 

Here is a more general purpose solution than what was in "UPDATE" above.

 

It is assumed here that the default gateway interface before OpenVPN is started is "eth0". This is the usual convention

for Linux systems.

 

It should ensure that when a connection to eth0 is made, even if eth0 is not the default gateway interface anymore, response packets for the connection back on eth0 again.

# set "connection" mark of connection from eth0 when first packet of connection arrives
sudo iptables -t mangle -A PREROUTING -i eth0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1234

# set "firewall" mark for response packets in connection with our connection mark
sudo iptables -t mangle -A OUTPUT -m connmark --mark 1234 -j MARK --set-mark 4321

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 table 3412

# route packets with our firewall mark using our routing table
sudo ip rule add fwmark 4321 table 3412
UPDATE to UPDATE 2:

 

The above works fine for me on Debian Jessie. But on an older Wheezy system I have just found that I need to add "via" to the routing table entry:

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 via 12.345.67.89 table 3412
There "12.345.67.89" must be the original non-VPN gateway.

 

 

Just realized that you have a second part to your problem:

 

...

So my DynDNS name in my asus router is not reconizing my external WAN adress anymore.

...

 

So it is the exit IP address on the AirVPN server that gets registered at DynDNS? If you have access to the Linux system inside you could add routing table entries to route traffic to DynDNS out the real interface. Or if you can change the OpenVPN config file you could try doing as is described here:

 

https://airvpn.org/topic/20447-routing-outside-vpn-with-openvpn/?p=52186

 

Route traffic to DynDNS out the real interface.

 

UPDATE:

 

See this:

 

http://mycyberuniverse.com/linux/full-controling-the-asus-router-via-command-line.html

 

I have an RT-N56U router, and I was just now able to login using telnet. The iptables and ip commands seem to be there. But I have not explored further. If you decide to go this route, be very, very careful!

Share this post


Link to post

In my asus router i had configured a DynDNS for my WAN ip adres since i don't have a static IP from my ISP. So if i was connecting to my home network through VPN i had to use the Dyndns name instead of the actual WAN IP adress. But now with airvpn i have ofcourse a private WAN ip adres  that is depended on what airvpn server i am connected to at that moment. For now i have to constantly change the IP adres in my openvpn profile (on laptop or smartphone) to match my wan ip adres of airvpn and then it all works fine.

Once i connect to another server i have to change it again and so on. That is the problem i am facing now.

Hope it is a bit clear

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...