ASUS VPN Fusion and port forwarding

[Peterom 0]

Hello,

I have an issue with port forwarding and my ASUS router.

I've got an ASUS route, running the latest stock firmware (3.0.0.4.388_23013) with mostly default settings.
The router is directly connected to a modem in bridge mode so there's no double NAT.
I imported a wireguard profile and assigned my NAS to this profile.
So far everything works good and as expected, and the VPN connection is active for my NAS.

Most posts in this forum seem to be about the ASUS merlin firmware, but I'd rather not install a custom firmware if not necessary.

For my setup:
I am running an owncloud docker instance on my synology NAS and want to access it with port forwarding on the internet.
Therefore I went to https://airvpn.org/ports/ and assigned a port and DDNS entry.
My owncloud docker container has the port 8080 assigned as local and container port and I can access it correctly with my local ip:port.
The port entry has port X assigned and as local port I setup 8080 to match the owncloud port.

If I now test the port status with "test open" on the ports page, I just get the "Connection timed out (110)" error.
Afaik, there shouldn't be any custom port forwarding rules necessary in my router settings, as the FAQ says don't forward the ports you want to use in the router, as that might be a security risk (?).
Also accessing the ddns:port address and checking the outgoing ip:port gives also connection timeout in my browser.

For testing I also forwarded a random other port and tried to listen on it on my windows pc with openvpn active and that yielded the same results.
Forwarding a random port in my router and then listening to it without vpn worked though, as some testing webpage showed that this port is open then.

I tried to troubleshoot it with the help of ChatGPT, but all the ideas it had, didn't yield and results or improvements.
Am I missing something?
There doesn't seem to be any special settings regarding the VPN Fusion connection and any type of port forwarding etc.



 

[Staff 9972]

@Peterom

Hello!

If it's the router the device connecting to the VPN server you need to forward the port to the final destination (your NAS address), from the tun interface. It's important that you don't use the router port panel, which will forward from the physical network interface. You can follow the instructions here because Asus Merlin WRT has iptables (and lets you access it of course):
https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

Kind regards

 

[Peterom 0]

On 6/22/2023 at 2:26 PM, Staff said:

@Peterom

Hello!

If it's the router the device connecting to the VPN server you need to forward the port to the final destination (your NAS address), from the tun interface. It's important that you don't use the router port panel, which will forward from the physical network interface. You can follow the instructions here because Asus Merlin WRT has iptables (and lets you access it of course):
https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

Kind regards

Thanks for your reply.
Sadly I'm running the stock firmware, and I just checked: Asus Merlin WRT is not even available for my router device (yet).
So if I can't directly modify the ip-tables with the current stock firmware, I guess that leaves me no option to have the vpn running on the router then 😥

[go558a83nk 362]

3 hours ago, Peterom said:

Thanks for your reply.
Sadly I'm running the stock firmware, and I just checked: Asus Merlin WRT is not even available for my router device (yet).
So if I can't directly modify the ip-tables with the current stock firmware, I guess that leaves me no option to have the vpn running on the router then 😥

isn't ssh available even on stock firmware?