Question on connecting to DD-WRT router remotely when VPN is connected and running

[h3avpns3nt 3]

Hi, I own an Asus RT-N16 and I am running the VPN build of DD-WRT on it. All is well. And I can successfully connect the router through the AirVPN servers. All my LAN devices/services that connect to the router are thus (i hope) routing through the VPN also. This is great! <<--- quick question, how can I check this is truely happening by the way?

I use DDNS service from DynDns.org to lookup my current "sticky" WAN IP that my ISP hands out and then serve it via a domain name. This has worked well in the past. And I have UPnP and/or port forwarding rules set on the router for any services I may be running internally so they can be accessed remotely (NAS services, P2P clients etc).

However, when the VPN is switched on, I cannot connect to the web gui of the router using my DDNS host name remotely. Neither can I now administer my internal services. If I switch the VPN off, I can again. My immediate thoughts are because the router is now broadcasting a new WAN IP address to which the DDNS service isnt registered to.

This is actually quite a confusing scenario for me. As technically thats the main reason why I want the VPN in the first place. To effectively hide my real IP from the wider internet!! So its sort of doing its job ironically.

I would still like to administer my services and check on my P2P at the domain name when out and about. Ideally.

Is there something neat I can do on DD-WRT? Can anyone help or point me in the direction to shed some light on the matter. Maybe its a simple checkbox im missing.

Thanks

[h3avpns3nt 3]

Hi, I own an Asus RT-N16 and I am running the VPN build of DD-WRT on it. All is well. And I can successfully connect the router through the AirVPN servers. All my LAN devices/services that connect to the router are thus (i hope) routing through the VPN also. This is great! <<--- quick question, how can I check this is truely happening?

I use DDNS service from DynDns.org to lookup my current "sticky" WAN IP that my ISP hands out and then serve it via a domain name. This has worked well in the past. And I have UPnP and/or port forwarding rules set on the router for any services I may be running internally so they can be accessed remotely (NAS services, P2P clients etc).

However, when the VPN is switched on, I cannot connect to the web gui of the router using my DDNS host name remotely. Neither can I now administer my internal services. If I switch the VPN off, I can again. My immediate thoughts are because the router is now broadcasting a new WAN IP address to which the DDNS service isnt registered to.

This is actually quite a confusing scenario for me. As technically thats the main reason why I want the VPN in the first place. To effectively hide my real IP from the wider internet!! So its sort of doing its job ironically.

I would still like to administer my services and check on my P2P at the domain name when out and about. Ideally.

Is there something neat I can do on DD-WRT? Can anyone help or point me in the direction to shed some light on the matter. Maybe its a simple checkbox im missing.

Thanks

[Staff 9894]

Hi, I own an Asus RT-N16 and I am running the VPN build of DD-WRT on it. All is well. And I can successfully connect the router through the AirVPN servers. All my LAN devices/services that connect to the router are thus (i hope) routing through the VPN also. This is great!

Hello!

Please browse to our web site with any device connected to your router and check that the central bottom box is green.

If you use a p2p client you can perform an additional check here:

http://checkmytorrentip.com/

However, when the VPN is switched on, I cannot connect to the web gui of the router using my DDNS host name remotely. Neither can I now administer my internal services. If I switch the VPN off, I can again. My immediate thoughts are because the router is now broadcasting a new WAN IP address to which the DDNS service isnt registered to.

You can access your router web interface even when connected to the VPN in the following way:

- forward a remote port on our system and remap it to local port 80 (or any local port which the router web interface listens to)

- configure your DDNS to point to the exit-IP address of the Air server the router is connected to

- access your router web interface directly at http://: or via DDNS (on the same port)

Kind regards

[h3avpns3nt 3]

Please browse to our web site with any device connected to your router and check that the central bottom box is green.

It is. Im connected to "Bootis".

If you use a p2p client you can perform an additional check here:

http://checkmytorrentip.com/

I've already tested this "just out of curiosity" and my P2P client 'transmission' correctly reports the Bootis IP. However, the "listening" port says 'closed' though, even after correctly using your remote port forwarding tools. However, I think the reason this may be is perhaps down to a mis-configuration of my current IPTABLES firewall setup:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 53539 -j DNAT --to-destination 192.168.1.3

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 53539 -j DNAT --to-destination 192.168.1.3

^^^ does this look right? I followed advice from another forum thread. I quote below;

Did you forward the port 16050 to the appropriate router client and port (DNAT)? This is only necessary if you connect to the VPN through the router, in which case the port is correctly forwarded remotely, but it needs an additional forward from your router to the final client since no TUN interface is running on the final client, but only on the router.

Please see here:

airvpn.org/index.php?option=com_kunena&a...&Itemid=142#4695

You can access your router web interface even when connected to the VPN in the following way:

- forward a remote port on our system and remap it to local port 80 (or any local port which the router web interface listens to)

- configure your DDNS to point to the exit-IP address of the Air server the router is connected to

- access your router web interface directly at http://<exit-IP>:<remote forwarded port> or via DDNS (on the same port)

Kind regards

Interesting, ill give that a try.

Thanks

[h3avpns3nt 3]

Hi, to confirm. I cannot get any ports to forward. Grey dots in port check page.

My current DD-WRT Firewall script looks like this now:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080

iptables -t nat -I PREROUTING -i tun0 -p udp --dport 53540 -j DNAT --to-destination 192.168.1.3:4080

The first 2 entries are from following your DD-WRT setup tutorial.

The 3rd and 4th entries are what I believe to be correct entries for forwarding on the VPN traffic to my internal device from my router. (for the record the device is running a web gui on that IP and that port). Ive entered 53540 in the port box and 4080 in the local box

To be honest im not sure exactly what the first 2 entries do, and ive even tried removing these 2 entries and the VPN still connects?? Bootis server still lights up green at bottom. Regardless can someone check my firewall script please.

Further, i notice that there are only so many ports available (as others may be using them) doesnt this mean then that other customers of yours that are also connected to the same VPN server can by accident or by trial and error reach another customers devices they may have setup??! Or is this all locked down by the ca, cert, private key configuration?

Thanks