Menu
What's new
By:
Filters Better Search

Asus AC68U OpenVPN Server Blocked by windows firewall

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

V

Viper9087

New Around Here
I'm setting up a VPN with my Asus AC68R and built in OpenVPN Server.
I can connect to the router and ping my router, Printer, and IP phone, but I cannot ping or connect to any PC clients connected to that router. the connection is blocked by windows firewall.

If I disable the Windows firewall, then I can connect with no issues, but the point of using OpenVPN is to have a secure connection. I have searched all over and only found answers for using PPTP, or if OpenVPN was on the PC acting as a server, but nothing about using the built in router function.

I have everything set up as told in this How-to-guide :
http://www.smallnetbuilder.com/othe...-setting-up-and-using-openvpn-on-asus-routers

Unfortunately when he mentions the firewall issue he provides no solutions for it being blocked. Just says to make sure its not.
I have tried as both TUN and TAP. With the same issue. but I was not able to see my network interface as he seemed to imply with TAP but that didn't work.

I have 2 PC's on my network one with windows 10, the other with windows 7. I can connect to windows 10 with the firewall off only, but not with windows 7 firewall on or off.
Client is a laptop with windows 10 running OpenVPN.

Also tried opening ports 1723, 47, 443 on windows firewall with no luck.

I'm guessing that the ASUS router's OpenVPN connects to the lan client differently than if I were running OpenVPN on the PC itself.

My goal is to map a network drive from a remote PC to access a folder on my home LAN "server" pc (not an actual server). No I cannot use a cloud service, or Router USB as my particular need does not work with those options. The end result must be a mapped network drive.

Ideally I would love to be able to connect to my homegroup from my laptop but that doesn't seem possible from what I have read.

I have been at this every night till 5am for the past week traveling out 20 min to use a buddy's Wi-fi to test every change as the free Wi-Fi around here blocks VPN's and constantly drops me, and I can't figure out a way to test the connection from home.

If you have any solutions please provide them in a Step by step, I haven't fiddled with this stuff in over 10 years and am extremely rusty.

Thanks!
 
Configure the firewall to open up the IP range used by your OpenVPN tunnel (by default it's 10.8.0.0/24).
 
I haven't found that anywhere else so thank you very much for that.
Closest I got to that was a person recommending to add a gateway to the tap adapter.

OK, well progress...

I can now fully access everything via TAP. So at least I can get up and running.

Unfortunately windows firewall is still blocking TUN. If I try to connect via TUN, I can ping my router, printer, etc but I cannot ping my home clients.
Likewise I cannot map a network drive, unless I disable the firewall in windows.
This occurs on both the Win 7 and Win 10 Lan clients connected to the router.

Now I have a slight understanding than TUN is better... but not much explaining why other than latency.

While I don't mind latency from a bridged connection as that is not the intended purpose of this project, I cannot afford to get a corrupted file save should the connection have a hiccup while saving a file. Someone (USER A) mentioned this was a possibility on TAP and not on TUN. Unfortunately I do not understand why it would make a difference in that sense. Wouldn't windows just reject the file save if it was interrupted? Apparently (as I'm told by someone else USER B) this is an issue because how QuickBooks constantly updates/saves the company file.

So now my questions are:
Is there really an issue of data corruption on TAP vs TUN?
What are the real differences?
And any ideas on why Win Firewall is blocking TUN?
 
Viper9087 said:
Is there really an issue of data corruption on TAP vs TUN?
Click to expand...

No.

Viper9087 said:
What are the real differences?
Click to expand...

Technically speaking, TUN works at layer 3, and TAP works at layer 2.

In more general terms: TUN is really a tunnel between two networks, where you have to route/NAT your traffic. TAP is a bridge that puts the two networks together, which means it will also include broadcast traffic. That means stuff like DHCP or UPNP will reach both side of your network, so you have to deal with it by ensuring that only one DHCP server runs for both sides.

For common folks, almost everyone wants TUN. Only very specialized scenarios require TAP, which is far more complex to setup properly.
 
Viper9087 said:
Any ideas why the firewall is blocking tun?
Click to expand...

You most likely didn't open the IP range as previously mentioned. This has nothing to do with TUN itself. I can't guide you through the Windows firewall configuration because I don't use it. In Norton Security, my rule just looks like this.

fwrule.png
fwrule2.png
fwrule3.png
 
I don't have time to make a screenshot, but I can assure you both windows have 10.08.0.0 - 10.8.0.24 open in both inbound and outbound rules. I can connect with no issues in TAP.
When I do Tun it tells me there is no path to the network dive unless I disable the firewall.
I cannot ping the computer either while the firewall is on in Tun mode.

I have also noticed Interference (services comes and goes) with Team Viewer (RDP) while running TAP. (I was using team viewer to change settings on the Host network while testing the connection remotely) This past time I did not drive to use my friends wifi, and I used a wifi hotspot. Maybe they have something blocked? But I don't understand why when I disable the firewall I could then ping the computer and map the drive.
 
Then you didn't configure your firewall correctly, that's all I can say there. The fact that disabling the firewall resolves your issue is all the proof you need.
 
Viper9087 said:
I'm setting up a VPN with my Asus AC68R and built in OpenVPN Server.
I can connect to the router and ping my router, Printer, and IP phone, but I cannot ping or connect to any PC clients connected to that router. the connection is blocked by windows firewall.

If I disable the Windows firewall, then I can connect with no issues, but the point of using OpenVPN is to have a secure connection. I have searched all over and only found answers for using PPTP, or if OpenVPN was on the PC acting as a server, but nothing about using the built in router function.

I have everything set up as told in this How-to-guide :
http://www.smallnetbuilder.com/othe...-setting-up-and-using-openvpn-on-asus-routers

Unfortunately when he mentions the firewall issue he provides no solutions for it being blocked. Just says to make sure its not.
I have tried as both TUN and TAP. With the same issue. but I was not able to see my network interface as he seemed to imply with TAP but that didn't work.

I have 2 PC's on my network one with windows 10, the other with windows 7. I can connect to windows 10 with the firewall off only, but not with windows 7 firewall on or off.
Client is a laptop with windows 10 running OpenVPN.

Also tried opening ports 1723, 47, 443 on windows firewall with no luck.

I'm guessing that the ASUS router's OpenVPN connects to the lan client differently than if I were running OpenVPN on the PC itself.

My goal is to map a network drive from a remote PC to access a folder on my home LAN "server" pc (not an actual server). No I cannot use a cloud service, or Router USB as my particular need does not work with those options. The end result must be a mapped network drive.

Ideally I would love to be able to connect to my homegroup from my laptop but that doesn't seem possible from what I have read.

I have been at this every night till 5am for the past week traveling out 20 min to use a buddy's Wi-fi to test every change as the free Wi-Fi around here blocks VPN's and constantly drops me, and I can't figure out a way to test the connection from home.

If you have any solutions please provide them in a Step by step, I haven't fiddled with this stuff in over 10 years and am extremely rusty.

Thanks!
Click to expand...
Look at this article at the bottom I explain how to fix the firewall issue with windows.

http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
 
You must log in or register to reply here.

Similar threads

X
IVMS-4200 on windows computer, trouble adding remote camera
Replies
2
Views
267
degrub
D
P
R9000 with Voxel's Custom firmware Unable to connect via TUN
Replies
5
Views
423
R. Gerrits
R
M
OpenVPN Server - route back to client
Replies
7
Views
164
mekabe remain
M
C
OpenVPN advice for multiple simultaneous clients on same host
Replies
3
Views
547
eibgrad
eibgrad
M
Asus OpenVpn Server behind behind another router (Google Mesh).
Replies
1
Views
453
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
G Pi-Hole + Asus WRT Wireguard VPN 1
L Client to client disabled when using static IP on OpenVPN ASUS RT-AC3200 VPN 31
M Asus OpenVpn Server behind behind another router (Google Mesh). VPN 1
C OpenVPN advice for multiple simultaneous clients on same host VPN 3
N Mikrotik as OpenVPN client, lan behind mikrotik? VPN 2
O TV with OpenVPN client VPN 16
M Help Me Understand OpenVPN VPN 5
S Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site? VPN 2
R How to route/bridge OpenVPN TUN Client to LAN/BR0? VPN 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 780 (members: 39, guests: 741)
Top