Menu
What's new
By:
Filters Better Search

Client access to LAN whilst connected to OpenVPN Client [AsusWrt Merlin]

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

7

7h1nk

New Around Here
I have several WiFi clients behind an Asus AC3200 running AsusWrt Merlin but only 2 of which I'd like to go out via the VPN but also be able to access local resources on the LAN.

The LAN is slightly complex because it consists of the following:-

WiFi Clients > Asus > Switch > Firewall > Internet
Wired Clients > Switch > Firewall > Internet

WiFi clients are on 192.168.2.x and clients wired into the switch are on 192.168.1.x. WiFi clients can currently access LAN resources on the 192.168.1.x network.

The Asus does DHCP for WiFi clients, then has an IP of 192.168.1.2 on its WAN interface. I also have the OpenVPN client configured.

Using policy based routing, what is best practice please with regards to sending a WiFi client through the tunnel but allowing it to access to the LAN at the same time?

Should I set the Policy Rules to Strict, and then rules for the cient as below...

- 192.168.2.11 to 0.0.0.0 Iface of VPN
- 192.168.2.11 to 192.168.1.0/24 Iface WAN
- 192.168.2.11 to 192.168.2.0/24 Iface WAN

...and then repeat for the other WiFi client, and a single client which is hardwired into the Asus. Or is there a better method I should be looking at please?
 
7h1nk said:
I have several WiFi clients behind an Asus AC3200 running AsusWrt Merlin but only 2 of which I'd like to go out via the VPN but also be able to access local resources on the LAN.

The LAN is slightly complex because it consists of the following:-

WiFi Clients > Asus > Switch > Firewall > Internet
Wired Clients > Switch > Firewall > Internet

WiFi clients are on 192.168.2.x and clients wired into the switch are on 192.168.1.x. WiFi clients can currently access LAN resources on the 192.168.1.x network.

The Asus does DHCP for WiFi clients, then has an IP of 192.168.1.2 on its WAN interface. I also have the OpenVPN client configured.

Using policy based routing, what is best practice please with regards to sending a WiFi client through the tunnel but allowing it to access to the LAN at the same time?

Should I set the Policy Rules to Strict, and then rules for the cient as below...

- 192.168.2.11 to 0.0.0.0 Iface of VPN
- 192.168.2.11 to 192.168.1.0/24 Iface WAN
- 192.168.2.11 to 192.168.2.0/24 Iface WAN

...and then repeat for the other WiFi client, and a single client which is hardwired into the Asus. Or is there a better method I should be looking at please?
Click to expand...
I advice you to put your in LAN/ DHCP server / IP Pool like this 191.68.11.100 - 192.168.11.254
Next I assume that router A lan goes to router B WAN?
if so then find out the IP address that your router A is giving to router B
Go to DHCP server and enable Enable Manual Assignment
Look for the Router B in the MAC address section and choose it. Then assign another IP to ROUTER B
and keep it under .100 example 192.168.2.65
now create one rule
192.168.2.65 0.0.0. 0 VPN
All of Router 2 will be on VPN and every other device will be on WAN

If you want to have LAN shares on both then I would suggest you keep the same subnet for both routers.
router A 192.168.1.1 router B 192.168.1.2
then its even easier all you have to do is create a rule on Router A for router B which will have all internet via VPN
192.168.1.2 0.0.0.0 VPN

if you want only 2 clients from the second router that are on wifi but the rest to be on local ISP
then look for the 2 clients that are connected on router B and give them an IP address under .100 in Router A policy rules.
so if your wi fi cleints are 192.168.1.106 and 192.168.1.150 go to Manually Assigned IP around the DHCP list in LAN/ DHCP and change their IP to 192.168.1.50 and 192.168.1.51
now create a rule on router A
192.168.1.50 0.0.0.0 VPN
192.168.1.51 0.0.0.0 VPN
these 2 devices will be on the VPN and everything else on local ISP
you can also do CDIR range but if you only have a couple of devices its not worth the hassle.

Hope that helps
 
One thing I forgot to mention
if you do LAN to LAN you have to disable DHCP on router 2 and when you force the DHCP server to give a sepcific address which goes to the VPN unplug the network cable from Router A that goes to Router B so that the IP address changes.
if you do LAN to WAN reboot router B for the new IP address to take effect.
 
You must log in or register to reply here.

Similar threads

L
Client to client disabled when using static IP on OpenVPN ASUS RT-AC3200
2
Replies
31
Views
2K
libertyspike138
L
G
Wireguard VPN Client: killswitch activation -> LAN administration lock-out
Replies
6
Views
776
ZebMcKayhan
Z
N
Mikrotik as OpenVPN client, lan behind mikrotik?
Replies
2
Views
744
eibgrad
eibgrad
N
Solved OpenVPN Server split tunnell config
Replies
5
Views
396
elorimer
E
N
dedicated router for OpenVPN
Replies
4
Views
369
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
K Help with Wireguard Client set up, access local LAN & provider DNS VPN 1
L Client to client disabled when using static IP on OpenVPN ASUS RT-AC3200 VPN 31
N Mikrotik as OpenVPN client, lan behind mikrotik? VPN 2
O TV with OpenVPN client VPN 16
tagfoto Pulse Secure Desktop Client Failing VPN 8
S How to start client VPN from the CLI on tomato firmware VPN 0
gdgross Setting up VPN server (router?) for offsite access VPN 13
C Instant Guard IPsec VPN Log Showing Regular Access Attempts VPN 3
A Two router (one of them 4G) and same LAN VPN 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 841 (members: 35, guests: 806)
Top