N66U - No remote access using asuscomm.com after openvpn client is connected.

[Nish]

Hey folks!
This is my first post if you don't count me answering one other person's question before asking my own. (I believe in ratios such as upload /download

Here it is:
I have a cable modem connected to an RT-N66U.
My N66U pick up the public IP from the modem, and updates my dynamic DNS service with xxxx.asuscomm.com
I then use my cell phone connected only to LTE, and I can access my router perfectly.

No problems so far.

Now, I start my OpenVPN client on my router (Newest official asus firmware btw). It connects just fine to PrivateInternetAccess. All devices within the network can go to whatismyip dot com, and it shows the IP that the vpn service provider uses to communicate with my router.

However, now, trying to connect to my real public IP from my modem, OR the xxx.asuscomm.com address FAILS.

Seems like the VPN TUN is configured to be the ONLY route in or out once it is enabled. I would like to somehow (without setting up a VPN Server on the router) to allow remote access to my USB attached hard drive on the N66U.
(FTP hopefully)

Can anyone help me out? I have been pushing back on dealing with this annoyance for 2 years... I want to figure this out before I go with an RT-AC87U.

 

[polar26]

Sorry to hijack this thread
I`m also struggling with the above issue if anybody can help us both out

Can connect to asus.comm.com (ddns) Using internal network. when openVPN client is connected in router .

Examples

http://*******.asuscomm.com:41985/gui/ ( torrent )
http://*******.asuscomm.com:4440/index.view (Subsonic Media Server)

But when i try to access these sites remotely with the VPNclient connected i can no longer access the above with asuscomm.com (ddns)

 

[akbor]

Hi,

that's crazy, but seems to be true. Yesterday I configured a VPN-Server in my RT-AN68U (running on Merlin’s Build 3.0.0.4.376.44_0). Since this time *.asuscomm.com service was unreachable. But I was not able to associate these both events with each other, until I read this topic. I thought, asuscomm.com has some problems over the weekend and I posted that here. Now, after reading this topic I disabled the VPN server in the settings and my *.asuscomm.com domain is registered again. What could be the reason? I was so happy about an easy to configure and easy to use VPN service, but without a DDNS domain it doesn't make a sense.

Regards


P.S.: the VPN server worked fine, of course I couldn't reach my router from the WAN so I tried to configure my public/WAN IP directly in the VPN client to test that.

 

[clavas]

I am having the same issue with AC68U running Merlin firmware

I have successfully got the OpenVPN client connected to PIA and running fine. I have DDNS service running (No-ip.com) and this correctly maps my ISP provided ip to the PIA ip.

I can successfully connect to the router using DDNS when inside my LAN but cannot connect over internet?

Anyone got to the bottom of this issue?

 

[dooniem]

Can we get a bump on this?

 

[barfly711]

I have an N66U and just upgraded last night to 376.2524 from a pretty old 374.???? build. Afterwards I could no longer hit my DDNS internally.

Rolling back to 374.5517 resolved the issue for me.

 

[SmallNetGuy]

I am having the same issue with AC68U running Merlin firmware

I have successfully got the OpenVPN client connected to PIA and running fine. I have DDNS service running (No-ip.com) and this correctly maps my ISP provided ip to the PIA ip.

I can successfully connect to the router using DDNS when inside my LAN but cannot connect over internet?

Anyone got to the bottom of this issue?

Hi, forgive me if I'm on a wrong track, but I had problem with connecting to my router remotely from my studio in another town. Locally I was able to connect, just like others, no problems at all, but no go when I tried from outside.

Anyway, this is what I did... also just to make a note, I am using ASUS RT-AC68U, and I am on a latest AsusWRT Merlin Build.

In AsusWRT Merlin build, go to Administration / System / Enable Web Access from WAN and put a checkmark next to it. Another option will appear below, Port of Web Access from WAN. Set one for HTTP and another one for HTTPS (for example, 2222 for HTTP and 22224 for HTTPS). Then in your browser (outside of your network) type Your-DDNS-Host-Name:2222 and HTTP access should work just fine. I did it and it works for me.

Hope this helps a bit, and forgive me if I did not completely understand your questions, this is my first post here.

Have a wonderful day everybody!

 

[ginojens]

SmallNetGuy: Wrong track dude.

Admin web access from WAN have nothing to do with DDNS.

The issue to solve is that DDNS stops working when U enable OpenVPN Client.

U have to manually update your new PIA IP and put it in your "NO-IP.com" host domain.

Or, a better way, try to open up your router for incoming TCP on your ISP IP.

How ? I don't know. A tunnel is a tunnel. If U open up your router, the OpenVPN client isn't doing the thing it was meant for.

Clear ?! hmm somehow =)

 

[Nish]

Correct, wrong track...

Just so everyone knows, I am still trying to figure this out.
I was told selective routing was the way to go, but I do not see how this will solve my issue.

I would like to simply get remote access to my router, via going through the PIA IP address. (myaccount.asuscomm.com = PIA_IP_Address)

As of right now, myaccount.asuscomm.com = BELL_IPaddress)

Is there not a telnet command that can be scheduled to run every 15 minutes that sets the asuscomm.com DDNS to the TUN (PIA) IP address?

 

[Nish]

Clavas!
With NO-IP.com, if you ping your myaccount.no-ip.com, does it show your PIA IP address?
Or your ISP provided IP?

 

[john9527]

How are you trying to access your router?

PIA blocks all ports except for 22,53,80,110,443 and 500

You can open an additional port if you connect to specific servers (these special servers are only in the EU) and use their client software or with some scripts you can find in the PIA forum on their support website (I've never used them so don't know if they work or not).

 

[Nish]

I'm unsure as I haven't monitored the WAN port to see which port get's used for the DDNS update. However, in MOST cases, it is 443. Its a simple connect to https and update record kind of deal. I am not sure about how exactly asuscomm.com works though. I do however know that PIA is not blocking the DDNS update. Reason why I am saying this, is that the DDNS update task comepltes successfully, and updates ASUSCOMM.COM to the IP address given to me by my CABLE Internet ISP. It "seems" like asus hasn't built-in the option to say "Click the checkbox if you would like to replace your WAN ip with your TUN ip (IP given by PIA)

I am debating manually setting up my WAN port as a static IP to whatever I currently have from PIA. Then force a DDNS update. See if the outcome is actually suitable.

Where are all the routing / NAT experts? LOL.
Where is RMerlin...

 

[rbadon]

Nish....Have you found the answer to your problem? I have the same router and vpn service AND the same problem

 

[Nish]

Nope Same ol'

I still do not have it working.
I am told I need to configure it for "Selective Routing" or "Policy Based Routing"...

Essentially,
"
IF InternalIPis 192.168.10.10(Samsung TV) THEN Pass it though VPN Tunnel
IF InternalIPis 192.168.10.11(Torrent Laptop) THEN Pass it though VPN Tunnel
ELSE Pass it through WAN.
"

However,
In my case (probably yours as well)
My router (192.168.10.1)
Needs access to/from WAN in order to have access from outside, and DDNS.
ALSO, the same IP (192.168.10.1) ALSO needs to access VPN Tunnel for torrents.

So in short, I am looking for a selective routing that is DESTINATION IP based, or PORT number based.

 

[rbadon]

Dang!!! I have Security IP CAMS that Ineed access to that work fine using DDNS but when I turn on the VPN switch on the N66U I am blocked from accessing them as well as the USB drive attached. If you find soloution I would appreciate sharing.

 

[Nish]

Hahaha, I have similar too...
My security cam is used for when I get a sitter though, I can see how the kid is behaving, and when he goes to sleep.

That being said, you have an N66U though right?

VPN speed is greatly slowed down on it. I upgraded to the RT-AC87R.
(More ram and more importantly, CPU speed)
Same problem with no remote access after tunnel is up though...

But my 20mb download speed is 18 mb through the VPN.
VS
with my N66U my download speed went from 20, down to 7.

 

[Nish]

Just came to mind,
Selective routing might work for you if you don't use the built-in downloader, etc.

I don't know if you can put

IF IP=192.168.1.1(router) then route through WAN
IF IP=192.168.1.100 to .110 (Security Cameras) -> route through WAN,
ELSE route through VPN Tunnel.

Only problem is your torrent downloader on the router will NOT be encrypted.
Neither will access to your hard drive from outside your home.
UNLESS you enable the VPN "SERVER" on the N66U, since, your DDNS will be working anyways.

 

[rbadon]

Yeah ! I do frequently use the torrent downloader. Guess I will do some futher research and maybe other options. It should not be this difficult to run DDNS and VPN on one of these modern routers. Well thanks for your input....I am off to work....

 

[tomthebomb1968]

Is this issue any nearer a solution? Or is there a work around. Please someone smarter than me fix this problem lol

 

[Zirescu]

Is this issue any nearer a solution? Or is there a work around. Please someone smarter than me fix this problem lol

What you're looking for is selective routing - I use something very similar to this post #64.