What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Need help bypassing cgnat with openvpn

I

ioneng

New Around Here
I'm using a 4G modem for my home internet connection. It doesn't have a public ip address. So I can't acces my Raspberry Pi from outside. My AC68U is connected to this modem and is in router mode with a private IP assigned by the modem because somehow bridge mode makes the modem unstable. This is probably irrelevant to the issue below.

I set up a openvpn server on an external vps. AC68U connects to it as a client and my whole LAN can connect to the internet through the vpn server just fine.

I asked my friend to connect his PC to my VPN server at his house and ran a http server on the PC. He did not need to set up port forwarding to get this working because his PC is the VPN client. I can connect to it no problem from my mobile phone over mobile data. So the VPN server and its iptables setting are ok.

I also connected my mobile phone directly to the modem's wifi AP and opened up the web page on raspberry pi using the external IP of AC68U without problem. That's an indication that port forwarding is working.

What's not working is port forwarding over the VPN connection. I tried turn on/off firewall on AC68U with no change in effect.

I'm no network expert so I'm pasting my VPN settings and iptables here hoping someone can give me some directions. The masked fields in the two screenshots are public IP address of the VPN server. 192.168.1.4 is the external IP of AC68U, which is assigned by the modem. 192.168.2.1 is the internal IP of AC68U. I'm trying to redirect port 11161 to port 80 on the Pi with IP 192.168.2.39.

vpnsetting.jpg


iptable.jpg


Code: 
tzadmin@RT-AC68U-4808:/tmp/home/root# iptables -L -vnt nat
Chain PREROUTING (policy ACCEPT 4964 packets, 496K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 VSERVER    all  --  *      *       0.0.0.0/0            192.168.1.4

Chain INPUT (policy ACCEPT 2863 packets, 209K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1009 packets, 83269 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 1009 packets, 83269 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2033  284K MASQUERADE  all  --  *      tun11   192.168.2.0/24       0.0.0.0/0
  203 12112 PUPNP      all  --  *      eth3    0.0.0.0/0            0.0.0.0/0
   68  3608 MASQUERADE  all  --  *      eth3   !192.168.1.4          0.0.0.0/0
    0     0 MASQUERADE  all  --  *      br0     192.168.2.0/24       192.168.2.0/24

Chain DNSFILTER (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DNSVPN1 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain LOCALSRV (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PCREDIRECT (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:11161 to:192.168.2.39:80
    0     0 VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination
tzadmin@RT-AC68U-4808:/tmp/home/root#
 
You must log in or register to reply here.

Similar threads

A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
N
Skynet SkyNet/Firewall blocking all ping requests, including outbound
Replies
6
Views
1K
nearlyheadlessarvie
N
octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
2K
octopus
octopus
v.y.k
iptables pkts & bytes numbers are too low on Merlin 3004.388
Replies
13
Views
1K
v.y.k
v.y.k
adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
808
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
staralfur12 Need help with Namecheap -> Router -> Caddy Asuswrt-Merlin 10
P Asus aimesh node disconnects frequently, corresponding log entries recorded. Need help understanding the log. Asuswrt-Merlin 5
StrikerXXX Need help configuring NextDNS Asuswrt-Merlin 21
W Need help to resolve VPN Director issue Asuswrt-Merlin 27
D Need help Asuswrt-Merlin 1
M Need help troubleshooting on FTP Asuswrt-Merlin 0
R Need help setting up DLNA server Asuswrt-Merlin 8
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
C Need some help with a DHCP problem Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 504 (members: 16, guests: 488)
Back
Top