What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OpenVPN & iptables

H

hw1380

Regular Contributor
Router: RT-AC68U
Firmware: 380.62_1

I can successfully establish a OpenVPN connection, but if I disconnect this connection, DNS is not working anymore on the clients.
I noticed that the following NAT rules are still active:

Chain PREROUTING (policy ACCEPT 52 packets, 5740 bytes)
num pkts bytes target prot opt in out source destination
1 36 4700 VSERVER all -- any any anywhere <WAN IP>
2 2583 179K DNSVPN5 udp -- any any anywhere anywhere udp dpt:domain
3 0 0 DNSVPN5 tcp -- any any anywhere anywhere tcp dpt:domain

Chain DNSVPN5 (2 references)
num pkts bytes target prot opt in out source destination
1 1353 98404 RETURN all -- any any 192.168.45.99 anywhere
2 1230 80852 DNAT all -- any any 192.168.45.0/24 anywhere to:10.11.55.1

I get DNS working by removing both entries in chain DNSVPN5 and entry 2+3 in chain PREROUTING.
I'm not 100% sure but I cannot remember having this issue with 380.58.

Details to OpenVPN:
Encryption cipher: AES-256-CBC
Accept DNS configuration: strict
Block routed clients if tunnel goes down: No
Redirect internet traffic: Policy rules
TV 192.168.45.99 0.0.0.0 WAN
all-other 192.168.45.0/24 0.0.0.0 VPN

I don't know if the router is taking care about those rules or the rules are being pushed by the VPN server.
 
You must log in or register to reply here.

Similar threads

v.y.k
iptables pkts & bytes numbers are too low on Merlin 3004.388
Replies
13
Views
1K
v.y.k
v.y.k
N
Skynet SkyNet/Firewall blocking all ping requests, including outbound
Replies
6
Views
1K
nearlyheadlessarvie
N
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
2K
octopus
octopus
M
AdGuardHome IPTables blocking TLS port 853 from other hosts
Replies
3
Views
985
dave14305
dave14305
Similar threads
Thread starter Title Forum Replies Date
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
R AC68U - can't set up OpenVPN Asuswrt-Merlin 3
S No internet for router clients (OpenVPN + stunnel) Asuswrt-Merlin 6
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 1
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 2
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 680 (members: 15, guests: 665)
Back
Top