What's new

OpenVPN Server and Client at Same Time?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Xkz6

Occasional Visitor
I have OpenVPN Server working for incoming VPN, can connect from external laptop into my samba shares without any issues.

I also have OpenVPN Client working for outgoing VPN, can connect without any issues to internet etc.. through IPredator VPN service.

However if I have both active I can only use OpenVPN Client, I can no longer log into my samba shares or even connect to the OpenVPN Server.

Is it not possible to have both on and working at the same time?

When connected to internet through OpenVPN Client with IPredator VPN my IP is registered in Sweden, but when I go to 192.168.1.1 on the first page of the N66U router the WAN IP is my domestic cable provider.

Could this be an issue with the DDNS service not directing the OpenVPN Server requests to the correct IP?

N66U on Firmware:3.0.0.4.372.31
 
Ok, so after testing can log into OpenVPN Server if I connect through the IP address assigned by IPredator. It seems as can not access OpenVPN Server via the Asus DDNS service which directs to the domestic cable IP address. This only happens with both Server and Client active at the same time.
 
Solved.

If anyone is considering having an openvpn client and server running on the same N66U router, it is possible.

It is possible to have all your home network traffic go through an openvpn client on the router without any dns leaks, and it also possible to access the router's openvpn server externally through TAP, this also means that your external connection has the same external ip as the vpn client and no dns leaks etc..

The way to achieve this is to sign up with a vpn provider that offers some form of web based port forwarding and DDNS service so that you can point your external exit ip towards the internally assigned openvpn server port on the router.
 
Interesting!
Can you give some more information about how you have made it possibly.
I have similar issue.

I am using latest Merlin fw.
ASUS VPNclient is connected to VPN provider (anonine) and all my LAN devices are behind VPN.

Using dyndns service to connect to my ASUS serverVPN but I also found out that this points to my normal ISP.
How can I pick up the VPN IP address and access my LAN?
 
Hello,

You can try something like this, the only question is where to put it because it needs to run after openvpn starts and I am not sure what script runs after that.

Code:
#!/bin/sh

VPNIP=$(wget -qO - [url]http://cfaj.freeshell.org/ipaddr.cgi[/url])

sleep 10

ez-ipupdate -S dyndns -user:pass -h host.dyndns.org -a $VPNIP 

exit 0
 
Last edited:
Thanks, will give it a try.
Maybe I can place this in the jffs script folder?
I have openVPN selective routing mentioned in earlier posts in the script folder.



Hello,

You can try something like this, the only question is where to put it because it needs to run after openvpn starts and I am not sure what script runs after that.

Code:
#!/bin/sh

VPNIP=$(wget -qO - [url]http://cfaj.freeshell.org/ipaddr.cgi[/url])

sleep 10

ez-ipupdate -S dyndns -user:pass -h host.dyndns.org -a $VPNIP 

exit 0
 
I haven't found a script that runs late enough after the openvpn connection is established. I tried the openvpn UP script, but it still executed before the tunnel was ready. Maybe you will have better luck.
 
I removed the -u before user.

Code:
#!/bin/sh

VPNIP=$(wget -qO - http://cfaj.freeshell.org/ipaddr.cgi)

sleep 10

ez-ipupdate -S dyndns -u user:pass -h host.dyndns.org -a $VPNIP 

exit 0
 
OK, figured it out. This will update your DDNS (example with dyndns) with your VPN IP address

In openvpn-event, add the line:

Code:
sh /jffs/scripts/up.sh &

in /jffs/scripts/up.sh:

Code:
#!/bin/sh

#keep looping until all the routing for the VPN tunnel is established

while [ ! -n  "`ifconfig | grep tun11`" ]; do
    sleep 1
done


#once established, get VPN IP

VPNIP=$(wget -qO - http://cfaj.freeshell.org/ipaddr.cgi)

sleep 10


#update dyndns with VPN IP

ez-ipupdate -S dyndns -u user:password -h host.dyndns.org -a $VPNIP 

exit 0
 
Interesting!
Can you give some more information about how you have made it possibly.
I have similar issue...

Apologies for the late reply. I simply signed up with a vpn provider that offers a ddns service based on your exit IP. That way you can access your router vpn externally, such as through your android phone using openvpn. This way you can actually connect to your home network and browse the internet through the vpn connection.
 
OK, figured it out. This will update your DDNS (example with dyndns) with your VPN IP address

In openvpn-event, add the line:

Code:
sh /jffs/scripts/up.sh &

in /jffs/scripts/up.sh:

Code:
#!/bin/sh

#keep looping until all the routing for the VPN tunnel is established

while [ ! -n  "`ifconfig | grep tun11`" ]; do
    sleep 1
done


#once established, get VPN IP

VPNIP=$(wget -qO - http://cfaj.freeshell.org/ipaddr.cgi)

sleep 10


#update dyndns with VPN IP

ez-ipupdate -S dyndns -u user:password -h host.dyndns.org -a $VPNIP 

exit 0

Looks like a great option if I can get i working. I'm assuming this would work on the inbuilt assuscom.com dns service also?
 
Back to original topic OpenVPN server and Client at Same Time

I hijacked this thread, but I really want to get back to the topic of OpenVPN server and Client at the same time.

It seems I tried creating a static route to the WAN from my router, but it locked me out of the router from my LAN.

I also tried enabling SSH from the WAN and then logging in from the VPN IP address, but I get an access denied. I expect it is because the IP I am logging in from is different from the WAN IP.

I would really like to get Router services, other than the openvpn client to work through the LAN and not the VPN. Any ideas?
 
Ok will test this also (the first draft did not work)

However I am a little lost..
What/where is openvpn-event?
Also, I do not have the up.sh in scripts folder. I just assume I can make that file and place the code inside? Like I did with wan-start in JFFS folder where I have placed my openvpn selctive routing?

OK, figured it out. This will update your DDNS (example with dyndns) with your VPN IP address

In openvpn-event, add the line:

Code:
sh /jffs/scripts/up.sh &

in /jffs/scripts/up.sh:

Code:
#!/bin/sh

#keep looping until all the routing for the VPN tunnel is established

while [ ! -n  "`ifconfig | grep tun11`" ]; do
    sleep 1
done


#once established, get VPN IP

VPNIP=$(wget -qO - http://cfaj.freeshell.org/ipaddr.cgi)

sleep 10


#update dyndns with VPN IP

ez-ipupdate -S dyndns -u user:password -h host.dyndns.org -a $VPNIP 

exit 0
 
Ok will test this also (the first draft did not work)

However I am a little lost..
What/where is openvpn-event?
Also, I do not have the up.sh in scripts folder. I just assume I can make that file and place the code inside? Like I did with wan-start in JFFS folder where I have placed my openvpn selctive routing?


Correct. just create the file and make sure it is executable by chmod 700 up.sh
 
Yes the script works and it updated my dyndns to the openVPN IP address.

However, I can not start my openVPN server anymore.
According to log I got fatal error due to the up.sh script when switch from "OFF" to "ON"
 
Interesting. It probably has something to do with the loop condition never being satisfied when the server comes up.

Can you post the results of an "ifconfig" command before the server is up, then comment out the line that calls "up.sh" and then get the server running and post the results of "ifconfig" after the server is up?
 
Any advancement on this subject achieved? Just picked up this router and love the excellent work of Merlin and the openvpn client. However, I too, would love having the vpn server functionality as well. Also, as I'm sure you guys have experienced, the AiCloud app no longer functions. My VPN provider is Private Internet Access, and I use Dyndns.
 
Any advancement on this subject achieved? Just picked up this router and love the excellent work of Merlin and the openvpn client. However, I too, would love having the vpn server functionality as well. Also, as I'm sure you guys have experienced, the AiCloud app no longer functions. My VPN provider is Private Internet Access, and I use Dyndns.

Hello,

No progress. I gave up. I am not an expert with this stuff and no one seems to have any insight. My work-around is to use Serviio on my PC that by-passes the VPN and purchasing a license for 25 bucks to allow me to stream music and video to my phone. The 25 bucks has saved me a lot of hassle.

Now my problem is that NAT loopback is not working when the openvpn client is active, but works when it is off. Ie. If I am on my network and try to connect using my HOST.dyndns.org, it won't connect, but I can connect with my internal 192.168.1.x address. I got no insight from anyone on this either.
 
bummer. i'm tempted to ditch my vpn service all together and see what other means i can find for securing and obscuring traffic that i want hidden. thanks for the reply.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top