OpenVPN server on router connecting to OpenVPN client on Synology

[steef84]

Ok my situation:
Im running a openVPN client (AirVPN) on my Synology with this settings:

client
dev tun
proto udp
remote nl.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
ca "ca_o1448795601.crt"
cert "user_o1448795601.crt"
key "user_o1448795601.key"
tls-auth "ta_o1448795601.key" 1

Its been running for nearly a month without much hassels. All my services on my Synology are accessible from my internal network, and 1 service is accessible from wan to a specific port using port forwarding in client area from AirVPN.com

Now trying to access my home network via openVPN server running on my RT-AC66U router with these settings:
RT-AC66U.ovpn

client
dev tun
proto udp
remote xxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

I can connect to this openVPN server via cellular network, and access all my devices on this network via VPN except my Synology Does anyone has a pointer for me?

 

[L&LD]

What firmware are you running on the 'AC66U?

RMerlin's newer firmware will allow you to switch how NAT loopback is done on the Firewall, General page in the gui.

Simply select one of the other options and see if this helps.

 

[sfx2000]

Its been running for nearly a month without much hassels. All my services on my Synology are accessible from my internal network, and 1 service is accessible from wan to a specific port using port forwarding in client area from AirVPN.com

Am I understanding this correctly - you're having your NAS, with all of your private files, dialing into a public VPN service?

Wow... kind of reminds me of a line from Serenity (the movie)...

The Operative: "Key members of Parliament". Key. The minds behind every military, diplomatic and covert operation in the galaxy, and you put them in a room with a psychic.

Dr. Mathias: Look... even if River Tam did by any chance read the minds of any of the visiting Parliment members here, whatever government secrets she may have read she may not even remember any them for they are all probaly buried under layers of psychosis.

The Operative: Secrets are not my concern. Keeping them is.​

 

[steef84]

What firmware are you running on the 'AC66U?

RMerlin's newer firmware will allow you to switch how NAT loopback is done on the Firewall, General page in the gui.

Simply select one of the other options and see if this helps.

Thanks for your response. Running MerlinWRT for some time. I've tried NAT loopback none, ASUS and MERLIN. None of the options makes the Syno accessible when connecting via OpenVPN server via router.

Am I understanding this correctly - you're having your NAS, with all of your private files, dialing into a public VPN service?

....

I connect my NAS, with all my private files to a premium VPN service. I've used AirVPN also directly from router, but this gave me 2 disadvantages: my AC66U has not enough power to maintain my 100mbit provider. My nas has more cpupower so could maintain a higher bandwith. Also when running AirVPN client directly on router, i couldnt access my openVPN server anymore to access my home network. I've posted this issue on AirVPN forums a while back https://airvpn.org/topic/16122-airvpn-client-with-openvpn-server-on-same-router/ but never got it running.

 

[L&LD]

Thanks for your response. Running MerlinWRT for some time. I've tried NAT loopback none, ASUS and MERLIN. None of the options makes the Syno accessible when connecting via OpenVPN server via router.



I connect my NAS, with all my private files to a premium VPN service. I've used AirVPN also directly from router, but this gave me 2 disadvantages: my AC66U has not enough power to maintain my 100mbit provider. My nas has more cpupower so could maintain a higher bandwith. Also when running AirVPN client directly on router, i couldnt access my openVPN server anymore to access my home network. I've posted this issue on AirVPN forums a while back https://airvpn.org/topic/16122-airvpn-client-with-openvpn-server-on-same-router/ but never got it running.

Did you try rebooting the router after changing those options?

Are you running the VPN on your NAS 24/7? Hope you trust the VPN service you're with?

 

[sfx2000]

Hope you trust the VPN service you're with

As do I...

A public VPN cloud - that's what a commercial VPN provider is...

Can only trust a VPN link when one has control of both ends...