port forward vpn client Purevpn

[GUN57]

Hello,
In advance I apologize if I write in the wrong place and also for my English, because I use Google translation.

The current situation :
Asus rt-ac87u merlin firmware router 384_13_1
Qnap ts-251 +
On the qnap I use rtorrent-pro for downloads Like Vpn,
I use PureVpn with the port forwarding addon.

On the Qnap NAS, I see stability concerns for the VPN, so I decided to use the Asus Router for the VPN connection with PureVpn. I configured the client VPN part with the Openvpn files without worry. I have a "kill switch" rule only on the QNAP ip, everything works, well almost. I can download via rtorrent-pro, but sharing does not do it properly, the port use for rtorrent-pro remains closed or in an unknown status. So the shares do not do it correctly. I have obviously enabled port forwarding on the router, but that does not change anything. I also added the port in the Port Trigger tab, so that does not change anything.

After searching the internet I came across the site:
https://airvpn.org/forums/topic/11264-asus-merlin-wrt-port-forwarding-script-setup/
It provides a script to route asus to put in / jffs / script / nat-start

I modify it so that it corresponds to the interface vpn 5 (tun15) and I put the IP address of the NAS.

#!/bin/sh

iptables -I FORWARD -i br0 -o tun15 -j ACCEPT
iptables -I FORWARD -i tun15 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan1 -j DROP
iptables -I INPUT -i tun15 -j REJECT
iptables -t nat -A POSTROUTING -o tun15 -j MASQUERADE

iptables -I FORWARD -i tun15 -p udp -d 192.168.X.X --dport XXXXX -j ACCEPT
iptables -I FORWARD -i tun15 -p tcp -d 192.168.X.X --dport XXXXXX -j ACCEPT
iptables -t nat -I PREROUTING -i tun15 -p tcp --dport XXXXX -j DNAT --to-destination 192.168.X.X
iptables -t nat -I PREROUTING -i tun15 -p udp --dport XXXXX -j DNAT --to-destination 192.168.X.X

I make the script executable as indicated by the site, I restart the router and I finally have the port open for rtorrent-pro, the sharing is done correctly. Great ! But…. I do not have internet on the rest of the equipment of the house, Smartphone, PC ... Can you explain to me why? And how to enable port forwarding on the vpn interface, but not to filter / block the rest of the network?

Thank you a lot

 

[GSpock]

in the first line of nat-start script (after #!/bin/sh), put a sleep 5 command ....

it looks like you are getting hit by this issue: https://www.snbforums.com/threads/v...-of-internet-connection-merlin-384-4_2.45750/

 

[GUN57]

Thank you very much for the trick of the delay, I would not have found it alone ;-)

Thanks also to the one who found the trick.

By cons, I have a little trouble yet.
On the router, at the VPN client level, I have the local ip that appears, but not the public ip, it marks

Public IP unknown
Local IP xxx.xxx.xxx.xxx

I tried to put a sleep 2 in the script, and the VPN does not connect, I also tried sleep 10, same result.
The only way to have a VPN connection that works is to put a sleep 5 as you advised me:

****nat-start****

#!/bin/sh

sleep 5

"rest of the script"

 

[GSpock]

On the router, at the VPN client level, I have the local ip that appears, but not the public ip, it marks

Public IP unknown
Local IP xxx.xxx.xxx.xxx

This is strange.... Is your NAS (registered within your vpn client5) able to connect to internet then ? Also, I suggest you use this torrent file on your NAS:
https://www.dropbox.com/s/vk1lsdi3jvfks8r/checkMyTorrentIp.png.torrent?dl=0
basically, it does nothing it simply shows your internet IP used by the NAS, so that you can be sure you are protected by your vpn provider.

Bonne chance ;-)

 

[GUN57]

Hello,
Thanks for the checkmytorrentip file but I already use it.

Yesterday morning I used the sleep 5 and until 12h no problem of sharing or change of ip, the VPN was stable but the evening when coming back, very bad surprise, the VPN was active, but I showed my public IP (without VPN) ... I do not understand what happened ...

So for now I'm using the iptable nat-start script without the sleep 5 to see the stability ... if anyone has an idea of how to solve my problem I am a taker ;-)

 

[GSpock]

Hello,
Thanks for the checkmytorrentip file but I already use it.

Yesterday morning I used the sleep 5 and until 12h no problem of sharing or change of ip, the VPN was stable but the evening when coming back, very bad surprise, the VPN was active, but I showed my public IP (without VPN) ... I do not understand what happened ...

So for now I'm using the iptable nat-start script without the sleep 5 to see the stability ... if anyone has an idea of how to solve my problem I am a taker ;-)

sorry, this is becoming very confusing. If you define your NAS as being protected by a VPN client (meaning it is defined in the appropriate field) AND you activate the kill switch on the router firmware, there is aboslutely no possibility that this NAS will connect to internet if your VPN provider is down .... may be could you post screenshots of your config ....