Port Forwarding Not Working With PPTP Client VPN

andersson.j · Jan 1, 2015

My setup:
I’m running Asuswrt-Merlin 376.49 on a RT-N66U.

Scenario 1, port forwarding with VPN disabled:
With the following port forwarding Wireshark and tcpdump shows incoming traffic being forwarded, and traffic being returned. Everything works perfectly.

Code:

Destination     Proto. Port range  Redirect to     Local port  Chain  
ALL             TCP    5900        192.168.1.100   5900        VSERVER

Scenario 2, port forwarding with VPN enabled:
When I enable my VPN > PPTP/L2TP Clients > PPTP VPN, all outgoing traffic on the network is routed through the VPN, as expected.

When I connect back home, not through the VPN but directly to the routers external IP, as in scenario 1, Wireshark and tcpdump confirms incoming traffic on port 5900. But here’s the problem: the traffic is no longer forwarded to 192.168.1.100:5900! Traffic originating from inside the LAN is forwarded correctly.

I’ve been experimenting with routing tables and firewall rules all day, but I’m in over my head!

andersson.j · Jan 2, 2015

Since the port forwarding works in Scenario 1: VPN off but fails in Scenario 2: VPN on, I guess some of the changes made when turning on the VPN takes precedence over the port forwarding.

My debugging efforts using tcpdump + Wireshark tells me that the traffic is still arriving, but is no longer forwarded. How can I debug what's wrong with the routing rules? Which rule is rejecting the incoming traffic instead of forwarding it? Why doesn't port forwarding take precedence over the VPN rules? Any help on how to debug my ip route and iptables would be much appreciated!

mattiL · Jan 2, 2015

andersson.j said:
Since the port forwarding works in Scenario 1: VPN off but fails in Scenario 2: VPN on, I guess some of the changes made when turning on the VPN takes precedence over the port forwarding.

My debugging efforts using tcpdump + Wireshark tells me that the traffic is still arriving, but is no longer forwarded. How can I debug what's wrong with the routing rules? Which rule is rejecting the incoming traffic instead of forwarding it? Why doesn't port forwarding take precedence over the VPN rules? Any help on how to debug my ip route and iptables would be much appreciated!

I haven't done any debugging myself, but there seems to be some possibly useful help to find on the net:

http://www.jbahillo.com/debugging-iptables/#sthash.0o5fsEVN.dpbs
http://backreference.org/2010/06/11/iptables-debugging/

andersson.j · Jan 6, 2015

Thank you mattiL. But after yet many hours I'm still not getting anywhere.

Most iptable debugging guides use the TRACE module which doesn't seem to be included with our firmware. Same with the NFLOG module.

Nobody else having troubles with port forwarding and VPN?

Thread starter	Title	Forum	Replies	Date
M	From Public IP to Private IP (issues with Port Forwarding, Skynet)	Asuswrt-Merlin	5	Jan 8, 2025
	Firewall, Port Forwarding, and DoS Question	Asuswrt-Merlin	8	Nov 25, 2024
C	Can port forwarding do failover to an alternative server?	Asuswrt-Merlin	2	Oct 25, 2024
A	DSL-AX82U HTTP/HTTPS Port Forwarding	Asuswrt-Merlin	7	Aug 4, 2024
	Solved Port Forwarding Issue	Asuswrt-Merlin	6	Jun 29, 2024
	Is there any VPN provider with easy setup for port forwarding on Merlin?	Asuswrt-Merlin	5	Jun 8, 2024
	Sharing my DualWan with port forwarding and DDNS experience	Asuswrt-Merlin	0	Mar 31, 2024
	Two WANs but not dual-WAN, with port-forwarding	Asuswrt-Merlin	7	Mar 3, 2024
	Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4)	Asuswrt-Merlin	17	Jan 25, 2024
A	PS5 port forwarding and VPN rules	Asuswrt-Merlin	4	Jan 25, 2024

Search

Search

Port Forwarding Not Working With PPTP Client VPN

andersson.j

New Around Here

andersson.j

New Around Here

mattiL

Regular Contributor

andersson.j

New Around Here

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online