Problem With Management via WAN

[djtech2k]

Just for kicks, I did another test..

I changed the vpn address space to 10.10.10.0 and my LAN address space is still a 192.168.x. I also disabled skynet again. Not sure if it was back on or not, but I did the disable command. Anyway, I tethered my laptop to my phone so I was outside my network. I installed ovpn client on my laptop and connected. I can ping the router vpn address at 10.10.10.1, but nothing else. None of my LAN IP's are pingable or show any common ports open, like 80 of 443.

 

[martinr]

I did the temp disable on skynet. No change.

I noticed that now on skynet when I do anything, I get red [failed] messages at the top for things like cron job and ipsets.

Is this normal? Do I need to do anything to turn skynet back on? I did a couple "restart skynet" but those always show those red failed messages.

Not sure. If you leave it a few minutes are those red messages now green?

 

[martinr]

Just for kicks, I did another test..

I changed the vpn address space to 10.10.10.0 and my LAN address space is still a 192.168.x. I also disabled skynet again. Not sure if it was back on or not, but I did the disable command. Anyway, I tethered my laptop to my phone so I was outside my network. I installed ovpn client on my laptop and connected. I can ping the router vpn address at 10.10.10.1, but nothing else. None of my LAN IP's are pingable or show any common ports open, like 80 of 443.

I think that setting“Client will use vpn to access” may be crucial. I’d leave it at Both, certainly until you have it up and running.

 

[djtech2k]

Ok. Skynet always shows those 3 red failed messages now. I can't get it to stop. I told it to disable again so I could do this last yest.

I set that setting to Both and it works now. Not sure I understand that that does...I just want to be able to connect remotely to manage the device. That's really it. I want to be able to go to any device with a browser and do it, but if this openvpn requires their full client then I am screwed with that. I don't always have my laptop so I'd like to be able to use any device.

Anyway, I will need to figure that out, what that setting Internet/LAN/Both means, and also why skynet is showing those 3 fails.

 

[martinr]

I forgot to mention: I also run Skynet (and Diversion and, of course AMTM), and there is no interference with OpenVPN and I haven’t needed to whitelist anything. I also have a country blocking list.

 

[martinr]

Ok. Skynet always shows those 3 red failed messages now. I can't get it to stop. I told it to disable again so I could do this last yest.

I set that setting to Both and it works now. Not sure I understand that that does...I just want to be able to connect remotely to manage the device. That's really it. I want to be able to go to any device with a browser and do it, but if this openvpn requires their full client then I am screwed with that. I don't always have my laptop so I'd like to be able to use any device.

Anyway, I will need to figure that out, what that setting Internet/LAN/Both means, and also why skynet is showing those 3 fails.

Great. You’re a lot smarter than I am and I’ve been meaning to test, but haven’t got round to it, those settings “client will use vpn...” to find out exactly how they work. I remember discovering I meeded to set it to Both and left it at that.

So if you’re looking for homework, once you’ve figured out the implications on the 3 settings, I’d love an explanation!

 

[djtech2k]

Thanks. I just opened a new ssh session after several minutes and when I launch skynet, I am not getting the red.

So I need to figure out what that setting does and how I should have it set. I also need to find out if I can connect to open vpn without installing a client.

 

[martinr]

I use my iPhone OpenVPN Connect app most of the time and have no problem connecting, not only to the router, but also to other devives on the LAN. So you shouldn’t need the full blown Windows/Linux OpenVPN program to connect to devices on the home LAN.

 

[djtech2k]

Yeh I hear you. I'm just used to being able to connect to it from anywhere that has a browser. I suppose the phone is a backup plan.

 

[ColinTaylor]

Here is an example config like mine:

Asus LAN IP: 192.168.0.1
Asus WAN IP: 10.0.0.2
VPN Subnet: 192.168.1.0/16

This would be wrong. The VPN subnet is huge! (/16) and overlaps with the router's LAN range. Change it back to the default, 10.8.0.0/24.

 

[martinr]

..

Banned Countries; in pk cn ru lu my kr kp jp il ir cz mo hk br sa vn fr

... .

You ban France, Japan and Luxembourg, not countries I’d expect to see. Any reason?

 

[djtech2k]

The “Client will use vpn to access” setting set to Both made my Open VPN work. I did change the VPN subnet also.

I would like to get the pptp vpn working so I could manage my router from any machine without installing software. I looked at it for a bit but wasn't able to get it to work.

I block countries sometimes when I get alerts or look at logs. When I see attempts from other countries, I just block them. I do not need anything outside of the US to be able to access my router. I do something similar to a server I have hosted in a datacenter.

 

[martinr]

The “Client will use vpn to access” setting set to Both made my Open VPN work. I did change the VPN subnet also.

I would like to get the pptp vpn working so I could manage my router from any machine without installing software. I looked at it for a bit but wasn't able to get it to work.

I block countries sometimes when I get alerts or look at logs. When I see attempts from other countries, I just block them. I do not need anything outside of the US to be able to access my router. I do something similar to a server I have hosted in a datacenter.

Thanks for the feedback. I’m pleased to learn that changing the setting to Both fixed the problem. (I really must play with those settings to better understand them!)

As for the pptp vpn, there’s an interesting read in the Wikipedia link in Colin’s post here:
https://www.snbforums.com/threads/pptp-vpn-server-question.44698/#post-381962