Request: Add Lighttpd.conf to custom config files

[janosek]

RMerlin,

I have an RT-AC66U running .372.31.

It seems that AICloud smart access cannot be used at the same time as an active OpenVPN client. When I try to log in to AICloud with an active OpenVPN client, it times out. When I turn off my OpenVPN client, I can log in from my mobile network just fine. My guess is AICloud is listening on the OpenVPN interface when active. The only way I can see to tinker with the AICloud settings is to modify Lighttpd.conf, but it is not listed as a config override. Would it be possible to add it as a config override under /jffs/configs/?

Otherwise, if you can figure out how to get smart access to work with an OpenVPN client enabled, that would be fine too!

Thanks for all your firmware additions. It really makes this router worth the $200.

Cheers,
Janosek

 

[RMerlin]

RMerlin,

I have an RT-AC66U running .372.31.

It seems that AICloud smart access cannot be used at the same time as an active OpenVPN client. When I try to log in to AICloud with an active OpenVPN client, it times out. When I turn off my OpenVPN client, I can log in from my mobile network just fine. My guess is AICloud is listening on the OpenVPN interface when active. The only way I can see to tinker with the AICloud settings is to modify Lighttpd.conf, but it is not listed as a config override. Would it be possible to add it as a config override under /jffs/configs/?

Otherwise, if you can figure out how to get smart access to work with an OpenVPN client enabled, that would be fine too!

A client doesn't listen to any port, so it's not what is causing your problem - routing is. You cannot have your OpenVPN client configured to route all traffic through the tunnel while having people remotely trying to access any service hosted on your router.

 

[janosek]

thanks for your reply. I tried routing 192.168.1.1 through the wan and also tcp and udp for ports 443 and 8082 through the wan. Is there anything else I should try?

Thanks

 

[RMerlin]

thanks for your reply. I tried routing 192.168.1.1 through the wan and also tcp and udp for ports 443 and 8082 through the wan. Is there anything else I should try?

Thanks

There are numerous posts on the forum about selective VPN routing. Try a forum search for these - I never really followed the discussions, so I don't know what solution people ended up using.

 

[janosek]

lol..I know, I am involved in most of them. They involve selectively routing devices connected to the router, not services on the router. I haven't found anything solving this specific class of problem. Xkz6 has a similar problem with openvpn server and client at the same time. I think if we solve one, we solve both.

Thanks!

 

[janosek]

RMerlin, I just saw a post a while back where you mentioned to use the INPUT chain of iptables for traffic terminating at the router. I will see if this is the solution.

 

[Xkz6]

lol..I know, I am involved in most of them. They involve selectively routing devices connected to the router, not services on the router. I haven't found anything solving this specific class of problem. Xkz6 has a similar problem with openvpn server and client at the same time. I think if we solve one, we solve both.

Thanks!

I agree seem like very similar issues, in that we've got active openvpn clients taking care of all our outgoing traffic, but we are also trying to remotely access parts of the network.

I have been testing various approaches in solving the challenge of having an openvpn client and sever running on the same router at the same time.

Firstly I ditched my previous vpn provider for a new provider which offers a web based port forwarding service.

It is actually possible to have an openvpn sever and client running on the same router at the same time. All outgoing traffic through the client work fine, no dns leaks etc... and it is actually possible to access the router's vpn server externally as long as you connect via your exit ip address which is provided via your vpn service provider. You simply have to port forward from the exit ip to the router's openvpn server ip. The issue at this stage is that all instances of DDNS whether from Asus or the vpn provider just don't work, so having a dynamic ip makes it virtually impossible to access your router without checking the exit ip address first.

The point is, that it is possible to have an outgoing client vpn service running and also access some router services externally.

 

[Xkz6]

finally solved my vpn issue:

http://forums.smallnetbuilder.com/showthread.php?p=77605#post77605"

 

[janosek]

Hmm.. That is one solution, but not my preferred. I use private internet access, and they do not have a web based port forward. I want to selectively route machines through the VPN, but I also want to access router-based clients through the WAN. I believe the solution lies in the IPTABLES INPUT and OUTPUT chains, but I am not an expert and I am still tinkering.

 

[Xkz6]

I agree - keep us updated