Routing internet through VPN on AC87U

[goldenegg]

I have an AC87U and use the VPN server on it to access my home network remotely.

Most times I don't want internet traffic on my system to route through the VPN, but other times I do. Is there any way I can control that on the client side, without having to modify the router's VPN settings each time? Right now, it seems like I have to specifically set the server one way or the other, which doesn't help when I'm on the road and need to change this setting depending on my location.

 

[RMerlin]

You are mixing up server and client. A server will not route your Internet traffic through it, that's what a client would do.

 

[goldenegg]

You are mixing up server and client. A server will not route your Internet traffic through it, that's what a client would do.

I'm familiar with what servers and clients are responsible for.

In the server settings, there's an option called "Direct clients to redirect Internet traffic". When set to 'No', the client's internet traffic isn't routed through the VPN. When it's set to 'On', the internet traffic is routed through the VPN.

My issue is that I don't want to have to change this setting on the server. I want to be able to configure the client whether or not to route its internet access through the VPN. I can't seem to do this, as the behavior always defaults to whatever is configured on the server.

 

[L&LD]

Seems like you should setup two servers then (one with the option No and one with it set to On) and connect as needed for that session.

 

[goldenegg]

Having two servers shouldn't be required. I should be able to simply configure the client to route internet traffic through the VPN. The behavior I'm seeing is not what should be expected by a VPN server. Either I'm missing something or this is a potential problem on the server side.

 

[L&LD]

Whether two servers are required or not for your expectations is for others to confirm or not.

I am suggesting a way for you to do what you need.

If you don't want to access the server to change this setting, this would be one way right now. I don't see that as a potential problem on the server side. Just a difference of how the server is currently made to work.

The issue would be if you're connecting to the server that you don't have control over and you were able to change this setting at will via the client (imo).

 

[goldenegg]

What you're suggesting would require me to buy a second router, which is out of the question. You can't run multiple OpenVPN servers on the single router.

The issue would be if you're connecting to the server that you don't have control over and you were able to change this setting at will via the client (imo).

Typically, you'd have an option on the server to allow the internet to be routed through it. That's what I originally expected the "Direct clients to redirect Internet traffic" option to do. I didn't expect it to forcefully make the client do it one way or the other. The use case of forcing VPN users to route internet traffic doesn't even make sense.

 

[L&LD]

What you're suggesting would require me to buy a second router, which is out of the question. You can't run multiple OpenVPN servers on the single router.

Typically, you'd have an option on the server to allow the internet to be routed through it. That's what I originally expected the "Direct clients to redirect Internet traffic" option to do. I didn't expect it to forcefully make the client do it one way or the other. The use case of forcing VPN users to route internet traffic doesn't even make sense.

I can have 2 OpenVPN servers on RT-N66U, RT-AC66U and RT-AC68U. What firmware are you running?

Forcing VPN users to router internet traffic may make sense for others, if it doesn't for you.

 

[goldenegg]

I'm using the latest firmware, 9460. I had a N66U previously and it was not able to run 2 OpenVPN servers.

I think you're confusing the ability to run both OpenVPN and PPTP servers on the router. PPTP is not an option for me, due to restrictions on the laptop I use for work. I need the server to be OpenVPN.

As a former network admin, having a VPN server force clients to route internet traffic is a mind boggling option. That's something which should be left to configure on the client.

If this is actually the intended functionality of the router, I'll probably just create a virtual machine to act as a VPN server on my network.

 

[L&LD]

I'm using the latest firmware, 9460. I had a N66U previously and it was not able to run 2 OpenVPN servers.

I think you're confusing the ability to run both OpenVPN and PPTP servers on the router. PPTP is not an option for me, due to restrictions on the laptop I use for work. I need the server to be OpenVPN.

As a former network admin, having a VPN server force clients to route internet traffic is a mind boggling option. That's something which should be left to configure on the client.

If this is actually the intended functionality of the router, I'll probably just create a virtual machine to act as a VPN server on my network.

You're using the wrong firmware then.

RMerlin firmware (and the later forks thereof, including john9527's and hggomes) have had that capability since possibly 2012.

Time to flash to a better firmware, reset to factory defaults and do a minimal and manual configuration to secure the router and connect to your ISP.

http://www.snbforums.com/threads/asuswrt-merlin-custom-firmware-for-asus-routers.7846/

http://www.snbforums.com/threads/no...l-and-manual-configuration.27115/#post-205573

 

[goldenegg]

I was having general weird behavior with my router, so I did a full reset and refreshed the 9460 firmware. After doing so, the server is no longer forcing the client's routing behavior. I can properly configure whether internet traffic is routed on the client side.

Very odd that this ever happened in the first place, but I'm happy it's fixed. I knew that couldn't have been the proper behavior.