What's new

RT-AC87U, dual wan balancing + OpenVPN?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

WillL

New Around Here
I have RT-AC87U with Merlin built 380.57, set up as the router.
Dual WAN (both DSL from different ISPs setup on WAN port and Lan4), balancing
In order to use VPN, I have setup the following routing rules so all VPN traffic would go through primary WAN:

upload_2015-12-28_10-9-38.png


I setup OpenVPN server to receive connections. Here is where the trouble starts. The client takes a long time to connect (over 1 min). Once connected, it cannot ping any resource on the LAN including the router. Note all these were working before I had the dual WAN.

I resorted setting up the PPTP server (which I don't like) on the same router, that went without a glitch. Again I was able to get on the network and ping all resources. So what happened with the OpenVPN on Dual WAN? I know this is not firmware specific, because this problem was on 378.56_2 as well.

Thanks for all your help!
 
Vpn use onlu one encrypted connection via one ip.dual wan use dual internal ip.so vpn server has realased that someone hack your connection(man in the middle) and then has shuted down the connection immediately.
 
I recently got a Asus router and setup dualwan and openvpn which has the same issue.
I did some research. You need to push the Openvpn sever side LAN subnet into the openvpn profile. So that openvpn client can communicate to the Lan behind asus router.
Then it comes to another issue. As there's routing rules in dualwan load balance setting, even Openvpn successfully connected, client cannot talk to the hosts defined in routing rules. Like 10.9.0.1 OP put in screenshot. But client can talk to the rest hosts in that subnet not in routing rules, for example 10.9.0.10.
So I start to double the priority of the dualwan routing rules and the ip route table. As it is hard coded to throw all traffic from/to 10.9.0.1 via primary WAN (interface), so i believe this override the openvpn route table. The proper traffic should be pointed to openvpn via tunnel interface, not the primary WAN interface directly.
I have to give up creating dual wan routing rules. Openvpn communication backs to normal when connected successfully.

But I do have another issue with dual wan and Openvpn on Asus Merlin that Openvpn is not always able to connect. I have a namecheap DDNS domain name. I do not know in load balance mode, which WAN public IP will be updated to name server, probably the primary one. From my mobile phone, sometimes I can connect openvpn without issue, but sometimes it keeps connecting with the log shows not reachable. Both shows the same DNS resolve IP. Maybe, the failed attempt the openvpn ack return packet going thru secondly wan? I do not know how Asus Dualwan maintain its session table. Just a guess. Hopefully I have at least 50% chance to connect the openvpn.

I am also thinking to move openvpn server from asus router to internal nas. Port forwarding the openvpn service on nas and create dual wan routing rules to specific the traffic for nas only going thru one link. Also create another DDNS update on nas, so it can always show the correct public IP of the link I use.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top