VPN on router with port forwarding?

[howardmoon]

I just installed a PIA VPN on my RT-AC68U and need to remotely access security cameras that are behind a forwarded port. What magic is available to get around/through the VPN from outside? I'd rather not just install the client on my PCs as there are @40 devices on my LAN, most without clients available (IoT fear).

Edit: It looks like the policy rules should do the trick as my xbox now shows an open NAT (strict before) so it must be working from the LAN side. Just a long timeout when I try from the WAN side to the camera server though.

Nope. When I turn on policy rules, nothing goes through the vpn. Is this right?


system log
Dec 6 11:27:29 openvpn-routing: Creating VPN routing table
Dec 6 11:27:29 openvpn-routing: Removing route for 10.24.10.1 to tun11 from main routing table
Dec 6 11:27:29 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from main routing table
Dec 6 11:27:29 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from main routing table
Dec 6 11:27:29 openvpn-routing: Adding route for 192.168.1.0/24 to 0.0.0.0 through VPN client 1
Dec 6 11:27:30 openvpn-routing: Adding route for 192.168.1.7/24 to 0.0.0.0 through WAN
Dec 6 11:27:30 openvpn-routing: Adding route for 192.168.1.42/24 to 0.0.0.0 through WAN
Dec 6 11:27:30 openvpn-routing: Completed routing policy configuration for client 1
Dec 6 11:27:30 openvpn[22369]: Initialization Sequence Completed
Dec 6 11:28:18 dropbear[22616]: Child connection from 192.168.1.3:49611

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
74.248.141.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.24.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun11
104.200.153.78 74.248.141.1 255.255.255.255 UGH 0 0 0 ppp0
162.216.46.158 74.248.141.1 255.255.255.255 UGH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 74.248.141.1 0.0.0.0 UG 0 0 0 ppp0

 

[howardmoon]

This now works for me under 380.65, but the added routes aren't listed in the routing table. I do see them added in the general log. Is that normal?

 

[Martineau]

....the added routes aren't listed in the routing table. I do see them added in the general log. Is that normal?

Yes.

Issue

ip   rule

to see the RPDB routing rules in the order in which they are used.

 

[howardmoon]

I just found that this is only working on Client2. I made exact copies of its settings on both Client1 & 3 and both disable or bypass the VPN, as a leak test shows my ISP's address. Don't see any errors in the system log. I'd like to have several working so I can easily switch when I have streaming problems with one of PIA's servers. How can I get a look at what the GUI setup actually creates so I can compare them?