dividebyzero
New Around Here
I feel like I've gotten pretty close to solving this but hitting a wall and hoping for some guidance.
I'm running an AX86U FW 386.7 - I'm using VPN director for a few clients and it's been working well. I'm trying to get remote access through the tunnel so I can access my media server remotely (emby). I am able to get it working, but I can't get it to *stay* working.
I've had my VPN provider open the ports, and have a working OVPN file with the new config. Forwarded in the ports in the router, but no dice. Further research indicates why: the GUI only allows forwarding ports via WAN, not the VPN interface.
Digging in further, I found the FAQ below which explains how to enable this functionality over the VPN interface via SSH. It says things need to be re-entered after router reboot, which isn't ideal but I could live with if needed:
www.ovpn.com
Here's the code for that with placeholders:
iptables -t nat -A PREROUTING -i tun+ -p udp --dport PORT -j DNAT --to-destination IP_ADDRESS
iptables -t nat -A PREROUTING -i tun+ -p tcp --dport PORT -j DNAT --to-destination IP_ADDRESS
So here's the thing, after entering the above, it does work; the port shows as open with VPN (https://portchecker.co/check) , and I can access my application. Great, right?! However, when I disable SSH, or seemingly do anything else that saves/applies a change, then the remote access no longer works. Port shows closed, app no longer works.
Anyone have any insight into how to make this work more reliably? Must at least be able to persist SSH getting disabled. Would be ideal if it could persist even through router reboots, but even if I have to do something every reboot I could live with that.
Thanks!
I'm running an AX86U FW 386.7 - I'm using VPN director for a few clients and it's been working well. I'm trying to get remote access through the tunnel so I can access my media server remotely (emby). I am able to get it working, but I can't get it to *stay* working.
I've had my VPN provider open the ports, and have a working OVPN file with the new config. Forwarded in the ports in the router, but no dice. Further research indicates why: the GUI only allows forwarding ports via WAN, not the VPN interface.
Digging in further, I found the FAQ below which explains how to enable this functionality over the VPN interface via SSH. It says things need to be re-entered after router reboot, which isn't ideal but I could live with if needed:
Port forwarding in AsusWRT Merlin
Before you continue with this guide it is strongly recommended that you set a static IP address and activate the killswitch. You will also need to open the designated ports over the VPN connection, yo...
Here's the code for that with placeholders:
iptables -t nat -A PREROUTING -i tun+ -p udp --dport PORT -j DNAT --to-destination IP_ADDRESS
iptables -t nat -A PREROUTING -i tun+ -p tcp --dport PORT -j DNAT --to-destination IP_ADDRESS
So here's the thing, after entering the above, it does work; the port shows as open with VPN (https://portchecker.co/check) , and I can access my application. Great, right?! However, when I disable SSH, or seemingly do anything else that saves/applies a change, then the remote access no longer works. Port shows closed, app no longer works.
Anyone have any insight into how to make this work more reliably? Must at least be able to persist SSH getting disabled. Would be ideal if it could persist even through router reboots, but even if I have to do something every reboot I could live with that.
Thanks!
Last edited:
