Wireless Clients won't connect to internet once OpenVPN is on. Help

[scooby]

I have followed @yorgi guide setting up the vpn. So far so good.
vpn connects and ip address is different. Only problem is ip address from vpn does not change which worries me. but that is another problem.
I have also setup guest ssids.
The issue I have now is that wireless clients like my mobile phone will connect to the ssid of the router but not to the internet.
Without vpn, I did not have this problem so I know its a vpn related issue.
This affects all wireless clients which forces me to only use wired clients for now.
Can anyone help with advise? I havbe searched the site but can't get any hits on wireless connection as most are to do with different issues.
Thank you

 

[scooby]

I would really appreciate some guidance here.
I have followed the guidance found here except where slickvpn have different settings.
Problem is that even the internal network is patch for instance the usb drives attached to the router are not always accessible through the network. Sometimes I have to reboot the router manually at least once a week. is that normal?
I will appreciate some assistance even if its a clip around the ear and a pointer at a silly mistake.
We all live and learn.
Thanks 4 ur time

 

[yorgi]

I would really appreciate some guidance here.
I have followed the guidance found here except where slickvpn have different settings.
Problem is that even the internal network is patch for instance the usb drives attached to the router are not always accessible through the network. Sometimes I have to reboot the router manually at least once a week. is that normal?
I will appreciate some assistance even if its a clip around the ear and a pointer at a silly mistake.
We all live and learn.
Thanks 4 ur time

Hi Scooby
if you want your wireless devices to go through the VPN you have to setup policy rules.
Ideally you need to use the DHCP server to give static IP. I have shown that in my guide.
Then you would have to use policy rules to dictate which device has VPN or not.
Again this is all explained in the guide.
What is the make and model of your router?
You shouldn't be rebooting the router once a week.
Unless you are using a 66u then I would agree the USB drivers are flaky.
Please supply more information of what your problem is to better help you.

 

[yorgi]

I have followed @yorgi guide setting up the vpn. So far so good.
vpn connects and ip address is different. Only problem is ip address from vpn does not change which worries me. but that is another problem.
I have also setup guest ssids.
The issue I have now is that wireless clients like my mobile phone will connect to the ssid of the router but not to the internet.
Without vpn, I did not have this problem so I know its a vpn related issue.
This affects all wireless clients which forces me to only use wired clients for now.
Can anyone help with advise? I havbe searched the site but can't get any hits on wireless connection as most are to do with different issues.
Thank you

If You setup the router as all traffic VIA the VPN then that is your problem
You need to setup policy rules to achieve devices that have VPN and devices that use local ISP

 

[scooby]

By the time I got this advice, the whole system had become unusable. I later found out my mistake.
I have two vpn services. I assumed that I could install one in client 2 and that one goes to Miami and is a better vpn because the ip changes regularly.
The second I installed in client 4 and that one I chose a London gateway so I can continue watching NoWTV, Amazon Prime TV etc. This VPN does not seem to change its IP and that made me nervous.
I think that even though both are openvpn based, there was a conflict somewhere and I had to keep rebooting to clear the conflict but by the evening, I could not log into the net again even with wired clients. That told me I had issues so I reset the Virgin router to default and went back to the 192.168.0.1 addressing.
I am using a Virgin hub version 3 as the modem (essentially a Netgear router/modem)
Asus RT-AC68-U as the router.
I had followed your guide @yorgi religiously but for two separate vpn services so I think that is what caused the problem.
So now I will go back and restart all over again.
This is what I want to achieve.
I have some services in the USA I need to access as if I was based there.
I am however based in the UK for now. So I want to be able to access UK services like Amazon, NOW TV whilst accessing the US ones hence my installing two vpns.
Let me sort this issue out first and restart the Asus (best router I have used so far) and install only one vpn.
Then my problems will be how to get the routing from the 10.8.0.x numbering of the vpn to that of the router which is 192.168.1.x and get the wireless clients to get online through the vpn
Thanks for responding. I have been offline since yesterday.

 

[yorgi]

By the time I got this advice, the whole system had become unusable. I later found out my mistake.
I have two vpn services. I assumed that I could install one in client 2 and that one goes to Miami and is a better vpn because the ip changes regularly.
The second I installed in client 4 and that one I chose a London gateway so I can continue watching NoWTV, Amazon Prime TV etc. This VPN does not seem to change its IP and that made me nervous.
I think that even though both are openvpn based, there was a conflict somewhere and I had to keep rebooting to clear the conflict but by the evening, I could not log into the net again even with wired clients. That told me I had issues so I reset the Virgin router to default and went back to the 192.168.0.1 addressing.
I am using a Virgin hub version 3 as the modem (essentially a Netgear router/modem)
Asus RT-AC68-U as the router.
I had followed your guide @yorgi religiously but for two separate vpn services so I think that is what caused the problem.
So now I will go back and restart all over again.
This is what I want to achieve.
I have some services in the USA I need to access as if I was based there.
I am however based in the UK for now. So I want to be able to access UK services like Amazon, NOW TV whilst accessing the US ones hence my installing two vpns.
Let me sort this issue out first and restart the Asus (best router I have used so far) and install only one vpn.
Then my problems will be how to get the routing from the 10.8.0.x numbering of the vpn to that of the router which is 192.168.1.x and get the wireless clients to get online through the vpn
Thanks for responding. I have been offline since yesterday.

when you say you have 2 VPN services are they from different providers or the same provider with 2 different VPN servers?
If you have 2 servers from the same provider it will never work right.
If not then I suggest you just do a default on the VPN clients then reboot and input the data again.
If you have issues with wireless to VPN you need to understand policy rules.
Let me know what the problem is because you are just writing stuff but not giving examples or what it is exactly you want to achieve.

 

[CaptainSTX]

when you say you have 2 VPN services are they from different providers or the same provider with 2 different VPN servers?
If you have 2 servers from the same provider it will never work right.
If not then I suggest you just do a default on the VPN clients then reboot and input the data again.
If you have issues with wireless to VPN you need to understand policy rules.
Let me know what the problem is because you are just writing stuff but not giving examples or what it is exactly you want to achieve.

With some VPN providers you can have multiple servers enabled and useable and running at the same time. On a AC1900P I had servers running in Chicago, Miami and Stockholm. I am running v68 of Merlin's firmware.

There are some limitations or at least I think they are limitations without writing custom iptables or scripts.

1. If you are going to run multiple VPN clients you should spread them between processors, at least in Merlin. Client 1 runs on processor 2, client 2 runs on processor 1. If you run a third client it will then run on processor 2 and so on and so on.

2. I don't believe Merlin's firmware will route the same local IP to a particular VPN client dependent on what service it is running. If I'm wrong I'm sure someone will chime in.

3. How I did have it setup using three VPN servers from Astrill is as follows:

a. assign devices that you want to connect using a VPN client a sticky/static IP.
b. You need to enable policy routing UNDER EACH VPN CLIENT.
c. UNDER EACH VPN CLIENT that you want to use, assign the device(s) to use this VPN to the VPN client. You can only assign a device using its static IP to a single VPN client. If you need a work around using an utility or a utility in your OS another IP. Then you can assign this contrived IP to another VPN by following steps a. & b. Not elegant but it will work.
d. None of my three VPN clients are setup to block routed devices if the VPN tunnel goes down. I don't know if blocking would cause problems but in my case I have a number of IoT devices connected to this router and continuing Internet connectivity is more important to me than using the tunnel.

Good luck.

 

[yorgi]

With some VPN providers you can have multiple servers enabled and useable and running at the same time. On a AC1900P I had servers running in Chicago, Miami and Stockholm. I am running v68 of Merlin's firmware.

There are some limitations or at least I think they are limitations without writing custom iptables or scripts.

1. If you are going to run multiple VPN clients you should spread them between processors, at least in Merlin. Client 1 runs on processor 2, client 2 runs on processor 1. If you run a third client it will then run on processor 2 and so on and so on.

2. I don't believe Merlin's firmware will route the same local IP to a particular VPN client dependent on what service it is running. If I'm wrong I'm sure someone will chime in.

3. How I did have it setup using three VPN servers from Astrill is as follows:

a. assign devices that you want to connect using a VPN client a sticky/static IP.
b. You need to enable policy routing UNDER EACH VPN CLIENT.
c. UNDER EACH VPN CLIENT that you want to use, assign the device(s) to use this VPN to the VPN client. You can only assign a device using its static IP to a single VPN client. If you need a work around using an utility or a utility in your OS another IP. Then you can assign this contrived IP to another VPN by following steps a. & b. Not elegant but it will work.
d. None of my three VPN clients are setup to block routed devices if the VPN tunnel goes down. I don't know if blocking would cause problems but in my case I have a number of IoT devices connected to this router and continuing Internet connectivity is more important to me than using the tunnel.

Good luck.

It may work with different providers but you are still taking a risk because if a router conflict happens there is no firewall to help you block traffic if VPN goes down. basically the router crashes and you leak DNS. so I would strongly advice using multiple VPN at the same with caution.

 

[scooby]

Thank you all for your responses. My situation got so bad that since I posted last - Aug 25, I have been virtually blocked out of the net. I am able to log on now because in the end I went back to the virgin router and reconnected the cables to it leaving the Asus. For some reason, I have this issue - the internet reports it is ok. all web clients both cabled and wireless can't access the internet.
Without the internet, I couldn't research the solution. Even now, I am still having issues with my server.
If anybody has any idea why this is happening I will appreciate the assistance.
I will raise a separate thread for my current problems with the locally installed vpn client.
My big problem is I think that for some reason, once the vpn clients are connected, they are assigned a network address of 10.10.x.x and my internal network is 192.168.x.x. This seems to jam up all traffic for all pcs.
I know the solution is routing so I am proposing installing entware on the asus.
With entware, I believe that the routing problem will be resolved.
My current plans are as follows:

1. Reset the Asus to factory default.
2. Activate the jffs partition.
3. Install Entware
4. Sort out the routing
5. Install firewall scripts I picked up from this forum.

I intend to follow this guide to install Entware - https://github.com/RMerl/asuswrt-merlin/wiki/Entware so I hope it will be straightforward.
If I have got it wrong, I will appreciate a shout.
Many thanks @yorgi, @CaptainSTX - I appreciate the comments. coding is not something I proactively approach. A bit like taking an injection.

By the way - 2 things I noticed about my workstation (HPZ800 NAS; 18 hdd; 96GB RAM; 2 monitors running of Quadro 2000 and Quadro 600) is that it seemed the memory ( routing memory) gets filled up quickly? After a while, internet slows down to a crawl and I have to flushdns and reset the routing table. after which I have to reboot. I don't know why it is happening but I can cope with it as long as the whole networks is ok.

 

[scooby]

@CaptainSTX With some VPN providers you can have multiple servers enabled and useable and running at the same time.

I was running two server locations from the same vpn and then another server location from another vpn provider but not at the same time. I wanted to test speed.
However I noticed that when I reboot the asus, all vpn clients came on immediately so I have to turn one off.

 

[yorgi]

I was running two server locations from the same vpn and then another server location from another vpn provider but not at the same time. I wanted to test speed.
However I noticed that when I reboot the asus, all vpn clients came on immediately so I have to turn one off.

If you have 2 different providers you shouldnt run into any problems but its a good practice to use them separately
If you don't want them to start up on reboot just disable the option start with WAN

 

[scooby]

just disable the option start with WAN

Thanks.
Will test.

In addition to post #9,

My current plans are as follows:
Reset the Asus to factory default.
Activate the jffs partition.
Install Entware
Sort out the routing
Install firewall scripts I picked up from this forum.

I need to update myself about nvram so I can also use Johns restore utility.