routvol DD-WRT User
Joined: 02 Feb 2009 Posts: 87
|
Posted: Sun Jan 03, 2021 9:54 Post subject: Access local server while using vpn service - eibgrad script |
|
Created this topic coming from https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686&start=15.
What I want to achieve thus my use cases:
Code: |
dd-wrt router with opevnpn set up as client to connect to vpn service, outgoing traffic should go via vpn service for any client unless specified otherwise
local applications behind dd-wrt should be reachable via the wan interface:
synology server 1 application 1 (https webserver via brower) port xxx1
synology server 1 application 2 (https emby media server via app or browser) port xxx2
synology server 1 application 3 (https synology dsget app or via browser for file transfer) port xxx3
wireguard (from dd-wrt tab tunnel configured) to securely connect and access all local 192.168.x.0/24 network ips from remote
firewall rules set manually:
port forwarding for server 1, port xxx1, port xxx2, port xxx3
wireguard is managed by dd-wrt
|
eibgrad wrote: |
Anyway, something to note when using my script when it comes to remote access. A common problem whenever a local device is bound to the VPN is that the device now becomes inaccessible over the WAN, since its replies are also routed over the VPN (rather than back over the WAN). My script *automatically* corrects for this problem; there is no need to add rules for these purposes. Any connections established inbound over the WAN (or VPN for that matter) are *marked* such that the replies are always forced back over the same network interface! Again, this happens *automatically*. Even if you never add any rules at all to the script, it will fix this problem.
|
First use case with http:
I am happy to say that this works for http tcp requests from the outside. This means that any request for port 1234 from a remote server to the WAN ip address is routed to the internal server 192.x.x.1, very cool one use case done
To achieve this I just called the script based on the description of eibgard, without additional configuration.
Actually I dropped http and replaced it with https.
Without any change in eibgard's script the following works:
1) synology server 1 application 1 port xxx1 (https webserver via brower)
2) synology server 1 application 3 port xxx3 (https synology dsget app or via browser for file transfer)
What is not working currently:
1) synology server 1 application 2 port xxx2 (https emby media server via app or browser)
I can connect in the app or in the browser, I can navigate, but when trying to play a stream only a loading icon is displayed.
2) wireguard
Connection via smartphone works, but I cannot reach any 192.168.x.0/24 ip, which works if vpn service is disabled.
update:
ipset is introduced according to https://forum.dd-wrt.com/wiki/index.php/IPSET with build 44367, I am currently using build r43904 since this was mentioned in eibgrad script. Currently updating to r45229, which was a bit instable and moved now to r45219. _________________ my dd-wrt configuration:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=682296
Last edited by routvol on Tue Jan 05, 2021 23:15; edited 6 times in total |
|