Access local server while using vpn service - eibgrad script

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
routvol
DD-WRT User


Joined: 02 Feb 2009
Posts: 87
PostPosted: Sun Jan 03, 2021 9:54    Post subject: Access local server while using vpn service - eibgrad script Reply with quote
Created this topic coming from https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686&start=15.

What I want to achieve thus my use cases:
Code:

dd-wrt router with opevnpn set up as client to connect to vpn service, outgoing traffic should go via vpn service for any client unless specified otherwise

local applications behind dd-wrt should be reachable via the wan interface:
synology server 1 application 1 (https webserver via brower) port xxx1
synology server 1 application 2 (https emby media server via app or browser) port xxx2
synology server 1 application 3 (https synology dsget app or via browser for file transfer) port xxx3

wireguard (from dd-wrt tab tunnel configured) to securely connect and access all local 192.168.x.0/24 network ips from remote

firewall rules set manually:
port forwarding for server 1, port xxx1, port xxx2, port xxx3
wireguard is managed by dd-wrt



eibgrad wrote:


Anyway, something to note when using my script when it comes to remote access. A common problem whenever a local device is bound to the VPN is that the device now becomes inaccessible over the WAN, since its replies are also routed over the VPN (rather than back over the WAN). My script *automatically* corrects for this problem; there is no need to add rules for these purposes. Any connections established inbound over the WAN (or VPN for that matter) are *marked* such that the replies are always forced back over the same network interface! Again, this happens *automatically*. Even if you never add any rules at all to the script, it will fix this problem.


First use case with http:
I am happy to say that this works for http tcp requests from the outside. This means that any request for port 1234 from a remote server to the WAN ip address is routed to the internal server 192.x.x.1, very cool one use case done Wink
To achieve this I just called the script based on the description of eibgard, without additional configuration.
Actually I dropped http and replaced it with https.

Without any change in eibgard's script the following works:
1) synology server 1 application 1 port xxx1 (https webserver via brower)
2) synology server 1 application 3 port xxx3 (https synology dsget app or via browser for file transfer)

What is not working currently:
1) synology server 1 application 2 port xxx2 (https emby media server via app or browser)
I can connect in the app or in the browser, I can navigate, but when trying to play a stream only a loading icon is displayed.

2) wireguard
Connection via smartphone works, but I cannot reach any 192.168.x.0/24 ip, which works if vpn service is disabled.


update:
ipset is introduced according to https://forum.dd-wrt.com/wiki/index.php/IPSET with build 44367, I am currently using build r43904 since this was mentioned in eibgrad script. Currently updating to r45229, which was a bit instable and moved now to r45219.
_________________
my dd-wrt configuration:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=682296

Last edited by routvol on Tue Jan 05, 2021 23:15; edited 6 times in total
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum