[ig007]

In most recent topic I posted good people guided me to information on how to enable OpenVPN server and client be utilized simultaneously from outside of network. This time I have another issue.

I set up proFTPD and Samba for USB storage plugged to DD WRT router R6700v3 with build 47090. DD WRT router is behind ISP router. Can only access FTP server from outside with VPN client disabled. Is that IP Tabling again? I don't know how and this time can't find any information on forum or web how to solve this. Also in case it is solved, would FTP working with VPN client improve security of FTP server? I have the option to enable FTP storage on another router without VPN client to save the headache if there are no security benefits. Please help.

[egc]

If you want to have access to an FTP server running on your network or router the safest way is to use the VPN server to contact your network.

Once you are inside you should be able to use things on you network there is one caveat, the VPN server has its own subnet, so your LAN clients have to accept that network (i.e. open up the firewall of said clients)
u
If you do not want to use the VPN server but just your WAN as access then you have to use PBR on the VPN client (just as when you are using the VPN server and client on the router) or alternatively port forwarding through the VPN client (not many providers support port forwarding through the VPN)

[ig007]

[egc]

First off all FTP is insecure and should not be used.
Use SFTP or FTPS.

If you want to connect to/via your WAN then your VPN client cannot occupy the WAN so your VPN client has to use PBR with exclusion of the routers address.

More or less the same as when you are running an OVPN server and OVPN client on the same router.

So when you use this setup the sftp traffic goes in via the WAN and goes out via the WAN (traffic has to use the same way in as out).
That answers your security question.

[ig007]

So I dumped the idea of FTP as I discovered speed via VPN tunnel to external USB drive is decent enough for me and also my initial testing over LTE was contributing somewhat to slow response from my NAS. Now I have a little different question(sorry for hijacking another thread) I have WRT3200ACM with build 47117 setup as VPN client and server with IP table setup as in guide in this forum enabling use of those at the same time. It is plugged to ISP router with port 1194 forwarded to it. I then have that WRT3200ACM plugged into WAN of R6700 with build 47090 with external HDD connected to USB and NAS box connected via LAN. No VPN client or server on R6700 obviously. Now I want to access my external HDD and NAS via OpenVPN from outside. What should I do and what settings do I need to apply and where? Can I just disable DCHP on R6700 and make it as extension of WRT3200 where all my wifi clients connect? In theory I the only reason I have two routers is that 3200 is 3-4x faster with VPN over LAN but sucks with wifi and vice versa, R6700 is slow with VPN, but delivers OK wifi. Thanks in advance.

[egc]

It is a viable option to put your wrt3200 as your primary router e.g. connect its WAN port to the internet and run the VPN server (and client) on it.

The R6700 is then used for Wifi and is setup as a WAP:
https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point
(set ip address in the subnet of the wrt3200, set gateway and local DNS to primary router, disable WAN and disable DHCP and connect LAN<>LAN)

You then have one seamless subnet.

When you connect to your OpenVPN server and want to access things on your LAN (like a NAS) make sure to Disable the "CVE mitigation"

Furthermore LAN clients will have their own firewall which is often not allowing the VPN subnet.
So deal with that or add a firewall rule to NAT traffic out of br0.
See the "OpenVPN troubleshooting guide" paragraph about: "LAN clients not reachable "

I use AndSMB from my Android phone to get to my NAS

[ig007]

[ig007]

So there is another problem now... My USB external HDD mounts well on any of two routers on subnet and I can see it over the network and access share, but whenever I try to write to it on Kubuntu OS, I get "There is not enough space on disk to write..." That is bs, because it is a freshly formatted disk and is empty. Similar response is on Windows 10, no write. I tried ext4 as well as ntfs with no luck. Formatted drive with GPT. No luck either. Whenever I try write to it on Android via CX File Explorer, it starts to write until about 270mb and then router crashes. I guess it just writes to router RAM somehow, but not the drive.. Anyway, there is nothing special I did with USB or Samba setup. All basic stuff as per guide in this forum wiki. Core USB enabled, USB storage enabled and auto mount enabled. It mounts... Samba enabled, HOME workgroup, v2.1-3.11, share added with RW, user set. Any clues?

[egc]

Glad the original problem is solved.

For the USB accessibility open a new thread in the router specific forum e.g. for the R6700v3 the Broadcom forum.

I only use USB sticks with ext2 format for /opt and /jffs so cannot help you with that.