GL-AX1800 / FW 4.2.1 / WAN access to Router / LAN devices with VPN-client/server enabled

Keep it as default - unicast…

ALWAYS disable/re-enable VPN connection after changes!

I took the ip from the following screen

and created a rule like this:

ISP-modem is connected to flint on WAN-Port.

And yes, I did deactivate and reactive the VPN-client

You need to set the local lan IP not the public one !

You can easily find these IPs by checking the routing tables and interfaces. It should be


Actually I am not sure which IP to set.
It modified the rule now to look like

with the IP of my router …
But still no success …


How did you find the IP of your gl router when configured the port forwarding?

Have read this please?

Yes, of course I read what you wrote
and yes, is the IP of my router also configured in my port forwarding rule …

But obviously I don’t get what you mean with:
You can easily find these IPs by checking the routing tables and interfaces. It should be

Maybe you can clarify for me … thanks

This is the IP of your GL router which you configured for port forwarding on the ISP modem.

Now you need to find the other IP end ( to be able to add it in the static route on GL.

If you go to Routing table on either your modems you can spot it easily. Alternatively you can login through ssh on gl and perform traceroute to find the isp IP.

NOTE: if your not using VLANs on you’re isp modem, then the ip in question is the same one that you use for logging in into the web interface.

Looking at your previous screenshot, Why did you add the ip with /0???

because it is required:


Once you find Your isp IP then add it in the static route with /32

I actually already tried it with … without success
but I think you mean not the IP of the router itself in my LAN, or??

I told you before what you did is incorrect. How can you add static route to itself ?!! You need the peer ip Two devices connected by a cable meaning each end has an IP to communicate. You found your gl ip and set it on the isp modem port forwarding: now you need to do the opposite by finding the other ip end and add it to static route in gl.

I repeated that you can find it in routing table or interfaces . I also told you to login ssh to your gl modem and perform traceroute to find it - there are tons of ways to find what’s your isp ip.

After further clarification of the topology the correct static route could be set.

Interface: The one from your gl.device which is connected to your ISP-device
Route Type: unicast
Target: the IP-address from which you connect in the WAN-area followed by /32. E.g.
Gateway: can be left blank (as derived from interface) or the gateway assigned by your ISP.

It is now working as planned!

Thanks SpitzAX3000 for your great support!