Gl-MiFi how to reach web UI from OpenVPN TAP server

Technical Support for Routers
1

Hi, I’m using several Gl-MiFis as OpenVPN clients TAP. I use these routers in remote location, connected to other system for service purpose. Everything seems to work correctly, but I’m not able to access to the web configuration UI of the Gl-Mifis, from OpenVPN server side.
I use a FreshTomato router as OpenVPN TAP server.
Some examples:

FreshTomato OpenVPN server router:

  • local LAN: 192.168.223.100 - 192.168.223.253 DHCP
  • OpenVPN server client address pool: 192.168.223.1 - 192.168.223.99 no DHCP

Gl-MiFi 1

  • local IP: 192.168.101.1
  • local LAN: 192.168.101.10 - 192.168.101.19 DHCP

Gl-MiFi 2

  • local IP: 192.168.102.1
  • local LAN: 192.168.102.10 - 192.168.102.19 DHCP

When Gl-MiFi 1 connects to OpenVPN server, gets the OpenVPN IP for example 192.168.223.1, and also the Gl-MiFi clients get the IPs from the server. I can ping and navigate every clients without problem, but if I try to ping or open the web UI at the following addresses: 192.168.223.1 or 192.168.101.1, I cannot connect nor have an answer.

I need to configure Gl-MiFis from remote (server side). Is this possible?
Note that I cannot use any ddns service or direct remote access, because I use Gl-MiFis connected to Internet via 3G modem. 3G network is under NAT, without direct connection.
Thank you

3

Hi,

I am not sure if it will work but you can try to change firewall setting in GL-MiFi.
The vpn_zone firewall drops the input data by default, you can edit line 57 in /etc/init.d/startvpn, change

uci set firewall.vpn_zone.input='DROP'

to

uci set firewall.vpn_zone.input='ACCEPT'

Then enable the vpn again.

4

Not sure why you would use TAP here rather than TUN (less 3G traffic). My early experience with TAP led me to go TUN and never look back.

But I’m not following how the OpenVPN server is configured. What is the server’s own LAN IP address? I’m guessing it is also 192.168.223.1? Might that be why you can get to 192.168.223.2 (if I follow you) and not .1?

5

No, I’m sorry it doesn’t work

6

TUN is not an option in my case: I’m using it with proprietary protocol that need broadcast and to be in the same subnet. Thank you anyway.

7

After many test, I must give up. I’m trying to use this router for professional use in customer service environment. I’m afraid to say that it isn’t the right choice for my needs. So I have to move to a different device. Thank you anyway for your time.