I need some help trying to figure out why my Slate AXT1800, when connected (as a Client) to my ASUS RT-AX86U via OpenVPN (VPN config exported from Asus Router) does not provide internet access at all.
I first connected the Slate to the network (same ASUS Router) in Repeater Mode. This works fine, it connects, has internet access and is given a DHCP IP address 192.168.1.32 by the router.
I am reasonably confident my OpenVPN config is fine, I have operated it from iOS and Windows devices (remotely) and used RDP with no issue.
One issue I did have in trying to get this thing to work was that this profile would NOT turn on via the GLINET APP; only via the webadmin page. Possibly a separate GLiNET app issue?
In the ASUS Router VPN Webadmin page I can SEE the GLiNet device is connected via the correctly named profile. So, why does it not give me internet access? Running 4.1.0 beta 3 29Oct22. Set the SLATE on 192.168.9.1 to avoid issues with IP addresses of certain MiFi dongles.
I even tried enabling IPV6. Nope.
Before I reset everything, am I missing a step here ?
GLiNET App Version 1.3.2 (122) on iPad. Same on iPhone
# Config generated by Asuswrt-Merlin 386.7, requires OpenVPN 2.4.0 or newer.
client
dev tun
proto udp
remote xxxxxxxxxxxxxxx.asuscomm.com 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
CUT FOR SECURITY
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
CUT FOR SECURITY
-----END CERTIFICATE-----
</cert>
<key>
CUT FOR SECURITY
-----END PRIVATE KEY-----
</key>
See attached.
The first set (the ones that work) are routes when the Slate is connected to my ASUS Router in Repeater Mode only. Internet Works. IPV6 (there was a message about IPV4).
The second set (the ones that do not work) are routes when the Slate is in VPN Mode.connected to my Router in Repeater Mode, but the . Internet Works. IPV6 (there was a message about IPV4).
There are a few other issues with the GLiNET but I wil post on thes separately.
I’m sorry you’re going to have to explain a wee bit more what you need me to do here?
I’m good at following instructions, reasonably tech savvy, but I’m not in IT or know anything about Nix etc so working out what you’d like me to do is a challenge.
If my main ASUS Router runs OpenVPN Server and IPv6 is enabled, do I have to disable IPv6 on that router before the SLATE OpenVPN client can connect to it; is this what you mean?
By “see” the IP address of my router, do you mean can I access the ASUS admin page with IPv6 disabled (on the SLATE client?) Leaving OpenVPN on with IPv6 off I ran traceroute to the asus server on 192.168.1.1 see attached.
Your OpenVPN Client profile does not have IPv6 enabled. it uses the parameter proto udp6 to enable it.
The VPN Client feature on the AXT1800 does not yet support IPv6.
So you should disable IPv6 on the AXT1800 and then retest traceroute google.com
We now need to verify that when the AXT1800 accesses the Internet, the packets are correctly forwarded to the RT-AX86U.
If 10.8.0.1 is the virtual address of your OpenVPN Server, then packets accessing the Internet are reaching the RT-AX86U correctly, and as to why the RT-AX86U is not sending it, you should check the configuration of the RT-AX86U.
That’s odd because as noted above I have long had a successful VPN connection when I access my ASUS VPN via any Windows or iOS OpenVPN client, using the exact same OVPN profile.
Why then, in attempting the same using the SLATE, does it not work, and becomes a problem with the ASUS? I struggle with this (not saying you are wrong, it just doesn’t make sense).
Why do you use it in this way?
I’m not sure if this will result in a loopback on OpenVPN Server. This should be an undefined usage scenario for OpenVPN.
I am just testing it before my wife takes a trip. Eventually it will be abroad and I wanted her to be able to turn on the vpn on the SLATE maybe assigned to an easy button, then she can access my ASUS router and RDP to home PC resources without having to tun OVPN from her PC; which is the current arrangement. I’m pretty miffed it doesn’t work like I intended (but maybe it’s me).
Do Windows or iOS devices also have direct access to the RT-AX86U’s Wi-Fi?
No, what I mean is that the OpenVPN Server needs to be checked to see why the forwarding is not taking place. We haven’t identified the problem yet.
I personally suspect more of a loopback causing it. Can you have the AXT1800 networked in another way (without RT-AX86U) and try again?
[quote=“yuxin.zou, post:14, topic:24905”]
Do Windows or iOS devices also have direct access to the RT-AX86U’s Wi-Fi? [/quote]
Yes, some do. But my testing of the connection is via the iPad connected to the SLATE WIFI; which is connected to the ASUS via Wi-Fi repeater mode. Eventually this will not be the connection mode.
I can but I’m going to need some guidance how. Shall I try to tether it to my phone? I thought about attaching it via Ethernet but that didn’t make sense?
So I’ve learnt a bunch of stuff (steep learning curve).
Using tethering (LTE ONLY) on the SLATE I can access the ASUS Webadmin and run RDP with OpenVPN enabled. This is the behaviour I expected. It is RDP my wife needs, not internet access via OpenVPN. I must apologize here as I forgot I had “LAN only” enabled on the VPN Server; hence no internet.
I still do not know why I can NOT access the ASUS Webadmin and run RDP with OpenVPN enabled, when the SLATE is connected to the ASUS Router in repeater mode, although if it works outside my LAN it’s not a major issue. Just harder to test at home. Be nice for it work though
It works fine when I’m not using the SLATE so I’m not sure if the firewall really is the culprit. If you go through the thread above you will see the inability to use RDP (when the SLATE is also connected in repeater mode) via OkenVPN is solely when I try to use the SLATE (noting that OUTSIDE my network the SLATE works as expected).
