No internet via Slate AXT1800 when connected to VPN Server via OpenVPN, via Repeater?

SmurfonToast · 2022-11-01T06:55:24.398Z

I’m sorry you’re going to have to explain a wee bit more what you need me to do here?

I’m good at following instructions, reasonably tech savvy, but I’m not in IT or know anything about Nix etc so working out what you’d like me to do is a challenge.

If my main ASUS Router runs OpenVPN Server and IPv6 is enabled, do I have to disable IPv6 on that router before the SLATE OpenVPN client can connect to it; is this what you mean?

By “see” the IP address of my router, do you mean can I access the ASUS admin page with IPv6 disabled (on the SLATE client?) Leaving OpenVPN on with IPv6 off I ran traceroute to the asus server on 192.168.1.1 see attached.

Is this what you need?

image1485×1015 135 KB

yuxin.zou · 2022-11-01T07:10:24.130Z

Let me re-explain.

Your OpenVPN Client profile does not have IPv6 enabled. it uses the parameter proto udp6 to enable it.
The VPN Client feature on the AXT1800 does not yet support IPv6.

So you should disable IPv6 on the AXT1800 and then retest traceroute google.com
We now need to verify that when the AXT1800 accesses the Internet, the packets are correctly forwarded to the RT-AX86U.

SmurfonToast · 2022-11-01T07:21:16.043Z

Ok so :
running OpenVPN client on the Slate, no IPv6
running OpenVPN Server on the RT-AX86U, IPv6 enabled.

Trace route below. I stopped after 9… it goes to 20.

image1544×1281 144 KB

HTH
k.

PS changed Slate to IP 192.168.7.1 as 192.168.9.1 is the Guest Network. 192.168.8.1 reserved for fixed MiFis.

yuxin.zou · 2022-11-01T07:23:25.021Z

SmurfonToast:

I first connected the Slate to the network (same ASUS Router) in Repeater Mode.

One more question, which of the following do you mean here?

Two RT-AX86Us in two different locations, one as an OpenVPN Server and the other as the main router for the AXT1800.
One RT-AX86U, which acts as the OpenVPN Server and also as the main router.

yuxin.zou · 2022-11-01T07:28:17.862Z

If 10.8.0.1 is the virtual address of your OpenVPN Server, then packets accessing the Internet are reaching the RT-AX86U correctly, and as to why the RT-AX86U is not sending it, you should check the configuration of the RT-AX86U.

SmurfonToast · 2022-11-01T07:30:15.476Z

The second: One RT-AX86U, which acts as the OpenVPN Server and also as the main router.

SmurfonToast · 2022-11-01T07:34:27.352Z

That’s odd because as noted above I have long had a successful VPN connection when I access my ASUS VPN via any Windows or iOS OpenVPN client, using the exact same OVPN profile.

Why then, in attempting the same using the SLATE, does it not work, and becomes a problem with the ASUS? I struggle with this (not saying you are wrong, it just doesn’t make sense).

K.

yuxin.zou · 2022-11-01T07:34:27.658Z

Why do you use it in this way?
I’m not sure if this will result in a loopback on OpenVPN Server. This should be an undefined usage scenario for OpenVPN.

SmurfonToast · 2022-11-01T07:37:51.239Z

I am just testing it before my wife takes a trip. Eventually it will be abroad and I wanted her to be able to turn on the vpn on the SLATE maybe assigned to an easy button, then she can access my ASUS router and RDP to home PC resources without having to tun OVPN from her PC; which is the current arrangement. I’m pretty miffed it doesn’t work like I intended (but maybe it’s me).

yuxin.zou · 2022-11-01T07:39:05.017Z

SmurfonToast:

I access my ASUS VPN via any Windows or iOS OpenVPN client

Do Windows or iOS devices also have direct access to the RT-AX86U’s Wi-Fi?

SmurfonToast:

becomes a problem with the ASUS?

No, what I mean is that the OpenVPN Server needs to be checked to see why the forwarding is not taking place. We haven’t identified the problem yet.
I personally suspect more of a loopback causing it. Can you have the AXT1800 networked in another way (without RT-AX86U) and try again?

SmurfonToast · 2022-11-01T07:45:01.960Z

[quote=“yuxin.zou, post:14, topic:24905”]
Do Windows or iOS devices also have direct access to the RT-AX86U’s Wi-Fi? [/quote]

Yes, some do. But my testing of the connection is via the iPad connected to the SLATE WIFI; which is connected to the ASUS via Wi-Fi repeater mode. Eventually this will not be the connection mode.

yuxin.zou:

No, what I mean is that the OpenVPN Server needs to be checked to see why the forwarding is not taking place. We haven’t identified the problem yet.
I personally suspect more of a loopback causing it. Can you have the AXT1800 networked in another way (without RT-AX86U) and try again?

I can but I’m going to need some guidance how. Shall I try to tether it to my phone? I thought about attaching it via Ethernet but that didn’t make sense?

yuxin.zou · 2022-11-01T07:49:30.481Z

You can use the Networking Wizard on the App. It will guide you configure to Tethering.
Network Tab - Internet - Networking Wizard

Or refer to the document if you do not have another phone.

SmurfonToast · 2022-11-01T09:31:59.920Z

OK thanks!

So I’ve learnt a bunch of stuff (steep learning curve).

Using tethering (LTE ONLY) on the SLATE I can access the ASUS Webadmin and run RDP with OpenVPN enabled. This is the behaviour I expected. It is RDP my wife needs, not internet access via OpenVPN. I must apologize here as I forgot I had “LAN only” enabled on the VPN Server; hence no internet.

I still do not know why I can NOT access the ASUS Webadmin and run RDP with OpenVPN enabled, when the SLATE is connected to the ASUS Router in repeater mode, although if it works outside my LAN it’s not a major issue. Just harder to test at home. Be nice for it work though

image750×460 63.5 KB

image1920×1281 150 KB

image1711×1320 151 KB

image1705×1141 179 KB

k.

alzhao · 2022-11-02T05:26:47.149Z

SmurfonToast:

I still do not know why I can NOT access the ASUS Webadmin and run RDP with OpenVPN enabled,

For RDP, can you check if it is Windows firewall blocking it. I do a lot of support and the main reason is that windows firewall.

For Asus web admin, not sure what is the reason.

SmurfonToast · 2022-11-02T05:59:40.461Z

It works fine when I’m not using the SLATE so I’m not sure if the firewall really is the culprit. If you go through the thread above you will see the inability to use RDP (when the SLATE is also connected in repeater mode) via OkenVPN is solely when I try to use the SLATE (noting that OUTSIDE my network the SLATE works as expected).

alzhao · 2022-11-02T06:11:17.814Z

Openvpn is complicated because it push route to the client.

While the using openvpn on the router add extra layer of NAT so the route is more complicated.

I read through the post again, too long. So the problem happens if you configure ovpn using app or web panel right?

Can you post the system log of the router after vpn is connected?

What is the IP of your RDP server?

SmurfonToast · 2022-11-02T08:05:38.197Z

Hi can you see this https://pastebin.com/qDP92xU3 ? I opened a pastebin account to be able to upload it but I am a bit worried it shows my MAC addresses. I will delete it as soon as you are done. It’s just the last snippet of log, the full log was massive. You will see I tried both Ethernet and Wi-Fi repeater modes. No joy. Still cannot get to 192.168.1.1 or RDP with OpenVPN running on a SLATE connected in those Modes.

RDP PC IP 192.168.1.10.

K

alzhao · 2022-11-03T04:20:48.041Z

I checked the log (you can remove it now)

Unfortuantely it is log from Asus router, not AXT1800 router. I need log on AXT1800 instead.

SmurfonToast · 2022-11-03T04:46:27.078Z

Ok I’ll do it again. You didn’t specify which Router’s log you wanted, I assumed you meant the one it was connecting to …

SmurfonToast · 2022-11-03T06:08:46.386Z

logread.tar.zip (603 KB)
Ok hopefully this is correct. Please rename to just .tar, I didn’t actually zip it, I just added .zip to the filename as the forum doesn’t like .tar uploads.

k.