VPN via Fritz!Box using luci

Technical Support for Routers
1

Hey guys,

I am new with GL-inet, some time ago I purchased a GL-AR750S-Ext (Slate). I am absolutely amazed with the functionality! Now I am trying to set-up a VPN connection to my fritzbox. Somehow it works but not completely as it should. I basically followed the tips shown on VPN zwischen LEDE (OpenWRT) und FRITZ!Box via LuCI | Sebastian Klein. But I think I am missing something…

The GL-AR750S-Ext connects to any wifi network (e.g. local open wifi) on the one hand and on the other hand my own clients connect to a wifi provided by the GL-AR750S-Ext. The plan is now to establish the vpn connection to the fritzbox via the local open wifi and tunnel all traffic from the clients through the vpn.

Right now the fritzbox is accessible from the internet (via dyndns) and acts as a VPN router. I set up the GL-AR750S-Ext via luci with an interface (VPNC protocol). That seems to connect and also the fritzbox shows an established connection.
image

But the traffic of the clients within the wifi of GL-AR750S-Ext right now does not go through the VPNC interface. It seems to go directly through the local open wifi. When activating the internet kill switch, nothing goes through at all.

Does anyone see my error? Do I need an additional bridge or other firewall rules?

Thank you very much for your troubles.
Cheers
Daniel

2

Some screenshots (without showing complete addresses… :wink: ):
image

3

image

5

What is the protocol of the vpn and how did you config?

6

I did it by now all again with the same result. I used some different names to make it easier: First I reset the router and did a complete update. Then I did install via Luci: vpnc, vpnc-scripts and luci-proto-vpnc and did a reboot.

I added a new network interface with name TUN0 with protocol VPNC. I added a firewall zone to that named `tun0zone’. Also I added that to the firewall rule ‘lan’. I will post some screenshots below.

The result is that the VPN connection is working as proven in Luci and as well by looking into the server side. What is not working is that everything goes through the wan connection and is not using the vnc tunnel.

8

image
image499×594 57.6 KB

9

image

10

image
image594×667 52.5 KB

11

May you can remove lan => wan and only reserve lan => turn0zone

12

Good point. I just tried that. But then I do not get anything through the connection by devices connected to the wifi network of the slate.
.
Firewall then looks like:
image

But via trace route the slate seems to have access:
image

But also the packets of the slate do not g through the VPN connection as the packets to not change:
image

13

I also additionally set up the VPN policies. It does not change anything in the behavior.
image

From my point of view I think I am somehow missing a rule that diverts the traffic through the VPN?

14

You need to set up vpn to wan forward.

Here is the default firewall rules when I build a wireguard connection on my router.

image
image986×341 27.1 KB

15

That I just also tried. I still had a connection, but not via VPN. Just through the wan connection…
image

Number of packets noch rising. Also I checked the outside seen IPV4 dress via portchecktool.com and it shows the ip address of my home network instead of the VPN network…
image

16

Is there a rule I need to set up to only allow the packets from lan go through tun0?

17

Have you set up the corresponding static route?

18

Good hint. Actually not. But I do not know how exactly. Do you have some instructions?

I would need it supposingly from lan to tun0? And vice versa?

19

Sorry, it still does not work. Nothing goes through the tunnel but, everything through lan. I set up these routes:

image
image735×239 18.9 KB

I have these interfaces:

image
image504×653 59.3 KB

And these zones:
image

A hopeless situation it seems… Any other good idea? Everything could help…

20

Did you manage to resolve this? I can’t get it to work either but I’m not good enough with networking to figure it out :frowning:

I ssh’d into the gl-inet router and noticed that I couldn’t even ping my VPN server (using the vpn-issued address)

21

Don’t reply old post. Just start a new one with details of your issue. This is much easier to follow.

22

Hi Wieselchen, did you manage to get the traffic through the VPNC Connection?
Same issue here.

Cheers
Mike

1 Like