VPN Problems via ASUS Router

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
Check your cameras also. Under Setup -> Network -> TCP/IP there should be a place to set the default gateway.
I tried this. What should it be set at? I tried it several ways with no luck.
 

Silas

Pulling my weight
Joined
Jan 6, 2017
Messages
328
Reaction score
121
Location
Down Under
You should only have 1, that is your router (on normal systems)
 

jrhoops

Young grasshopper
Joined
Aug 30, 2017
Messages
63
Reaction score
4
I know some devices have an option to allow local subnet or all subnets sort of like a firewall but it's actually an acl. In the network world your vpn subnet is an outside interface and needs to be treated accordingly. What is the exact model switch and camera?
 

Kitsap

Getting the hang of it
Joined
Jun 24, 2016
Messages
137
Reaction score
84
Location
Pacific Northwest
How do your access the internet? Through a DSL modem or a Cable modem? Is your ASUS router connected to the internet via another router?
 

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
I know some devices have an option to allow local subnet or all subnets sort of like a firewall but it's actually an acl. In the network world your vpn subnet is an outside interface and needs to be treated accordingly. What is the exact model switch and camera?
Switch is a Zyxel GS1900-10HP, cameras are Dahua HDW5231R-Z.
 

Kitsap

Getting the hang of it
Joined
Jun 24, 2016
Messages
137
Reaction score
84
Location
Pacific Northwest
The device at the end of your fiber, by whatever name you want to call it, has an IP address and depending on the device it may also be acting as a router. Do you connect the internet into your ASUS AC68U via Ethernet cable?
 

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
The device at the end of your fiber, by whatever name you want to call it, has an IP address and depending on the device it may also be acting as a router. Do you connect the internet into your ASUS AC68U via Ethernet cable?
Yes I do.

Sent from my SM-G930V using Tapatalk
 

jrhoops

Young grasshopper
Joined
Aug 30, 2017
Messages
63
Reaction score
4
getting off the rails here. we have verified the vpn is good, firewall is ifne because you can connect to the switch. I assume you can connect to the camera from within the local network, I also assume it is on the same network as the switch and the rest of the devices. In order for IP to work you need to have route to the destination and the destination has to have a return route or you must be in the path of the default route. We verified this when you confirmed your switch had no default route configured. So can you confirm local connectivity and verify the settings on the cam. What is the error message specific to the camera? Do you have any other device connected to this same switch (such as a network printer) that you can verify connectivity with
 

jrhoops

Young grasshopper
Joined
Aug 30, 2017
Messages
63
Reaction score
4
Also, on your camera interface check the network > IP Filter settings and make sure it is either correct, or if you don't know, blank/clear/no entries
 

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
getting off the rails here. we have verified the vpn is good, firewall is ifne because you can connect to the switch. I assume you can connect to the camera from within the local network, I also assume it is on the same network as the switch and the rest of the devices. In order for IP to work you need to have route to the destination and the destination has to have a return route or you must be in the path of the default route. We verified this when you confirmed your switch had no default route configured. So can you confirm local connectivity and verify the settings on the cam. What is the error message specific to the camera? Do you have any other device connected to this same switch (such as a network printer) that you can verify connectivity with
To confirm, I CAN connect to the camera from my computer. The camera's static IP is within the same range as all my other devices. Default gateway is set as the IP of my router. The error message is the same I got when I could not connect to the switch. I connected my printer to the switch via ethernet cable and I WAS able to access it via VPN.

Also, on your camera interface check the network > IP Filter settings and make sure it is either correct, or if you don't know, blank/clear/no entries
Also confirmed that there are no entries here.
 

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,029
Reaction score
47,501
Location
Floriduh
I am using a Netgear R7000 router that has OpenVPN as a feature. Each time I make a change to the configuration on the router I have to save the changes and generate a new configuration file for the client machine. On Android I have to import the new configuration file into the Android client and on Windows I have to copy the new configuration file into the proper directory.

Also make sure your router configuration shows the clients will use this VPN connection to access all sites on the Internet & Home Network.

For advanced settings I use:

TUN Mode Service Type UDP
TUN Mode Service Port 12973
TAP Mode Service Type UDP
TAP Mode Service Port 12974

I'm having a very similar problem as the OP with the same Netgear router as you and same settings. iPhone successfully connects via OpenVPN to the router, router assigns IP address of 192.168.254.2 yet my LAN is 192.168.1.X so when I launch iDMSS to connect to the DVR, login times out. DVR shows no attempt to login.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
To confirm, I CAN connect to the camera from my computer. The camera's static IP is within the same range as all my other devices. Default gateway is set as the IP of my router. The error message is the same I got when I could not connect to the switch. I connected my printer to the switch via ethernet cable and I WAS able to access it via VPN.


Also confirmed that there are no entries here.
Can you ping the IP address of the cam?

Never mind... I see now that you said you can connect to it.
 

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
Can you ping the IP address of the cam?

Never mind... I see now that you said you can connect to it.
Yes, I can connect from the computer. Just not via VPN. Pinging from VPN just says 100% packet loss and tracert does't get any further than VPN IP.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Yes, I can connect from the computer. Just not via VPN. Pinging from VPN just says 100% packet loss and tracert does't get any further than VPN IP.
So, following jhoops summary above:

You can connect to the VPN.

You can connect to the Zyxel managed switch inside your network with a 192.168.x.x address.

You can connect to a non-POE device (printer) with the same 192.168.x.x subnet addressing on that same switch.

So we know that the VPN is OK and that the routing between your remote and local devices through the VPN all is working properly at a basic level and you *should* then be able to get to any other IP address within that same subnet (assuming no other restrictions exist).

But...

You can't get to a POE-powered device (camera) within that same 192.168.x.x subnet from the VPN but can when connected locally from the same device?

Assuming that's correct, do you have any way to power the camera other than the switch? Alternately, do you have another camera/other POE device that you can try? Wondering if there's some restriction that the switch is imposing on the POE port side or maybe by address range. Is your desktop using a DHCP or static address?
 

SkwatzForFood

Getting the hang of it
Joined
Jul 2, 2017
Messages
109
Reaction score
21
So, following jhoops summary above:

You can connect to the VPN.

You can connect to the Zyxel managed switch inside your network with a 192.168.x.x address.

You can connect to a non-POE device (printer) with the same 192.168.x.x subnet addressing on that same switch.

So we know that the VPN is OK and that the routing between your remote and local devices through the VPN all is working properly at a basic level and you *should* then be able to get to any other IP address within that same subnet (assuming no other restrictions exist).

But...

You can't get to a POE-powered device (camera) within that same 192.168.x.x subnet from the VPN but can when connected locally from the same device?

Assuming that's correct, do you have any way to power the camera other than the switch? Alternately, do you have another camera/other POE device that you can try? Wondering if there's some restriction that the switch is imposing on the POE port side or maybe by address range. Is your desktop using a DHCP or static address?
No other way to power the camera than with the switch. I'll give another camera a shot in a bit and report back. Desktop is using static IP.

Sent from my SM-G930V using Tapatalk
 
Top