Menu
What's new

OpenVPN Asus RT-AX86U does not work

Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
BruceWayne007 said:
No, I do not see them. I do see them when direct connect but not via VPN.
Click to expand...
Hmmm... You should. They should be getting a DHCP address within whatever pool you have set up. That might just be something with how Asus shows them though. I remember that being kind of flaky sometimes.

Do you have anything other than the router that you can try to connect to within your network? Other than the NVR.
 
Sybertiger

Sybertiger

Known around here
Joined
Jun 30, 2018
Messages
4,717
Reaction score
13,620
Location
Orlando
This is what it should look like. Check yours to see if it's similar.

Nothing connected via OpenVPN but VPN server verified as running.

1705548998868.png

Cell phone connected via OpenVPN through home network (WiFi) === VPN not needed when at home

1705549370663.png



Cell phone connect via OpenVPN through cell tower (WiFi turned off)

1705549156772.png
 
Last edited:
T

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,415
Reaction score
2,815
Location
USA
OK. It is clear your phone is connecting to the VPN service while local or remote. This is good because it confirms the VPN is working.

At this point, I think we can safely say it is NOT a VPN issue - especially if the NVR has a local address on the 192.168.1.X network. I still feel like it is an issue/security measure with the NVR itself. The "tunnel" network that the VPN service is creating is the 10.8.0.X network. The network address of 10.8.0.2 is the network address that your cell phone traffic is going to appear as coming from. This means that the NVR will see a request/data coming in from 10.8.0.2 and not a local address on the 192.168.1.X network. Again, if there is some security setting in the NVR that limits outside connections, that is likely what is preventing the phone from communicating with the NVR.

Long story short, I think we need to start looking into the NVR settings to see if we can solve the problem.
 
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,601
Reaction score
48,968
Location
Floriduh
Agree
And because the IP of the device connected via VPN is being assigned an IP by the router of 10.8.0.x (verified) I wonder if he has under "security", his NVR Firewall/Network Access enabled. If he does and he has "trusted Sites" checked and has any entry there, it is limiting what can connect to the NVR. Anything else would be flat rejected and not allow you to get to the NVR interface.
 
Last edited:
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
The router shows the VPN address in that screen. The NVR doesn't see the 10.x.x.x address. From its perspective (and that of other local devices), he also should have a 192.168.x.x address on the internal network that's assigned by DHCP (could be static if you wanted but that's not been done here). That's what will be used locally beyond the router.

I'd agree that the issue likely is at the NVR but that's what I was trying to check when asking about seeing a local 192.168.x.x address and if any other local device could be accessed. You may be able to access the router since it has a direct path on the same device with the 10.x.x.x address. But if no local address and/or you can't hit anything else, then it's not getting a local 192.168.x.x address as it needs or otherwise isn't able to get out of the router. If you can access some other device, then that should be good and it must be the NVR itself or how you're trying to access it more specifically.

^ That's wrong.
 
Last edited:
bigredfish

bigredfish

Known around here
Joined
Sep 5, 2016
Messages
17,601
Reaction score
48,968
Location
Floriduh
NVR sees the 10.8.0.X user

loggedin-VPNuser.jpg vpn-loggedin.jpg

And if he has this enabled, and likely would have a local LAN IP there.....NVR would bounce anything else including the VPN user
Firewall-1.jpg
 
Last edited:
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
Yeah, I just looked at mine in BI and was coming back to correct that. And I think you're probably right about that as the reason.
 
BruceWayne007

BruceWayne007

Young grasshopper
Joined
Jul 31, 2020
Messages
79
Reaction score
15
Location
Little Rock, AR
Mike A. said:
Yeah, I just looked at mine in BI and was coming back to correct that. And I think you're probably right about that as the reason.
Click to expand...
bigredfish said:
Well, I thought I was right about the last 5 reasons so not holding my breath.... :lmao:
Click to expand...
Thanks again for everyone's help.

Alrighty, I think we can agree the iPhone is connecting to my Asus Router using OpenVPN. Look at the circle with the key and the same circle with the blue dot. When I hover over the key circle I get a question mark and a box with Connected pops up. If I click on the key circle I get the Client status - 1 pop up.

I think we should pick apart the NVR configuration.
 

Attachments

BruceWayne007

BruceWayne007

Young grasshopper
Joined
Jul 31, 2020
Messages
79
Reaction score
15
Location
Little Rock, AR
I am ready to pick apart the NVR configuration or try WireGuard VPN?

I have changed some of the NVR ports and I still cannot connect with OpenVPN.
 

Attachments

BruceWayne007

BruceWayne007

Young grasshopper
Joined
Jul 31, 2020
Messages
79
Reaction score
15
Location
Little Rock, AR
The Automation Guy said:
OK. It is clear your phone is connecting to the VPN service while local or remote. This is good because it confirms the VPN is working.

At this point, I think we can safely say it is NOT a VPN issue - especially if the NVR has a local address on the 192.168.1.X network. I still feel like it is an issue/security measure with the NVR itself. The "tunnel" network that the VPN service is creating is the 10.8.0.X network. The network address of 10.8.0.2 is the network address that your cell phone traffic is going to appear as coming from. This means that the NVR will see a request/data coming in from 10.8.0.2 and not a local address on the 192.168.1.X network. Again, if there is some security setting in the NVR that limits outside connections, that is likely what is preventing the phone from communicating with the NVR.

Long story short, I think we need to start looking into the NVR settings to see if we can solve the problem.
Click to expand...
bigredfish said:
Agree
And because the IP of the device connected via VPN is being assigned an IP by the router of 10.8.0.x (verified) I wonder if he has under "security", his NVR Firewall/Network Access enabled. If he does and he has "trusted Sites" checked and has any entry there, it is limiting what can connect to the NVR. Anything else would be flat rejected and not allow you to get to the NVR interface.
Click to expand...
I apologize, I thought I read through all my missed posts. Is this what you are asking for?
 

Attachments

T

Tic

Getting the hang of it
Joined
Sep 24, 2016
Messages
173
Reaction score
47
Location
Florida, USA
Bruce, I have Windows 10, the smallest iPhone, a Dahua 4-channel NVR and an ASUS RT-AX86U. I enabled OpenVPN in the router and have the corresponding client certificate installed on my iPhone and a No-IP DDNS account tied-in to my router. It ‘s been two years now and no issues watching my cameras via the phone so far EXCEPT having to re-validate my free DDNS from time to time.
 
You must log in or register to reply here.
Top