OpenVPN Asus RT-AX86U does not work

BruceWayne007 said:
No, I do not see them. I do see them when direct connect but not via VPN.
Click to expand...

Hmmm... You should. They should be getting a DHCP address within whatever pool you have set up. That might just be something with how Asus shows them though. I remember that being kind of flaky sometimes.

Do you have anything other than the router that you can try to connect to within your network? Other than the NVR.
 
This is what it should look like. Check yours to see if it's similar.

Nothing connected via OpenVPN but VPN server verified as running.

1705548998868.png

Cell phone connected via OpenVPN through home network (WiFi) === VPN not needed when at home

1705549370663.png



Cell phone connect via OpenVPN through cell tower (WiFi turned off)

1705549156772.png
 
Last edited:
  • Like
Reactions: bigredfish and Mike A.
OK. It is clear your phone is connecting to the VPN service while local or remote. This is good because it confirms the VPN is working.

At this point, I think we can safely say it is NOT a VPN issue - especially if the NVR has a local address on the 192.168.1.X network. I still feel like it is an issue/security measure with the NVR itself. The "tunnel" network that the VPN service is creating is the 10.8.0.X network. The network address of 10.8.0.2 is the network address that your cell phone traffic is going to appear as coming from. This means that the NVR will see a request/data coming in from 10.8.0.2 and not a local address on the 192.168.1.X network. Again, if there is some security setting in the NVR that limits outside connections, that is likely what is preventing the phone from communicating with the NVR.

Long story short, I think we need to start looking into the NVR settings to see if we can solve the problem.
 
  • Like
Reactions: Mike A. and bigredfish
Agree
And because the IP of the device connected via VPN is being assigned an IP by the router of 10.8.0.x (verified) I wonder if he has under "security", his NVR Firewall/Network Access enabled. If he does and he has "trusted Sites" checked and has any entry there, it is limiting what can connect to the NVR. Anything else would be flat rejected and not allow you to get to the NVR interface.
 
Last edited:
  • Like
Reactions: Mike A.
The router shows the VPN address in that screen. The NVR doesn't see the 10.x.x.x address. From its perspective (and that of other local devices), he also should have a 192.168.x.x address on the internal network that's assigned by DHCP (could be static if you wanted but that's not been done here). That's what will be used locally beyond the router.

I'd agree that the issue likely is at the NVR but that's what I was trying to check when asking about seeing a local 192.168.x.x address and if any other local device could be accessed. You may be able to access the router since it has a direct path on the same device with the 10.x.x.x address. But if no local address and/or you can't hit anything else, then it's not getting a local 192.168.x.x address as it needs or otherwise isn't able to get out of the router. If you can access some other device, then that should be good and it must be the NVR itself or how you're trying to access it more specifically.

^ That's wrong.
 
Last edited:
NVR sees the 10.8.0.X user

loggedin-VPNuser.jpg vpn-loggedin.jpg

And if he has this enabled, and likely would have a local LAN IP there.....NVR would bounce anything else including the VPN user
Firewall-1.jpg
 
Last edited:
  • Like
Reactions: Mike A.
Yeah, I just looked at mine in BI and was coming back to correct that. And I think you're probably right about that as the reason.
 
  • Like
Reactions: bigredfish
Well, I thought I was right about the last 5 reasons so not holding my breath.... :lmao:
 
  • Haha
Reactions: Sybertiger and Mike A.
Mike A. said:
Yeah, I just looked at mine in BI and was coming back to correct that. And I think you're probably right about that as the reason.
Click to expand...
bigredfish said:
Well, I thought I was right about the last 5 reasons so not holding my breath.... :lmao:
Click to expand...
Thanks again for everyone's help.

Alrighty, I think we can agree the iPhone is connecting to my Asus Router using OpenVPN. Look at the circle with the key and the same circle with the blue dot. When I hover over the key circle I get a question mark and a box with Connected pops up. If I click on the key circle I get the Client status - 1 pop up.

I think we should pick apart the NVR configuration.
 

Attachments

  • VPN no z.jpg
    VPN no z.jpg
    22.3 KB · Views: 9
  • VPN yes z.jpg
    VPN yes z.jpg
    21.4 KB · Views: 9
  • VPN yes 2z.PNG
    VPN yes 2z.PNG
    18.7 KB · Views: 9
I am ready to pick apart the NVR configuration or try WireGuard VPN?

I have changed some of the NVR ports and I still cannot connect with OpenVPN.
 

Attachments

  • DMSS error.jpg
    DMSS error.jpg
    133.2 KB · Views: 2
Did you check the Firewall/security tab as mentioned above?
 
  • Like
Reactions: Mike A.
The Automation Guy said:
OK. It is clear your phone is connecting to the VPN service while local or remote. This is good because it confirms the VPN is working.

At this point, I think we can safely say it is NOT a VPN issue - especially if the NVR has a local address on the 192.168.1.X network. I still feel like it is an issue/security measure with the NVR itself. The "tunnel" network that the VPN service is creating is the 10.8.0.X network. The network address of 10.8.0.2 is the network address that your cell phone traffic is going to appear as coming from. This means that the NVR will see a request/data coming in from 10.8.0.2 and not a local address on the 192.168.1.X network. Again, if there is some security setting in the NVR that limits outside connections, that is likely what is preventing the phone from communicating with the NVR.

Long story short, I think we need to start looking into the NVR settings to see if we can solve the problem.
Click to expand...
bigredfish said:
Agree
And because the IP of the device connected via VPN is being assigned an IP by the router of 10.8.0.x (verified) I wonder if he has under "security", his NVR Firewall/Network Access enabled. If he does and he has "trusted Sites" checked and has any entry there, it is limiting what can connect to the NVR. Anything else would be flat rejected and not allow you to get to the NVR interface.
Click to expand...
I apologize, I thought I read through all my missed posts. Is this what you are asking for?
 

Attachments

  • NVR set sec.PNG
    NVR set sec.PNG
    45.8 KB · Views: 17
yes
 
Bruce, I have Windows 10, the smallest iPhone, a Dahua 4-channel NVR and an ASUS RT-AX86U. I enabled OpenVPN in the router and have the corresponding client certificate installed on my iPhone and a No-IP DDNS account tied-in to my router. It ‘s been two years now and no issues watching my cameras via the phone so far EXCEPT having to re-validate my free DDNS from time to time.
 
  • Like
Reactions: looney2ns and bigredfish
You must log in or register to reply here.
Top Bottom