How to keep the VPN client running but be able to accept incoming connections over the WAN interface

mhy123152 · February 19, 2019, 3:23am

port forwards work fine when VPN not connected.
but port forwarding doesn't work when VPN client is active
I can not even access any port via static IP provided by my ISP when VPN connected

i use openconnect client

Any ideas?

vgaetera · February 19, 2019, 9:17am

fuller · February 19, 2019, 9:23am

forwardings are probably working, but your vpn-client system will use the vpn default-gateway (if connected) to answer the incoming connections and then
the connecting machine will not expect the answer from another ip address (your vpn gateway) and discard it (statefull firewall).

either you refrain from using a default gateway from the vpn or you look into the policy routing stuff.

dit_dah_dit · February 20, 2019, 7:14pm

I assume the OP has already found this, but just for reference here is the link to the index of VPN-related OpenWrt documents.

https://openwrt.org/docs/guide-user/services/vpn/overview

stangri · February 20, 2019, 11:19pm

https://github.com/stangri/openwrt_packages/blob/master/vpn-policy-routing/files/README.md#example-policies -- look for the OpenVPN server example.

rubenkku · March 2, 2019, 1:27pm

I got the same problem, as fuller explain, the response goes to vpn gateway, and come back to source from other ip.

What i did to solution that is to create unmanaged interface for the vpn, install luci-app-mwan3, configure the mwan3 so it have 2 wans, your main wan connected to internet and the wanb to be the vpn interface. Then configure a mwan3 rule to make connections coming from specific port or ip (your forwardings) to go out of by your wan interface, and not the vpn.