Need some help. I have both VPN Server and VPN Client running simultaneously on my router. When I connect remotely via the VPN Server, I can reach devices on the local network, but I can't access the USB drive that's attached directly to the router. If I turn off the VPN Client, I can access both the USB drive and all network devices without any issues. I’ve already tried all default settings, played around with MTU, but no luck. Any ideas where to dig next? Could it be related to routing, firewall rules, or policy-based routing conflicts?
What VPN are you using, WireGuard, OpenVPN, other?
Are you using Policy Based Routing? (Usually when running a concurrent VPN server and client it cannot work without)
I’m running WireGuard for both the VPN server (to allow remote access to my LAN) and the VPN client (to connect the router to my commercial VPN provider, Surfshark).
Policy Based Routing: Currently, I’m not using any policy-based routing. I tried to keep things simple and rely on the default WireGuard routing behavior. My goal was to have both the server and client run concurrently without additional PBR rules, but obviously there’s a conflict.
The main problem: when both the VPN server and VPN client are active, the USB storage attached to the router becomes inaccessible (while LAN devices are still reachable via VPN server connection). Disabling the VPN client restores full access to the USB drive.
You cannot run a concurrent VPN client and VPN server without some form of PBR (well there are exceptions e.g. if you port forward via your VPN client).
See my notes:
The Server setup guide has a paragraph about running a concurrent client and server, but also a lot of other information about a proper setup.
The above sounds strange, when a VPN client is active and has default route via the VPN you should not have access at all so not sure what is going on in your setup .
So if my notes will not get you going then it might help if we see your configs, in that case please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button
Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
cat /etc/config/pbr
service pbr restart
service pbr status
ip route show
ip -6 route show
ip route show table all
ip rule show
wg show
(post deleted by author)
(post deleted by author)
(post deleted by author)
(post deleted by author)
(post deleted by author)
(post deleted by author)
(post deleted by author)
Install proper Openwrt, or seek support over at gl.inet.
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
You may find that the best options are:
- Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
- Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
- Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
1 Like
Thank you.