I have the asus DSL-N17U which i have used for it’s OpenVPN server feature. I can normally make a client make a connection to the router, but when i want to host a lan game (warcraft 3 for instance) the client cannot see the game in the lan lobby. I’m using windows 10 and the VPN server’s settings are TUN, UDP, 1194 port, I have enabled the PUSH LAN to clients and I’ve forwarded the port on the router, plus I added it as an exception on the windows firewall. I just started learning about VPNs and network connectivity, I could really use some guidance.
Thanks for everything in advance!
EDIT: There’s also an option “Direct clients to redirect Internet traffic”, should this be on?
LAN gaming is the one place that you might want to seriously consider using the OpenVPN bridged mode (tap) instead of (tun). Bridged mode doesn’t perform as well as tun mode speed wise, but it gives you a layer2 VPN that will send all the broadcast/multicast messages to all clients.
There’s also an option “Direct clients to redirect Internet traffic”, should this be on?
nope, this is only needed if you want all clients (even those not actually behind the router’s LAN) to appear as though they were connecting from your house.
2) did you enable the “client-to-client” option in your server configuration?
3) if you can, post your server .conf (feel free to blank out some informations of course)
It’s better to use TAP (bridge) mode than TUN mode (in your case). You can bridge OpenVPN TAP interface and LAN interface in your router, and OpenVPN clients will get their ips from router’s DHCP, and also will have same network subnet as your LAN, so even broadcast will function just fine. Then you can use ipv4, ipv6, even ipx and netbuei protocols if your games reqesting it.
Also, if you’re using OpenVPN just for gaming, you may consider to turn off crypto completely (cipher none) in order to get lower network latency due to lower CPU usage at your router.
Don’t forget to allow inter-client communication (add on server site client-to-client line in config file).
Interesting, will this let the clients connect to the lan network?
I dont know if i can find the server.conf on the asuswrt.But I can definitely show you the options that I have.http://i.imgur.com/xX5syhV.png As you may have noticed there is a space below that allows me to enter my custom configuration.
Now I’m having another problem, my computer’s IP 192.168.1.2 which is connected to the LAN physically(with ethernet) somehow cannot see the client’s as it could in the beginning. I’ve tried everything with the windows firewall (2 clients for example have 2 set static IP’s (because i want to forward some ports on them too based on their MAC address). I’m really at a loss, i would really appreciate it if you had any idea
Not entirely sure on that device. Depends on what it bridges to. Maybe.
I see. it’s pretty limited but as you said you can add custom configs.
so, where are the clients? all outside of your LAN? can they ping your W3 server machine? what’s the server machine IP in your LAN?
also, bonus question: do some of the cliends share the same network topology (as in, you both have a 192.168.0.0/24 network and a 192.168.0.1 gateway) as you? I’m asking because if they do, and you push your LAN, it’s likely they still use theirs to route the traffic.
PS: consider switching to TAP as /u/zoredache suggested.
You set up as TUN or TAP interface?
If as TAP, leave clients with dynamic ip and make an ip reservation on your router just you would make for your own lan PC’s.
If as TUN mode, also leave clients with dynamic ip, and add following line into your openvpn server configuration:
ifconfig-pool-persist ipp.txt
That way, your clients will get always the same IP address.
Why you’ll need port forward if you’re in same LAN?
[PROBLEM SOLVED BABY] http://i.imgur.com/lG1SjTU.png
At the bottom (almost) there is a “manage client-specific options”
if you toggle it you will find this http://i.imgur.com/5MbsCF6.png
Now all i got to do is decide-test tap vs tun
Thanks for everything everyone!
I noticed that when the client connects, he gets a local address based on the set vpn subnet but next to that assigned ip I’m seeing the client’s ip plus a random port(that i’m guessing it gets translated to the vpn one). The w3 server machine ip is 192.168.1.2.
Right now it’s TAP. As for the port forward, I wanted to leave the VPN server open so that my friends can also host lan games without problems. So i should leave all the clients on a dynamic ip address. I want to find a way so that my friends can also host a game.
But right now it’s just like my pc isn’t linked to the network
nice man, glad you managed to sort it out!
Now I’m having another problem, my computer’s IP 192.168.1.2 which is connected to the LAN physically(with ethernet) somehow cannot see the client’s as it could in the beginning. I’ve tried everything with the windows firewall (2 clients for example have 2 set static IP’s (because i want to forward some ports on them too based on their MAC address). I’m really at a loss, i would really appreciate it if you had any idea
Let’s see… which IP are they given? Can they ping each other?
hosts ip is 192.168.1.0
my pc ip which is isolated is 192.168.1.2
and 2 other clients that can see each other normally have 2 static ips 192.168.1.7 and 192.168.1.6
. Each client can’t ping one another
I meant the VPN IPs, those in the 10.8.0.0/24 subnet.
Also, can you clarify again what’s the network topology here? I assume your local PC is 192.168.1.2, your router is 192.168.1.1 and 10.8.0.1… what about the other clients? they’re outside of your LAN obviously, but what’s their LAN (I mean their home LAN) and VPN IP?
PS: tried rebooting the router? 