DD-WRT running VPN Client and Server at the same time?

5 posts / 0 new
Last post
Bigmaxy's picture
DD-WRT running VPN Client and Server at the same time?

Hi. I have setup the R7000 running 27261 (same results with earlier firmware too). 

I have configured the VPN Client to access PIA and it works fine.

I have configured the VPN Server so that I can access it remotely using my Android phone externally, no worries there if I have the VPN client disabled.


If I have the VPN client running and connected to PIA, the Android phone will timeout trying to make a connection. The log simply shows.

20150914 20:30:14 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20150914 20:30:14 N TLS Error: TLS handshake failed
20150914 20:30:14 SIGUSR1[soft tls-error] received client-instance restarting 
It doesn't matter which side of the router I try to connect to the VPN server, the above is over the WLAN as you can see, if I try externally, the same error and result occurs, except the log shows my external IP address.
Disabling the firewall makes no difference.
Any ideas? Is this possible?
Bigmaxy's picture
A person on another forum

A person on another forum mentioned just setting up at least a single IP address in the policy based routing field of the VPN Client settings.

This worked and I am now able to make a connection to the VPN Server while the VPN Client is connected.

Still some work to do on the routing internally but that got me past the first part of the hurdle.

sanju_cy's picture
Hello Bigmaxy,

Hello Bigmaxy,

Could you please tell us what sort of settings you have changed for running VPN client and VPN server at a time ? If you tell it would be very helpful for me to managing VPN Client and VPN Server over my R7000 Router.

I am also using DD-WRT revision 27261.


Bigmaxy's picture
Hi sanju_cy

Hi sanju_cy

Once I had both VPN Server and VPN client working separately, the solution was to go to the VPN client settings and add the following to the "policy based Routing" field. 

This configures the VPN client to only route that particular IP address.

Doing this allowed both functions to operate at the same time. It still did not do everything that I wanted so I've gone back to running the VPN client on a particular machine rather than the router for now.

Good luck

sareen.mani11's picture
Just to expand on Bigmaxy's

Just to expand on Bigmaxy's answer... PBR will make it work, but the question is what IPs to use in PBR?

The answer is - use all IPs you have configured for your LAN as well as VPN server (along with their netmasks).

So, for e.g. if you have two networks running like this: a:b:c:d/ and p:q:r:s/, and a VPN server running on v:x:y:z/, then include all these three ranges in the PBR policy. This way everything (including your LAN and VPN clients) will be routed throug through the PIA! Only your router itself will be cordoned off, which to me, is an acceptable solution.

It might be possible to even include the router by using its exact IP (without the netmask), but I haven't tested it yet.