VPN Setup

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #13355
    kev2021
    Participant
    • Posts 109
    • Regular

    Hi,

    I’ve enabled Open VPN on my AX86U and I have tried connecting to it from a remote location but didn’t quiet achieve what I wanted to achieve.

    Basically AX86U (location1) and remote location(Location2) have the same IP range/subnet and although I set the VPN server up on Asus to be Lan only, it issues a IP address in the 10.8.0.x range and therefore by then entering in the IP of my ASUS router from Location2, it loads location2’s router GUI and not location1 routers GUI (ASUS).

    I therefore assume, I would need to change Location2’s IP address range to be different from Location1 but how do I get the VPN to issue a IP address from Location1 network? so I can then enter in the ASUS routers IP and it takes me to the routers gui webpage whereby I can then login and do whatever I may need to, even if its just rebooting it.

    Also, Is there any harm in adding a icon to the AX86U for the items on my network it has no icon for? for example a network switch?  I found one on another forum but I’m a little weary of it potentially causing a issue when doing future firmware updates etc?  I recall years and years ago, I changed the wallpaper at login of a windows PC, it was all great until a update ran and then it failed to load windows login due to the image I’d put as the background, was a right nightmare, think I ended up rebuilding as couldn’t access anything.

    Thanks all

    Kev

    #13356
    kev2021
    Participant
    • Posts 109
    • Regular

    oh BTW I setup OpenVPN, left everything as the default apart from choosing a username/pswd and choosing a port, all other options are standard, didn’t change any of them.  I believe LAN only was default, not internet and lan.

    Thanks

    Kev

    #13357
    UK Sentinel
    Moderator
    • Posts 3644
    • Skipper

    No harm in changing Icon, its your device

    How are you connecting to your Open VPN on the AX86U ?

     

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #13358
    kev2021
    Participant
    • Posts 109
    • Regular

    Hi @UKSentinel

    So i followed this guide: https://www.asus.com/support/FAQ/1008713/

    and I was using a MAC in remote location so downloaded the .ovpn file and then installed Tunnelblick and imported cert and it connected (guide:https://www.asus.com/support/FAQ/1004472)

    I think a couple of the screens looked a little different but basics was the same as the guides.

    Thanks

    Kev

    #13359
    kev2021
    Participant
    • Posts 109
    • Regular

    Also, I forgot to say, atm I’ve left DDNS off and its effectively hard coded to my WAN IP address which will obviously change at some point but I did it as a test and hoped it didn’t drop connection :)

    So as I have a NAS box, I’m using a ddns service for the nas box which has been working flawlessly for several years so my question is, can i simply change the client.ovpn file to say remote <ddns address> <port> instead of what it says now: remote <ip address> <port>?

    Does anything need to change on the server side of the VPN? I presume not as the client file with have the ddns name in which points it to my actual IP and everything else is the same?

    Thanks

    Kev

    #13360
    UK Sentinel
    Moderator
    • Posts 3644
    • Skipper

    Yep, unless your WAN IP address is a static one purchased from ISP, it will change

    As you say, all details are via the client.ovpn file so changing <ddns address> should work, but is dependent on where/how the ddns service works for your NAS box.

    Is NAS box located on your premises / home or remotely ?

    Either way, give it a try, easier to find out the hard way,

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #13361
    kev2021
    Participant
    • Posts 109
    • Regular

    hi, same place so shows same IP as router so should work, I’ll edit the file and try it :)

    Any suggestions on how i can get vpn client to be given a IP on same network as ASUS router instead of 10.8.0.x?

    Thanks

    Kev

    #13362
    UK Sentinel
    Moderator
    • Posts 3644
    • Skipper

    Check your client.ovpn file to see what dhcp-option is or simular ?

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #13363
    kev2021
    Participant
    • Posts 109
    • Regular

    HI.

    Just looked, no DHCP option listed….. it has cert and i set it to 2048 encryption.

    Thanks

    Kev

    #13364
    vitt13
    Participant
    • Posts 19
    • Regular

    Hi @kev2021,

    I’ve been using Open VPN on ASUS for years from me to my mom’s Router with no problems, here is what you need:

    Router 1 and Router 2 mast have different LAN IPs example: 192.168.1.1 and the second 192.168.50.1 (it’s up to you), if you connect from OVPN app on Android or PC you can leave the same IPs because different IPs matter only if you connect from Router to Router,

    some notes from my Server settings:

    1. Protocol must be “UDP” if “TCP” no connection from Asus client is possible, in VPN client settings “UDP” “TCP” it doesn’t matter.
    2. Server Port needs “443” for good security, default port 1194 is Open.
    3. Firewall must be “External only”
    4. HMAC Authentication must be “SHA 2” (SHA 256).
    5. If Respond to DNS “Yes” no internet access is possible.
    6. Compression needs “Disable” for good security

    Very important:

    after generating .ovpn file open it (edit) with Text Document and change Router IP with your DDNS xxxxx..asuscomm.com or whatever you have…

     

     

    #13367
    kev2021
    Participant
    • Posts 109
    • Regular

    Thanks @vitt13.

    So on my router, the Server Port said “Choose a number between x and y, no “default port” mentioned so i chose a random number.

    Firewall, I don’t see this in VPN settings?

    HMAC, I have other options such as SHA 512, should I choose that as I presume better than 256? and I have some other options presumable better?

    Respond to DNS I have set to No

    i have push lan to client as Yes but i was still getting 10.8.0.x instead of same Ip range as LAN.

    I’ll disable compression too thanks.

    Kev

     

    #13368
    vitt13
    Participant
    • Posts 19
    • Regular

    Firewall was on old Routers, I had to set it to “External” otherwise no connection was possible, as I remember if Respond to DNS to Yes no connection was possible as well (at least for me), I tried Push lan to clients to Yes and no connection,

    so what you see in my attachments is my working settings which I use every day

    Edit: (Compression) https://community.openvpn.net/openvpn/wiki/VORACLE

     

    Cheers

    #13371
    kev2021
    Participant
    • Posts 109
    • Regular

    thanks @vitt13

    I’ve turned off the VPN for now as will be couple of weeks probably before I can re-test so I’ve turned it off for now but will apply those settings when i re-enable :)

    Kev

Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.