May 16, 2021 at 3:43 pm #13355
I’ve enabled Open VPN on my AX86U and I have tried connecting to it from a remote location but didn’t quiet achieve what I wanted to achieve.
Basically AX86U (location1) and remote location(Location2) have the same IP range/subnet and although I set the VPN server up on Asus to be Lan only, it issues a IP address in the 10.8.0.x range and therefore by then entering in the IP of my ASUS router from Location2, it loads location2’s router GUI and not location1 routers GUI (ASUS).
I therefore assume, I would need to change Location2’s IP address range to be different from Location1 but how do I get the VPN to issue a IP address from Location1 network? so I can then enter in the ASUS routers IP and it takes me to the routers gui webpage whereby I can then login and do whatever I may need to, even if its just rebooting it.
Also, Is there any harm in adding a icon to the AX86U for the items on my network it has no icon for? for example a network switch? I found one on another forum but I’m a little weary of it potentially causing a issue when doing future firmware updates etc? I recall years and years ago, I changed the wallpaper at login of a windows PC, it was all great until a update ran and then it failed to load windows login due to the image I’d put as the background, was a right nightmare, think I ended up rebuilding as couldn’t access anything.
KevMay 16, 2021 at 3:45 pm #13356
oh BTW I setup OpenVPN, left everything as the default apart from choosing a username/pswd and choosing a port, all other options are standard, didn’t change any of them. I believe LAN only was default, not internet and lan.
KevMay 16, 2021 at 4:10 pm #13357
No harm in changing Icon, its your device
How are you connecting to your Open VPN on the AX86U ?
In a completely sane world, madness is the only freedom (J.G.Ballard).May 16, 2021 at 4:16 pm #13358
So i followed this guide: https://www.asus.com/support/FAQ/1008713/
and I was using a MAC in remote location so downloaded the .ovpn file and then installed Tunnelblick and imported cert and it connected (guide:https://www.asus.com/support/FAQ/1004472)
I think a couple of the screens looked a little different but basics was the same as the guides.
KevMay 16, 2021 at 4:31 pm #13359
Also, I forgot to say, atm I’ve left DDNS off and its effectively hard coded to my WAN IP address which will obviously change at some point but I did it as a test and hoped it didn’t drop connection :)
So as I have a NAS box, I’m using a ddns service for the nas box which has been working flawlessly for several years so my question is, can i simply change the client.ovpn file to say remote <ddns address> <port> instead of what it says now: remote <ip address> <port>?
Does anything need to change on the server side of the VPN? I presume not as the client file with have the ddns name in which points it to my actual IP and everything else is the same?
KevMay 16, 2021 at 5:00 pm #13360
Yep, unless your WAN IP address is a static one purchased from ISP, it will change
As you say, all details are via the client.ovpn file so changing <ddns address> should work, but is dependent on where/how the ddns service works for your NAS box.
Is NAS box located on your premises / home or remotely ?
Either way, give it a try, easier to find out the hard way,
In a completely sane world, madness is the only freedom (J.G.Ballard).May 16, 2021 at 5:12 pm #13361
hi, same place so shows same IP as router so should work, I’ll edit the file and try it :)
Any suggestions on how i can get vpn client to be given a IP on same network as ASUS router instead of 10.8.0.x?
KevMay 16, 2021 at 5:50 pm #13362
Check your client.ovpn file to see what dhcp-option is or simular ?
In a completely sane world, madness is the only freedom (J.G.Ballard).May 16, 2021 at 6:23 pm #13363
Just looked, no DHCP option listed….. it has cert and i set it to 2048 encryption.
KevMay 16, 2021 at 6:25 pm #13364vitt13Participant
- Posts 19
I’ve been using Open VPN on ASUS for years from me to my mom’s Router with no problems, here is what you need:
Router 1 and Router 2 mast have different LAN IPs example: 192.168.1.1 and the second 192.168.50.1 (it’s up to you), if you connect from OVPN app on Android or PC you can leave the same IPs because different IPs matter only if you connect from Router to Router,
some notes from my Server settings:
1. Protocol must be “UDP” if “TCP” no connection from Asus client is possible, in VPN client settings “UDP” “TCP” it doesn’t matter.
2. Server Port needs “443” for good security, default port 1194 is Open.
3. Firewall must be “External only”
4. HMAC Authentication must be “SHA 2” (SHA 256).
5. If Respond to DNS “Yes” no internet access is possible.
6. Compression needs “Disable” for good security
after generating .ovpn file open it (edit) with Text Document and change Router IP with your DDNS xxxxx..asuscomm.com or whatever you have…
Attachments:May 16, 2021 at 6:37 pm #13367
So on my router, the Server Port said “Choose a number between x and y, no “default port” mentioned so i chose a random number.
Firewall, I don’t see this in VPN settings?
HMAC, I have other options such as SHA 512, should I choose that as I presume better than 256? and I have some other options presumable better?
Respond to DNS I have set to No
i have push lan to client as Yes but i was still getting 10.8.0.x instead of same Ip range as LAN.
I’ll disable compression too thanks.
KevMay 16, 2021 at 6:52 pm #13368vitt13Participant
- Posts 19
Firewall was on old Routers, I had to set it to “External” otherwise no connection was possible, as I remember if Respond to DNS to Yes no connection was possible as well (at least for me), I tried Push lan to clients to Yes and no connection,
so what you see in my attachments is my working settings which I use every day
Edit: (Compression) https://community.openvpn.net/openvpn/wiki/VORACLE
CheersMay 16, 2021 at 7:26 pm #13371
- You must be logged in to reply to this topic.