VPN Setup

[kev2021]

Hi,

I’ve enabled Open VPN on my AX86U and I have tried connecting to it from a remote location but didn’t quiet achieve what I wanted to achieve.

Basically AX86U (location1) and remote location(Location2) have the same IP range/subnet and although I set the VPN server up on Asus to be Lan only, it issues a IP address in the 10.8.0.x range and therefore by then entering in the IP of my ASUS router from Location2, it loads location2’s router GUI and not location1 routers GUI (ASUS).

I therefore assume, I would need to change Location2’s IP address range to be different from Location1 but how do I get the VPN to issue a IP address from Location1 network? so I can then enter in the ASUS routers IP and it takes me to the routers gui webpage whereby I can then login and do whatever I may need to, even if its just rebooting it.

Also, Is there any harm in adding a icon to the AX86U for the items on my network it has no icon for? for example a network switch?  I found one on another forum but I’m a little weary of it potentially causing a issue when doing future firmware updates etc?  I recall years and years ago, I changed the wallpaper at login of a windows PC, it was all great until a update ran and then it failed to load windows login due to the image I’d put as the background, was a right nightmare, think I ended up rebuilding as couldn’t access anything.

Thanks all

Kev

Share the knowledge

You need to login in order to vote

[kev2021]

oh BTW I setup OpenVPN, left everything as the default apart from choosing a username/pswd and choosing a port, all other options are standard, didn’t change any of them.  I believe LAN only was default, not internet and lan.

Thanks

Kev

Share the knowledge

You need to login in order to vote

[UK Sentinel]

No harm in changing Icon, its your device

How are you connecting to your Open VPN on the AX86U ?

 

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[kev2021]

Hi @UKSentinel

So i followed this guide: https://www.asus.com/support/FAQ/1008713/

and I was using a MAC in remote location so downloaded the .ovpn file and then installed Tunnelblick and imported cert and it connected (guide:https://www.asus.com/support/FAQ/1004472)

I think a couple of the screens looked a little different but basics was the same as the guides.

Thanks

Kev

Share the knowledge

You need to login in order to vote

[kev2021]

Also, I forgot to say, atm I’ve left DDNS off and its effectively hard coded to my WAN IP address which will obviously change at some point but I did it as a test and hoped it didn’t drop connection :)

So as I have a NAS box, I’m using a ddns service for the nas box which has been working flawlessly for several years so my question is, can i simply change the client.ovpn file to say remote <ddns address> <port> instead of what it says now: remote <ip address> <port>?

Does anything need to change on the server side of the VPN? I presume not as the client file with have the ddns name in which points it to my actual IP and everything else is the same?

Thanks

Kev

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Yep, unless your WAN IP address is a static one purchased from ISP, it will change

As you say, all details are via the client.ovpn file so changing <ddns address> should work, but is dependent on where/how the ddns service works for your NAS box.

Is NAS box located on your premises / home or remotely ?

Either way, give it a try, easier to find out the hard way,

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[kev2021]

hi, same place so shows same IP as router so should work, I’ll edit the file and try it :)

Any suggestions on how i can get vpn client to be given a IP on same network as ASUS router instead of 10.8.0.x?

Thanks

Kev

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Check your client.ovpn file to see what dhcp-option is or simular ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[kev2021]

HI.

Just looked, no DHCP option listed….. it has cert and i set it to 2048 encryption.

Thanks

Kev

Share the knowledge

You need to login in order to vote

[vitt13]

Hi @kev2021,

I’ve been using Open VPN on ASUS for years from me to my mom’s Router with no problems, here is what you need:

Router 1 and Router 2 mast have different LAN IPs example: 192.168.1.1 and the second 192.168.50.1 (it’s up to you), if you connect from OVPN app on Android or PC you can leave the same IPs because different IPs matter only if you connect from Router to Router,

some notes from my Server settings:

1. Protocol must be “UDP” if “TCP” no connection from Asus client is possible, in VPN client settings “UDP” “TCP” it doesn’t matter.
2. Server Port needs “443” for good security, default port 1194 is Open.
3. Firewall must be “External only”
4. HMAC Authentication must be “SHA 2” (SHA 256).
5. If Respond to DNS “Yes” no internet access is possible.
6. Compression needs “Disable” for good security

Very important:

after generating .ovpn file open it (edit) with Text Document and change Router IP with your DDNS xxxxx..asuscomm.com or whatever you have…

 

 

Share the knowledge

Attachments:

1. 

   Open-VPN-Old-Routers.png
   

2. 

   Open-VPN-Modern-Routers.png
   

You need to login in order to vote

[kev2021]

Thanks @vitt13.

So on my router, the Server Port said “Choose a number between x and y, no “default port” mentioned so i chose a random number.

Firewall, I don’t see this in VPN settings?

HMAC, I have other options such as SHA 512, should I choose that as I presume better than 256? and I have some other options presumable better?

Respond to DNS I have set to No

i have push lan to client as Yes but i was still getting 10.8.0.x instead of same Ip range as LAN.

I’ll disable compression too thanks.

Kev

 

Share the knowledge

You need to login in order to vote

[vitt13]

Firewall was on old Routers, I had to set it to “External” otherwise no connection was possible, as I remember if Respond to DNS to Yes no connection was possible as well (at least for me), I tried Push lan to clients to Yes and no connection,

so what you see in my attachments is my working settings which I use every day

Edit: (Compression) https://community.openvpn.net/openvpn/wiki/VORACLE

 

Cheers

Share the knowledge

You need to login in order to vote

[kev2021]

thanks @vitt13

I’ve turned off the VPN for now as will be couple of weeks probably before I can re-test so I’ve turned it off for now but will apply those settings when i re-enable :)

Kev

Share the knowledge

You need to login in order to vote

[Author]

Posts