OpenVPN On Asus Router

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
IcarusVPN
OpenVpn Newbie
Posts: 4
Joined: Sat Mar 19, 2016 3:14 am

OpenVPN On Asus Router

Postby IcarusVPN » Sat Mar 19, 2016 3:16 am

Hi,

I'm a total VPN noob so I apologize in advance for my stupid question(s)

I have a RT-AC66R

I set up OpenVPN on my router.

I am able to connect to it from another computer outside the network, however, I have an issue.

My local network where the openVPN server is running on the router has an ip of 192.168.x.x

When I connect to the network from another location, I get a n IP of 10.8.x.x

With that IP I can't access any of the resources on that network.

I tried to change the VPN subnet but it can't be the same as my local network.

How can I get OpenVPN to give me a local IP when I connect to it?

I'm just trying to get access to the network so I can use windows remote desktop to connect to PCs on the network.

Thanks for your help!

terrorfrog
OpenVPN User
Posts: 17
Joined: Fri Mar 02, 2012 2:40 am

Re: OpenVPN On Asus Router

Postby terrorfrog » Mon Mar 21, 2016 1:26 am

First of you could do that with TAP adapter instead of tun, however i strongly object that for various reasons

with tun you make a rounting network which means

you have your lan like 192.168.0.x
you have your openvpn server network like 10.10.10.x

now any client connecting to openvpn gets the 10.10.10.x adress
no big deal you just route to your home network.
place in serverconfig

Code: Select all

push route 192.168.0.0 255.255.255.0
route 10.10.10.0 255.255.255.0


that will tell the router to defautl route anything for openvpn network to openvpn
and it will push the route to your local network to the client

since all your local lan client have the asus as their default gateway they will always go to asus first in attemp to reach the 10.. network. asus now knows where to put it because openvpn create an own virtual adapter on the router and with the route command it adds the adapter to the routing table of asus.
so he will know next hop for 10xxx network is that virtual adapter

same other way around. with pushing route to 192 to the client he now has 3 routes
one is default gateway one is 10x and one is 192.... he will try for anythign other then inthe routing tabel to reach defautl gateway
so all 10x and 192x adressed request will go to the virtual adapter of openvpn and redirector to the openvpn server who will redirect it to the router

IcarusVPN
OpenVpn Newbie
Posts: 4
Joined: Sat Mar 19, 2016 3:14 am

Re: OpenVPN On Asus Router

Postby IcarusVPN » Mon Mar 21, 2016 10:01 pm

Thank you so much for your answer!

I understand a little bit from reading that TUN is preferred over TAP in some cases. Basically, I'm just trying to get on my network so I can access the workstations via tightVNC viewer.

I had been trying the set up via TUN settings but it didn't work. It only occured to me that Asus had a TAP option. Once I set that, everything worked.

However, do you think I should try to get TUN to work? I know you said you strongly object to TAP

My concern is just to be as safe as possible when accessing workstations via TighVNC.

terrorfrog
OpenVPN User
Posts: 17
Joined: Fri Mar 02, 2012 2:40 am

Re: OpenVPN On Asus Router

Postby terrorfrog » Tue Mar 22, 2016 12:55 am

definetly go and make tun work
the 2 lines config should do the trick

tun is actually pretty easy, even tap SEEMS easier at start.

Tap is a real problem in my view.tap is a bridge, that means that it is indeed like you connect a local workstation ot your network.
however this brings many problems with it.

with bridging you get all the beautiful ethernet traffic, not only IP but everything.
this brings problems. from slowing down the vpn with garbage till issues on your switches (depending what you have)

not to mention all the broadcastyou dont want or need.
routing is much cleaner and has some additional benefits which might not important for you right now but for example

the real problem arrive once your vpn connetion runs over bad lines, it can easly addup fragementation, it can make problems in your lan with fragmented packages from your vpn line and so on.


TAP is really a speciall purpose thing if you really know WHY you want it.
if you dont have a reason other than i cant get tun to work then dont.


beside tap adapter have notorious issues driver wise.

go for tun and learn a thing or 2 about routing, youll need it at somepoint anyway.

IcarusVPN
OpenVpn Newbie
Posts: 4
Joined: Sat Mar 19, 2016 3:14 am

Re: OpenVPN On Asus Router

Postby IcarusVPN » Tue Mar 22, 2016 1:04 am

Ok. I'll def try to make it work later this evening.

Appreciate the help!

One last thing:
My settings will look like this with your two lines in the little box at the bottom?

Image

terrorfrog
OpenVPN User
Posts: 17
Joined: Fri Mar 02, 2012 2:40 am

Re: OpenVPN On Asus Router

Postby terrorfrog » Wed Mar 23, 2016 1:48 am

im not really familiar with asus implementation of that interface.

in theory you may nto even need those options since the menue said push local lan to the client
so it should work out of the box

but if you need to set it you need to set

Code: Select all

route 10.8.0.0 255.255.255.0


but highly possibel asus does that, you may wanna check your routing table after vpn server is started
it should show you the 10.8.0.0 network on that tun adapter


i would activate extra hmac authentication

it would also be interresting what it means with manage client specific settings.

btw, if you use a tun adapter you NEED to execute the openvpn client with administrator rights.
otherweise it can set your routes you need in windows.

if it doenst work make a

Code: Select all

netstat -r
on your client plus a traceroute to your router and vice versa and post results

brazilwolf
OpenVpn Newbie
Posts: 1
Joined: Tue Oct 04, 2016 12:26 am

Re: OpenVPN On Asus Router

Postby brazilwolf » Tue Oct 04, 2016 12:43 am

I have tried to follow the instructions given here, but it is not working to set up my Asus RT-N66U router. When I apply the settings on the router, I get the following error message:

Routing conflict!
Please check the client's IP address settings from the Advanced Settings page or check the routing table on System log.

The Custom Configuration is set up as follows:

push route 192.168.2.0 255.255.255.0
route 10.8.0.0 255.255.255.0

If I change the command from route 10.8.0.0 255.255.255.0 to route 10.8.0.1 255.255.255.0, the router will create the configuration file. However, since this is not how you suggested doing it, I was wondering if this is okay.

IcarusVPN
OpenVpn Newbie
Posts: 4
Joined: Sat Mar 19, 2016 3:14 am

Re: OpenVPN On Asus Router

Postby IcarusVPN » Tue Oct 04, 2016 1:06 am

I did not end up needing any of those extras.
I used the general settings and it worked. I also use it with TightVNC to connect from anywhere.

djwakz
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 21, 2016 3:32 pm

Re: OpenVPN On Asus Router

Postby djwakz » Mon Nov 21, 2016 3:36 pm

Hi IcarusVPN,

were you able to get your VPN to connect and see your local network computers via TUN? or did you set it up as TAP


thanks in advance

gleckert
OpenVpn Newbie
Posts: 2
Joined: Thu Feb 16, 2017 12:30 am

Re: OpenVPN On Asus Router

Postby gleckert » Thu Feb 16, 2017 12:37 am

Hi, I too am having some problems getting this working properly. I have two ASUS RT AC5300 routers, At different locations. I have an IP Office and two IP phones. I created an OpenVPN tunnel between the two locations by configuring the router where the phones are as a client, and the router with the IP Office as the server. The phones can see the IP Office and register, but no voice traffic (dial-tones or speech) work from the phones. They do work when they are connected locally however. Is there something I need to add to the configuration to get this to work? The main network is 192.168.1.0/24 and the Remote office is 192.168.50.0/24. Here is a screenshot of the serving router's OpenVPN configuration:

Image

zYx
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 21, 2016 10:55 pm

Re: OpenVPN On Asus Router

Postby zYx » Sun Feb 26, 2017 6:30 pm

Hey gleckert, did you get it sorted? I've been facing this issue...

Stever11
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 01, 2017 4:03 pm

Re: OpenVPN On Asus Router

Postby Stever11 » Wed Mar 01, 2017 4:10 pm

Hi terrorfrog,

I got this working with 2 Tomato routers connecting using tun. Works after entering the push and route on the server side.

I have a question. I can ping my computers on the server side from the client side but I can't ping the client side from the server side.

Is there a new route I can add to the server router for it to ping the client side?

Server side subnet is 192.168.0.0 and the client side is 10.0.0.0

Thanks,

Stever11

terrorfrog wrote:definetly go and make tun work
the 2 lines config should do the trick

tun is actually pretty easy, even tap SEEMS easier at start.

Tap is a real problem in my view.tap is a bridge, that means that it is indeed like you connect a local workstation ot your network.
however this brings many problems with it.

with bridging you get all the beautiful ethernet traffic, not only IP but everything.
this brings problems. from slowing down the vpn with garbage till issues on your switches (depending what you have)

not to mention all the broadcastyou dont want or need.
routing is much cleaner and has some additional benefits which might not important for you right now but for example

the real problem arrive once your vpn connetion runs over bad lines, it can easly addup fragementation, it can make problems in your lan with fragmented packages from your vpn line and so on.


TAP is really a speciall purpose thing if you really know WHY you want it.
if you dont have a reason other than i cant get tun to work then dont.


beside tap adapter have notorious issues driver wise.

go for tun and learn a thing or 2 about routing, youll need it at somepoint anyway.

aabs
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 15, 2017 8:58 pm

Re: OpenVPN On Asus Router

Postby aabs » Thu Jun 15, 2017 9:07 pm

I have exact same issue as OP.
Using Asus DSL-AC88U router OpenVPN.

Connect without issue from WAN to my OpenVPN server and can see the client connected WHEN viewing the router gui from a PC on the LAN.

However I cannot browse my LAN when using OpenVPN from WAN.

Spent days trying to resolve this and ended here.

VPN subnet 10.0.8.0
LAN subnet 192.168.2.0

Client shows connected to OpenVPN with ip 10.0.8.2

hope someone can help as all out of ideas at the moment


Return to “Configuration”

Who is online

Users browsing this forum: bestivo and 4 guests