OpenVPN On Asus Router
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Mar 19, 2016 3:14 am
OpenVPN On Asus Router
Hi,
I'm a total VPN noob so I apologize in advance for my stupid question(s)
I have a RT-AC66R
I set up OpenVPN on my router.
I am able to connect to it from another computer outside the network, however, I have an issue.
My local network where the openVPN server is running on the router has an ip of 192.168.x.x
When I connect to the network from another location, I get a n IP of 10.8.x.x
With that IP I can't access any of the resources on that network.
I tried to change the VPN subnet but it can't be the same as my local network.
How can I get OpenVPN to give me a local IP when I connect to it?
I'm just trying to get access to the network so I can use windows remote desktop to connect to PCs on the network.
Thanks for your help!
I'm a total VPN noob so I apologize in advance for my stupid question(s)
I have a RT-AC66R
I set up OpenVPN on my router.
I am able to connect to it from another computer outside the network, however, I have an issue.
My local network where the openVPN server is running on the router has an ip of 192.168.x.x
When I connect to the network from another location, I get a n IP of 10.8.x.x
With that IP I can't access any of the resources on that network.
I tried to change the VPN subnet but it can't be the same as my local network.
How can I get OpenVPN to give me a local IP when I connect to it?
I'm just trying to get access to the network so I can use windows remote desktop to connect to PCs on the network.
Thanks for your help!
-
- OpenVpn Newbie
- Posts: 17
- Joined: Fri Mar 02, 2012 2:40 am
Re: OpenVPN On Asus Router
First of you could do that with TAP adapter instead of tun, however i strongly object that for various reasons
with tun you make a rounting network which means
you have your lan like 192.168.0.x
you have your openvpn server network like 10.10.10.x
now any client connecting to openvpn gets the 10.10.10.x adress
no big deal you just route to your home network.
place in serverconfig
that will tell the router to defautl route anything for openvpn network to openvpn
and it will push the route to your local network to the client
since all your local lan client have the asus as their default gateway they will always go to asus first in attemp to reach the 10.. network. asus now knows where to put it because openvpn create an own virtual adapter on the router and with the route command it adds the adapter to the routing table of asus.
so he will know next hop for 10xxx network is that virtual adapter
same other way around. with pushing route to 192 to the client he now has 3 routes
one is default gateway one is 10x and one is 192.... he will try for anythign other then inthe routing tabel to reach defautl gateway
so all 10x and 192x adressed request will go to the virtual adapter of openvpn and redirector to the openvpn server who will redirect it to the router
with tun you make a rounting network which means
you have your lan like 192.168.0.x
you have your openvpn server network like 10.10.10.x
now any client connecting to openvpn gets the 10.10.10.x adress
no big deal you just route to your home network.
place in serverconfig
Code: Select all
push route 192.168.0.0 255.255.255.0
route 10.10.10.0 255.255.255.0
and it will push the route to your local network to the client
since all your local lan client have the asus as their default gateway they will always go to asus first in attemp to reach the 10.. network. asus now knows where to put it because openvpn create an own virtual adapter on the router and with the route command it adds the adapter to the routing table of asus.
so he will know next hop for 10xxx network is that virtual adapter
same other way around. with pushing route to 192 to the client he now has 3 routes
one is default gateway one is 10x and one is 192.... he will try for anythign other then inthe routing tabel to reach defautl gateway
so all 10x and 192x adressed request will go to the virtual adapter of openvpn and redirector to the openvpn server who will redirect it to the router
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Mar 19, 2016 3:14 am
Re: OpenVPN On Asus Router
Thank you so much for your answer!
I understand a little bit from reading that TUN is preferred over TAP in some cases. Basically, I'm just trying to get on my network so I can access the workstations via tightVNC viewer.
I had been trying the set up via TUN settings but it didn't work. It only occured to me that Asus had a TAP option. Once I set that, everything worked.
However, do you think I should try to get TUN to work? I know you said you strongly object to TAP
My concern is just to be as safe as possible when accessing workstations via TighVNC.
I understand a little bit from reading that TUN is preferred over TAP in some cases. Basically, I'm just trying to get on my network so I can access the workstations via tightVNC viewer.
I had been trying the set up via TUN settings but it didn't work. It only occured to me that Asus had a TAP option. Once I set that, everything worked.
However, do you think I should try to get TUN to work? I know you said you strongly object to TAP
My concern is just to be as safe as possible when accessing workstations via TighVNC.
-
- OpenVpn Newbie
- Posts: 17
- Joined: Fri Mar 02, 2012 2:40 am
Re: OpenVPN On Asus Router
definetly go and make tun work
the 2 lines config should do the trick
tun is actually pretty easy, even tap SEEMS easier at start.
Tap is a real problem in my view.tap is a bridge, that means that it is indeed like you connect a local workstation ot your network.
however this brings many problems with it.
with bridging you get all the beautiful ethernet traffic, not only IP but everything.
this brings problems. from slowing down the vpn with garbage till issues on your switches (depending what you have)
not to mention all the broadcastyou dont want or need.
routing is much cleaner and has some additional benefits which might not important for you right now but for example
the real problem arrive once your vpn connetion runs over bad lines, it can easly addup fragementation, it can make problems in your lan with fragmented packages from your vpn line and so on.
TAP is really a speciall purpose thing if you really know WHY you want it.
if you dont have a reason other than i cant get tun to work then dont.
beside tap adapter have notorious issues driver wise.
go for tun and learn a thing or 2 about routing, youll need it at somepoint anyway.
the 2 lines config should do the trick
tun is actually pretty easy, even tap SEEMS easier at start.
Tap is a real problem in my view.tap is a bridge, that means that it is indeed like you connect a local workstation ot your network.
however this brings many problems with it.
with bridging you get all the beautiful ethernet traffic, not only IP but everything.
this brings problems. from slowing down the vpn with garbage till issues on your switches (depending what you have)
not to mention all the broadcastyou dont want or need.
routing is much cleaner and has some additional benefits which might not important for you right now but for example
the real problem arrive once your vpn connetion runs over bad lines, it can easly addup fragementation, it can make problems in your lan with fragmented packages from your vpn line and so on.
TAP is really a speciall purpose thing if you really know WHY you want it.
if you dont have a reason other than i cant get tun to work then dont.
beside tap adapter have notorious issues driver wise.
go for tun and learn a thing or 2 about routing, youll need it at somepoint anyway.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Mar 19, 2016 3:14 am
Re: OpenVPN On Asus Router
Ok. I'll def try to make it work later this evening.
Appreciate the help!
One last thing:
My settings will look like this with your two lines in the little box at the bottom?
Appreciate the help!
One last thing:
My settings will look like this with your two lines in the little box at the bottom?
-
- OpenVpn Newbie
- Posts: 17
- Joined: Fri Mar 02, 2012 2:40 am
Re: OpenVPN On Asus Router
im not really familiar with asus implementation of that interface.
in theory you may nto even need those options since the menue said push local lan to the client
so it should work out of the box
but if you need to set it you need to set
but highly possibel asus does that, you may wanna check your routing table after vpn server is started
it should show you the 10.8.0.0 network on that tun adapter
i would activate extra hmac authentication
it would also be interresting what it means with manage client specific settings.
btw, if you use a tun adapter you NEED to execute the openvpn client with administrator rights.
otherweise it can set your routes you need in windows.
if it doenst work make a on your client plus a traceroute to your router and vice versa and post results
in theory you may nto even need those options since the menue said push local lan to the client
so it should work out of the box
but if you need to set it you need to set
Code: Select all
route 10.8.0.0 255.255.255.0
it should show you the 10.8.0.0 network on that tun adapter
i would activate extra hmac authentication
it would also be interresting what it means with manage client specific settings.
btw, if you use a tun adapter you NEED to execute the openvpn client with administrator rights.
otherweise it can set your routes you need in windows.
if it doenst work make a
Code: Select all
netstat -r
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Oct 04, 2016 12:26 am
Re: OpenVPN On Asus Router
I have tried to follow the instructions given here, but it is not working to set up my Asus RT-N66U router. When I apply the settings on the router, I get the following error message:
Routing conflict!
Please check the client's IP address settings from the Advanced Settings page or check the routing table on System log.
The Custom Configuration is set up as follows:
push route 192.168.2.0 255.255.255.0
route 10.8.0.0 255.255.255.0
If I change the command from route 10.8.0.0 255.255.255.0 to route 10.8.0.1 255.255.255.0, the router will create the configuration file. However, since this is not how you suggested doing it, I was wondering if this is okay.
Routing conflict!
Please check the client's IP address settings from the Advanced Settings page or check the routing table on System log.
The Custom Configuration is set up as follows:
push route 192.168.2.0 255.255.255.0
route 10.8.0.0 255.255.255.0
If I change the command from route 10.8.0.0 255.255.255.0 to route 10.8.0.1 255.255.255.0, the router will create the configuration file. However, since this is not how you suggested doing it, I was wondering if this is okay.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Mar 19, 2016 3:14 am
Re: OpenVPN On Asus Router
I did not end up needing any of those extras.
I used the general settings and it worked. I also use it with TightVNC to connect from anywhere.
I used the general settings and it worked. I also use it with TightVNC to connect from anywhere.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Nov 21, 2016 3:32 pm
Re: OpenVPN On Asus Router
Hi IcarusVPN,
were you able to get your VPN to connect and see your local network computers via TUN? or did you set it up as TAP
thanks in advance
were you able to get your VPN to connect and see your local network computers via TUN? or did you set it up as TAP
thanks in advance
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Feb 16, 2017 12:30 am
Re: OpenVPN On Asus Router
Hi, I too am having some problems getting this working properly. I have two ASUS RT AC5300 routers, At different locations. I have an IP Office and two IP phones. I created an OpenVPN tunnel between the two locations by configuring the router where the phones are as a client, and the router with the IP Office as the server. The phones can see the IP Office and register, but no voice traffic (dial-tones or speech) work from the phones. They do work when they are connected locally however. Is there something I need to add to the configuration to get this to work? The main network is 192.168.1.0/24 and the Remote office is 192.168.50.0/24. Here is a screenshot of the serving router's OpenVPN configuration:
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 21, 2016 10:55 pm
Re: OpenVPN On Asus Router
Hey gleckert, did you get it sorted? I've been facing this issue...
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Mar 01, 2017 4:03 pm
Re: OpenVPN On Asus Router
Hi terrorfrog,
I got this working with 2 Tomato routers connecting using tun. Works after entering the push and route on the server side.
I have a question. I can ping my computers on the server side from the client side but I can't ping the client side from the server side.
Is there a new route I can add to the server router for it to ping the client side?
Server side subnet is 192.168.0.0 and the client side is 10.0.0.0
Thanks,
Stever11
I got this working with 2 Tomato routers connecting using tun. Works after entering the push and route on the server side.
I have a question. I can ping my computers on the server side from the client side but I can't ping the client side from the server side.
Is there a new route I can add to the server router for it to ping the client side?
Server side subnet is 192.168.0.0 and the client side is 10.0.0.0
Thanks,
Stever11
terrorfrog wrote:definetly go and make tun work
the 2 lines config should do the trick
tun is actually pretty easy, even tap SEEMS easier at start.
Tap is a real problem in my view.tap is a bridge, that means that it is indeed like you connect a local workstation ot your network.
however this brings many problems with it.
with bridging you get all the beautiful ethernet traffic, not only IP but everything.
this brings problems. from slowing down the vpn with garbage till issues on your switches (depending what you have)
not to mention all the broadcastyou dont want or need.
routing is much cleaner and has some additional benefits which might not important for you right now but for example
the real problem arrive once your vpn connetion runs over bad lines, it can easly addup fragementation, it can make problems in your lan with fragmented packages from your vpn line and so on.
TAP is really a speciall purpose thing if you really know WHY you want it.
if you dont have a reason other than i cant get tun to work then dont.
beside tap adapter have notorious issues driver wise.
go for tun and learn a thing or 2 about routing, youll need it at somepoint anyway.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 15, 2017 8:58 pm
Re: OpenVPN On Asus Router
I have exact same issue as OP.
Using Asus DSL-AC88U router OpenVPN.
Connect without issue from WAN to my OpenVPN server and can see the client connected WHEN viewing the router gui from a PC on the LAN.
However I cannot browse my LAN when using OpenVPN from WAN.
Spent days trying to resolve this and ended here.
VPN subnet 10.0.8.0
LAN subnet 192.168.2.0
Client shows connected to OpenVPN with ip 10.0.8.2
hope someone can help as all out of ideas at the moment
Using Asus DSL-AC88U router OpenVPN.
Connect without issue from WAN to my OpenVPN server and can see the client connected WHEN viewing the router gui from a PC on the LAN.
However I cannot browse my LAN when using OpenVPN from WAN.
Spent days trying to resolve this and ended here.
VPN subnet 10.0.8.0
LAN subnet 192.168.2.0
Client shows connected to OpenVPN with ip 10.0.8.2
hope someone can help as all out of ideas at the moment
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jul 27, 2017 8:42 am
Re: OpenVPN On Asus Router
I've aded to Asus advanced config field:
client-to-client
topology subnet
client-config-dir /jffs/openvpn/conf/
route 192.168.88.0 255.255.255.0
and created /jffs/openvpn/conf/DEFAULT
with entry
iroute 192.168.88.0 255.255.255.0
to add routing inside OVPN
P.S. I'm not shure if /jffs/openvpn/conf/DEFAULT will remain after router reboot
Also route 192.168.88.0 255.255.255.0 did not allways work, but if i configre route manually thought terminal everything works.
client-to-client
topology subnet
client-config-dir /jffs/openvpn/conf/
route 192.168.88.0 255.255.255.0
and created /jffs/openvpn/conf/DEFAULT
with entry
iroute 192.168.88.0 255.255.255.0
to add routing inside OVPN
P.S. I'm not shure if /jffs/openvpn/conf/DEFAULT will remain after router reboot
Also route 192.168.88.0 255.255.255.0 did not allways work, but if i configre route manually thought terminal everything works.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jul 27, 2017 8:42 am
Re: OpenVPN On Asus Router
Update:
/jffs/openvpn/conf/DEFAULT - did not vanish after reboot
route 192.168.88.0 255.255.255.0 -> route 192.168.88.0 255.255.255.0 10.1.1.2
10.1.1.2 - ip address of ovpn client
/jffs/openvpn/conf/DEFAULT - did not vanish after reboot
route 192.168.88.0 255.255.255.0 -> route 192.168.88.0 255.255.255.0 10.1.1.2
10.1.1.2 - ip address of ovpn client
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jul 27, 2017 8:42 am
Re: OpenVPN On Asus Router
UPD:
there was a problem - when a new user connected to the server he used DEFAULT config and the iroute was pointed on the new user, and the old one was without the network, so I had to distinguish users by the certificate.
In Asus certificates are kept in /jffs/openvpn/ directory I've made copies of CA and the key and used them to generate unique certificates for each user with following commands:
openssl genrsa -out user2.key 2048
openssl req -new -subj "/C=RU/ST=City/L=region/O=org/CN=user2" -key user2.key -out user2.csr
openssl x509 -req -in user2.csr -CA vpn_crt_server1_ca -CAkey vpn_crt_server1_ca_key -CAcreateserial -out user2.crt -days 21360
and created for each user in client-config-dir /jffs/openvpn/conf/ file, containing individual options.(iroute, push and etc)
there was a problem - when a new user connected to the server he used DEFAULT config and the iroute was pointed on the new user, and the old one was without the network, so I had to distinguish users by the certificate.
In Asus certificates are kept in /jffs/openvpn/ directory I've made copies of CA and the key and used them to generate unique certificates for each user with following commands:
openssl genrsa -out user2.key 2048
openssl req -new -subj "/C=RU/ST=City/L=region/O=org/CN=user2" -key user2.key -out user2.csr
openssl x509 -req -in user2.csr -CA vpn_crt_server1_ca -CAkey vpn_crt_server1_ca_key -CAcreateserial -out user2.crt -days 21360
and created for each user in client-config-dir /jffs/openvpn/conf/ file, containing individual options.(iroute, push and etc)
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Aug 29, 2017 6:49 pm
Re: OpenVPN On Asus Router
Hi All,
quick question on OpenVPN server config - kinda related to this thread:
- how to configure advance settings in order to allow traffic to LAN only w/o access to WAN
What I'm trying to achieve is to build tunnel to my home network with external drive plugged onto router for few friends however I'd rather not give them access to internet.
Any ideas?
quick question on OpenVPN server config - kinda related to this thread:
- how to configure advance settings in order to allow traffic to LAN only w/o access to WAN
What I'm trying to achieve is to build tunnel to my home network with external drive plugged onto router for few friends however I'd rather not give them access to internet.
Any ideas?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Jan 06, 2018 1:15 pm
Re: OpenVPN On Asus Router
Hello!
I have a Asus RT-AC66U running OpenVPN and with either a Win-PC or an iOS device I would like to access my device that are connected locally on the network. If I change from TUN to TAP it works on the PC but iOS does not support TAP so its not a viable solution.
I have followed the different suggestions from the thread above and other places, including creating the jffs/openvpn/conf/DEFAULT on the router without any success. The closest I have gotten to a working solution is to being able to ping the VPN-server.
I'm lost at what to do in order to get it to work and ANY help is gratefully appreciated!
I have a Asus RT-AC66U running OpenVPN and with either a Win-PC or an iOS device I would like to access my device that are connected locally on the network. If I change from TUN to TAP it works on the PC but iOS does not support TAP so its not a viable solution.
I have followed the different suggestions from the thread above and other places, including creating the jffs/openvpn/conf/DEFAULT on the router without any success. The closest I have gotten to a working solution is to being able to ping the VPN-server.
I'm lost at what to do in order to get it to work and ANY help is gratefully appreciated!
-
- OpenVpn Newbie
- Posts: 3
- Joined: Sun Jun 17, 2018 6:38 pm
Re: OpenVPN On Asus Router
I know that this is old question, but maybe someone else will be directed here to find similar solution, so I will post this anyway.detalone wrote: ↑Tue Aug 29, 2017 6:53 pmHi All,
quick question on OpenVPN server config - kinda related to this thread:
- how to configure advance settings in order to allow traffic to LAN only w/o access to WAN
What I'm trying to achieve is to build tunnel to my home network with external drive plugged onto router for few friends however I'd rather not give them access to internet.
Any ideas?
Push LAN to clients: YES
it will allow to access shared folders & drives within primary (original) LAN
Direct clients to redirect internet traffic: NO
Remote clients will be using its own connection/WAN for internet (all external IPs & DNS will be from client's machine)
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Dec 31, 2018 8:57 am
Re: OpenVPN On Asus Router
Hi everyone
I'm using OpenVPN TAP server on my Asus RT-AC86U.
Everything works perfect except one thing.
I can't Connect to the router GUI from LAN to LAN
If I'm using 4g from My cellphone then I'm able to log into Asus router GUI.
But never from WIFI connection from any other location
From both LAN outside my OpenVPN server and 4g cellular I can connect to everything on the servers LAN
Can anyone give me a hint?
--------edit---------
Nothing works LAN to another LAN. Both LAN's using same DHCP spann. 192.168.1.1-192.168.1.254
Is there any solution for that kind of behaviour with OpenVPN TAP???
Thanks
I'm using OpenVPN TAP server on my Asus RT-AC86U.
Everything works perfect except one thing.
I can't Connect to the router GUI from LAN to LAN
If I'm using 4g from My cellphone then I'm able to log into Asus router GUI.
But never from WIFI connection from any other location
From both LAN outside my OpenVPN server and 4g cellular I can connect to everything on the servers LAN
Can anyone give me a hint?
--------edit---------
Nothing works LAN to another LAN. Both LAN's using same DHCP spann. 192.168.1.1-192.168.1.254
Is there any solution for that kind of behaviour with OpenVPN TAP???
Thanks