Asus RT-AC68R Stock firmware: Route Both Ways

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
wingsfan87
OpenVpn Newbie
Posts: 13
Joined: Mon Apr 11, 2016 2:36 am

Asus RT-AC68R Stock firmware: Route Both Ways

Post by wingsfan87 » Mon Apr 11, 2016 3:09 am

Background:
Setting up a site to site VPN using 2 x Asus RT-AC68R routers. Stock firmware (not Merlin's AsusWRT). Firmware version is 9.0.0.4.380.2695 (latest). Client and server subnet do not overlap. I can access everything (windows shares, server router page by IP in browser, rdp, etc) just fine from the client -> server but not vice versa (server ->client) I know this issue has been posted with others but I'm not sure I quite understand how they were successful in getting it to work. Especially since I'm not using DDWRT or Merlin's AsusWRT firmware. This is the closest that I could find to my issue topic19572.html however I still do not understand how to set up the client config when there is no option for a client or server config on the server. Only Allowed Clients and a single box called Custom Configuration which I'm assuming is where the server config can go?

Details:
Router 1 = VPN Server:192.168.2.1 Netmask: 255.255.255.0 Subnet 192.168.2.0/24
Router 2 =VPN Client IP: 192.168.3.1 Netmask: 255.255.255.0 Subnet 192.168.3.0/24
VPN Subnet = 10.8.0.0

Advanced Settings:
Interface Type: TUN
Protocol: UDP
Server Port: 1194
Firewall: Auto
Authorization Mode: TLS
Username / Password Auth. Only: No
Extra HMAC authorization: Disable
VPN Subnet / Netmask: 10.8.0.0 255.255.255.0
Poll Interval: 0
Push LAN to clients: Yes
Direct clients to redirect Internet traffic: No
Respond to DNS: Yes
Advertise DNS to clients: No
Encryption cipher: AES-256-CBC
Compression: Adaptive
TLS Renegotiation Time: -1
Manage Client-Specific Options: Yes
Allow Client <-> Client: Yes
Allow only specified clients: No

Allowed Clients
Username: xxx IP Address: 192.168.3.0 Subnet Mask: 255.255.255.0 Push: Yes

Any ideas how to get it to route from the Server side of the LAN to the Client side of the LAN?

Additional Notes:
Another detail when the client connects to the server it shows in the Connection Status box on the client router a yellow exclamation with IP/Routing conflict but everything still works fine from the Client -> Server side.

Routing table from the server gui shows
Destination Gateway Genmask Flags Metric Ref Use Type Iface
xxxxxxxxxx(my personal IP) * 255.255.255.255 UH 0 0 0 WAN0 eth0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun21
192.168.3.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
192.168.2.0 * 255.255.255.0 U 0 0 0 LAN br0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
xxxxxxxxxx(my personal IP subnet) * 255.255.254.0 U 0 0 0 WAN0 eth0
default xxxxxxxxxx(my personal IP) 0.0.0.0 UG 0 0 0 WAN0 eth0

Routing table from the client gui shows
Destination Gateway Genmask Flags Metric Ref Use Type Iface
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun15
xxxxxxxxxx(my personal IP) * 255.255.255.255 UH 0 0 0 WAN0 eth0
192.168.3.0 * 255.255.255.0 U 0 0 0 LAN br0
192.168.2.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun15
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun15
xxxxxxxxxx(my personal IP subnet) * 255.255.252.0 U 0 0 0 WAN0 eth0
default xxxxxxxxxx(my personal IP) 0.0.0.0 UG 0 0 0 WAN0 eth0

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Help Making OPENVPN Route Both Ways with Tun

Post by Traffic » Mon Apr 11, 2016 11:58 am

wingsfan87 wrote:I can access everything (windows shares, server router page by IP in browser, rdp, etc) just fine from the client -> server but not vice versa (server ->client)
This is the official HOWTO you need to read:
HOWTO: Expanding the scope of the VPN to include additional machines

Or you can opt for a simpler P2P mode --topology p2p which only allows for one client. (e.g your client router)

wingsfan87
OpenVpn Newbie
Posts: 13
Joined: Mon Apr 11, 2016 2:36 am

Re: Help Making OPENVPN Route Both Ways with Tun

Post by wingsfan87 » Mon Apr 11, 2016 1:42 pm

Hi

Thank you for the quick reply. I did read that already before posting this. But the issue is I have no idea how to update the client config file on the VPN server. The VPN server is on a router not a PC so I don't have a directory I can access. Also I am using stock Asus firmware and not Merlin's so I don't have extra jiffs options etc.

Any additional help is much appreciated.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Help Making OPENVPN Route Both Ways with Tun

Post by Traffic » Mon Apr 11, 2016 2:55 pm

wingsfan87 wrote:Setting up a site to site VPN using 2 x Asus RT-AC68R routers. Stock firmware (not Merlin's AsusWRT).
According to the Asus Manual your router does not support OpenVPN.

wingsfan87
OpenVpn Newbie
Posts: 13
Joined: Mon Apr 11, 2016 2:36 am

Re: Asus RT-AC68R Stock firmware: Route Both Ways

Post by wingsfan87 » Mon Apr 11, 2016 3:40 pm

That makes no sense as its included in the GUI of the router a PPTP VPN and Open VPN server/client.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Asus RT-AC68R Stock firmware: Route Both Ways

Post by Traffic » Mon Apr 11, 2016 5:22 pm

OK .. It is not documented in the manual .. unless you have a link you can post or a screenshot ..

wingsfan87
OpenVpn Newbie
Posts: 13
Joined: Mon Apr 11, 2016 2:36 am

Re: Asus RT-AC68R Stock firmware: Route Both Ways

Post by wingsfan87 » Mon Apr 11, 2016 5:49 pm

See this link for what the GUI looks for the Open VPN client on the router https://torguard.net/knowledgebase.php? ... cle&id=148

See this link for Manual for AC5300 that has same screens for RT-AC68 http://dlcdnet.asus.com/pub/ASUS/wirele ... 1454457378

See section 4.5 for VPN server shows you the option for VPN including PPTP and OpenVPN.

And below for the advanced settings screen for Open VPN on the Asus Router
Image

ekachaiz
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 19, 2017 8:20 am

Re: Help Making OPENVPN Route Both Ways with Tun

Post by ekachaiz » Wed Apr 19, 2017 4:30 pm

wingsfan87 wrote:Hi

Thank you for the quick reply. I did read that already before posting this. But the issue is I have no idea how to update the client config file on the VPN server. The VPN server is on a router not a PC so I don't have a directory I can access. Also I am using stock Asus firmware and not Merlin's so I don't have extra jiffs options etc.

Any additional help is much appreciated.

you can access the openvpn directory in your router by using telnet or ssh

wingsfan87
OpenVpn Newbie
Posts: 13
Joined: Mon Apr 11, 2016 2:36 am

Re: Asus RT-AC68R Stock firmware: Route Both Ways

Post by wingsfan87 » Fri Apr 21, 2017 2:08 am

Yeah I figured out how to get this working. See https://www.snbforums.com/threads/openvpn-server-cant-see-clients-lan-on-site-to-site-connection.24268/page-5#post-313576

Post Reply