What's new

Asus AC68U (Merlin) With OpenVPN Connection + Custom DNS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Penguinapple1

Occasional Visitor
Hello,
I have just bought an AC-68U and installed merlin firmware on it. I have set up my VPN connection through OpenVPN Client and have created the VPN connection to have certain policy rules so that my 3 devices connect to the VPN and the rest of my devices on my network do not connect to the VPN. I would like to know if there is a way to have my 3 devices which will be connected to the VPN also be able to use custom DNS addresses (inputted into the router and not on a device level) that the rest of the network will not be using. The reason why I want to do this is because I want to use NordVPN's custom SmartPlay DNS servers which unblock and reroute content to other regions which allow access to services like Hulu etc.

Any help would be greatly appreciated.
 
Last edited:
Hi Merlin,

I hope you are well.

I have a problem ..two routers AC68U (10.9.47.x - server ) and AC-56U (192.168.1.1 - client) between which I am trying to set up an OpenVPN tunnel. I get the tunnel up and via policy routing on the client I can see that I can redirect traffic off the 192.168 network across to the 10.9 network to say access the internet connection on that ..but where are the corresponding routing entries on the 10.9 server network?

I can't get any reply to pings either way but I can see from traffic counts that some traffic is flowing between the tunnelled networks.

I had imagined ( and I know I'm probably wrong!) that traffic from say 192.168.2.1 would go through the tunnel and be NATTED onto the 10.9.x.x server network so that it appeared as if it originated on that network, via I guess the endpoint address, and from that point it would look like normal internal network traffic. I'm obviously misunderstanding something here..can you help?

Kind regards

Andy
 
Hi Merlin,

I hope you are well.

I have a problem ..two routers AC68U (10.9.47.x - server ) and AC-56U (192.168.1.1 - client) between which I am trying to set up an OpenVPN tunnel. I get the tunnel up and via policy routing on the client I can see that I can redirect traffic off the 192.168 network across to the 10.9 network to say access the internet connection on that ..but where are the corresponding routing entries on the 10.9 server network?

I can't get any reply to pings either way but I can see from traffic counts that some traffic is flowing between the tunnelled networks.

I had imagined ( and I know I'm probably wrong!) that traffic from say 192.168.2.1 would go through the tunnel and be NATTED onto the 10.9.x.x server network so that it appeared as if it originated on that network, via I guess the endpoint address, and from that point it would look like normal internal network traffic. I'm obviously misunderstanding something here..can you help?

Kind regards

Andy
Did you give this guide a try?
http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
it explains server and client along with examples for networking between the 2
 
Did you give this guide a try?
http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
it explains server and client along with examples for networking between the 2

Hi Yorgi
Many thanks for the quick reply..and an excellent example and explanation..but the latest version of Merlin Asuswrt seem to be subtly different, i.e. there is no 'push LAN to clients' option and tunnel address/mask is changed to local/remote endpoint definitions.

Merlin Asuswrt seems odd in that the client has specific routing rules to direct traffic to the VPN tunnel whereas there is no corresponding setup at the server end to direct traffic out down the tunnel. So a ping from a computer on the remote 192 network to a computer on the 10.9 server network can be directed down the tunnel but at the server end the reply from the system on 10.9 can't be directed down the VPN tunnel to the remote.

Kind regards
Andy
 
Did you give this guide a try?
http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
it explains server and client along with examples for networking between the 2

Hi Yorgi,

OK, I think I found the problem.the client policy routing doesn't work. If you enable 'Re-direct all client traffic; down the tunnel on Merlin Asuswrt client then pings etc work fine, but if you set the client policy rules to route traffic just from 192.168.x.x network to 10.9.47.x server network, it sends traffic out over the WAN outside of the tunnel.

Kind regards

Andy
 
Hi Yorgi,

OK, I think I found the problem.the client policy routing doesn't work. If you enable 'Re-direct all client traffic; down the tunnel on Merlin Asuswrt client then pings etc work fine, but if you set the client policy rules to route traffic just from 192.168.x.x network to 10.9.47.x server network, it sends traffic out over the WAN outside of the tunnel.

Kind regards

Andy
Well the only reason that its not working is because you are doing something wrong.
Be more specific about the rules and maybe I can help :)
 
Well the only reason that its not working is because you are doing something wrong.
Be more specific about the rules and maybe I can help :)

Sorry for the long delay replying..I've been busy on something else and just got back to the VPN issue.

I probably am doing something wrong so.. the first thing I tried to do was follow your tutorial first without bothering you with more questions as it seems to explain pretty much everything you'd need to know, except perhaps client end options for an Asus to Asus router config.. I'm stumbling at the first hurdle here though as the server configuration screen you show is rather different from that on my 380.61 firmware AC68U where there is no 'Push LAN to Client' option, 'VPN Subnet' or 'Manage Client Specific Options' setting vis:

Asus68OVPNServer.PNG


Can I ask what version of Merlin Firmware you are using and perhaps I should load up the same both ends?

Whoops I just twigged that the options don't appear unless you enable TLS! Sorry!
 
Last edited:
Hello everyone,

I followed the Github DNS Filter instructions and have the following setup on my Asus AC66U router:

Bildschirmfoto 2017-09-16 um 12.19.44.png

However, the three client devices specified are still getting the VPN DNS address assigned and not the one I specified in "custom DNS 1". Am I doing something wrong?

Any advise will be appreciated.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top