asus RT-AC68U -asuswrt-Merlin firmware v 378.55

[veli]

Dear members,

Can someone give me a manual on how to configure Asus RT-AC68U Firmware wrt merling 378.55
-use
via OpenVPN (open source) with a secure connection and via a wifi hotspot (abroad).

Thanks for your help!

veli.

 

[martinr]

Please give us more details. Please expand a little so we know what exactly you want to do. Firstly, can I confirm with you that you wish to use the OpenVPN facilities provided by Merlin's firmware? Do you intend to use the router's OpenVPN as a server or a client? You say "wi-fi hotspot abroad", so is it that you want to be able log into your home network securely (encrypted) from abroad, and perhaps also surf the Internet by emerging back out (unencrypted) onto the Internet from your remote home router?

 

[veli]

Yes, I am planning to use OpenVPN on the router and server? or a customer? (I do not know)

but
-with my laptop (Windows 10) login with openVPN, a secure connection to my corporate network. (Encrypted).
-surfing with Google or Windows Edge from abroad forexemple Hotel with a Wifi Hotspot.

Veli

 

[martinr]

Am I correct in thinking your ASUS RT-AC68U is your home router, nothing to do with your corporate network? In which case, you are already able to connect remotely to your corporate network from your laptop, and your ASUS router has no part to play in this at all? You merely want safe browsing from a public hotspot via the ASUS home router?

 

[veli]

The Asus RT-AC68U with WRT Merlin stands behind my B BOX B 3 (this is my Internet Provider). My goal is to create a secure connection via the Asus router because it never needs to be disabled. Using Windows 10, I can make an OpenVPN connection. Problem: the PC must every day, stay on. My question: how to surf safely with the Asus router via an OpenVPN (open source). And how do I configure the Asuswrt RT-AC68U WRT Merlin 378.55.

Yours sincerely.

 

[martinr]

"B BOX B 3"? What is that? Google doesn't help me with that as a search term. Is the Asus your default gateway or is it this B BOX B3?

 

[veli]

About Proximus B Box 3 http://setuprouter.com/router/belgacom/b-box-3/login.htm and

http://support.en.proximus.be/app/a.../what-do-the-leds-on-your-b-box-3-modem-mean?


The Asus Router is connected to B Box 3 via WAN.

 

[martinr]

Thank you, I understand now. Your Proximus B Box 3 is your default gateway, which connects your home network to the Internet, through your ISP, as you said, and your Asus RT-AC68U (which will be running the OpenVPN server) is connected to that B Box 3, standing behind it, again, as you said.

This then goes beyond what I am familiar with. My guess is that you would need to forward port 1194 (the OpenVPN port) on the B Box router to the Asus router. I don't know if it's that simple or if there are factors I'm not aware of. Nevertheless, setting up an OpenVPN server on the Asus is very easy; in essence you export the .ovpn config file from the Asus into the OpenVPN program on your laptop. That config file contains all the keys and certificates, so you don't need to worry about that side of things. And then there are one or 2 settings in the Asus GUI page for the OpenVPN server. It really couldn't be easier. But it will be necessary to ensure you can, from your remote location, connect to the OpenVPN server after first connecting to the B Box 3. You Also need either a static (public) IP address for the B Box 3 or a DDNS domain name that allows you to remotely connect to the B Box. I'm hoping you know all this.

As I say, the B Box brings in a level of complexity I'm not familiar with and I don't want to give you any incorrect information.

 

[veli]

martinr.

I have great admiration for your help regarding my problem with openVPN RT-WRT firmware AC68U Merlin 378.55.
Despite the fact that a definitive solution to my problem is not there, I will study carefully your explanation.

Yours sincerely,

veli.

 

[martinr]

I think you can break your requirement down into 3 parts:

1. Setting up OpenVPN - once you've done it, it will seem very simple.

2. Setting up a DDNS address (unless you have a fixed IP address).

3. Making sure that incoming OpenVPN communications get routed to the Asus router.

Come back with any questions. There's always someone here who has already done it or who knows how to do it.

 

[veli]

Hi martinr,

Thanks for the update!
-I have not been idle, and found this guide for Asus RT-N66U on a forum.
https://www.privateinternetaccess.c...-rt-n66u-firmware-376-44-merlin-build-openvpn
-Can I use this guide to my router Asus RT-AC68U
with configurable WRT Merling v 378.55?
-Where the "BEGIN CERTIFICATE" must be copied?
Yours sincerely,

veli.

 

[martinr]

I know this sounds hard to believe bur forget about that guide. Just go into the OpenVPN server page in the Asus router GUI, select your server Server 1 or Server 2, go to the Advanced settings, change any settings as required, press the Apply button, go back to the General settings and Export the OpenVPN config file. That's it. You can have a look inside that config file with a text editor program if you want - don't alter anything! and Cancel rather than Save to exit - and you should see all the keys and certs there. You don't need to give any thought to that at all. It's been made so easy for us that this is one occasion when instructions are not needed.

I'll take a screenshot of my settings on my Advanced Settings page and post it here.

 

[martinr]

Here is a link to my Advance Settings page. You need to understand each setting rather than copying them without thought, otherwise you could end up wondering why it doesn't work.

https://dl.dropboxusercontent.com/u/534872/OpenVPN Advanced Settings.jpg

For example, I set:

Ussername/Pasword Authentication = Yes

Username/Password Auth only = No

This means I want each device that is allowed to login in to have to use a username and password, but that is in addition to the Public Key Infrastructure authentication methods (keys and certs). (If I'd put "Yes" to Username/Password Auth Only, then no keys and certs would be used - obviously far less secure.) If you decide to passwords as well as keys, you set those username and passwords on the General Settings page of the OpenVPN Server tab. It's best to have different username and passwords for each device permitted to login; that way if one gets stolen, you delete those credentials from the router. You only export the config file when all the settings have been inserted AND THE APPLY BUTTON PRESSED, that way you minimise problems because you know the config file will contain everything it ought to have.

Also the 4 Yes settings from Push LAN to clients to Advertise DNS to Clients. These settings allow me to browse the Internet safely from a remote location. To be honest I can't remember exactly what they all mean - I have to search the forum posts each time to remind myself.

So, don't just copy me, you need to understand each setting and how it applies to you; who knows, you might come back and challenge me on a setting or two.

 

[veli]

martinr.

I've followed your instructions exactly.
Maybe these are stupid questions!
-after configuration openVPNserver, must I also configure the openVPNclient? If so, how?
- how do I log into my laptop in the openVPN secure tunnel connection?
-how can I test the connection?
Yours sincerely,

veli.

 

[martinr]

Until you have done this once or twice as a practical exercise, it will seem a bit difficult to understand.

Your situation (as I understand it) is that you will be at some remote location away from home and you want to make a secure connection FROM your laptop, which you take away with you, into your home network and then also possibly back out onto the Internet - for safe surfing - from there (making use of the encrypted tunnel from the remote laptop at the wifi hotspot back to your B Box and then to the Asus router behind it).

So the remote laptop at the wifi hotspot is the client because it's initiating the request to the OpenVPN server back home on the Asus router. So, you'll need to have already installed the (Windows?) OpenVPN client program on that laptop - you will have already imported the .ovpn config file into that program. (The same config file you export from Merlin's firmware.). That .ovpn config file contains all the necessary information to allow the remote client laptop to connect to the OpenVPN server on the Asus router. And once the OpenVPN connection is made, it is as if you are physically back at home behind the Asus. So you should be able to log in to devices just as you can at home.

But the get from the BBox to your Asus, you will need to forward the OpenVPN port. I've never done this myself. But OpenVPN traffic arriving at the BBox from the Internet has to be sent to the Asus router, so you need to forward port 1194 on the BBox to the Asus. You'll need to access the GUI of the BBox to do that. But as I say I'm not familiar with forwarding ports.

As for testing, you go to a friend's house or a local public wifi hotspot with your laptop and try to connect. But you must have either a fixed IP address or a DDNS address . I suppose you could make a note of your current IP address and go to another network and try it, hoping it doesn't change.

I don't know of any tests you can do from inside your network (unless you can use a sim card in the laptop, but sometimes connecting via 3G can be problematic so best not to complicate matters). ( With the PPTP vpn server set up, I can connect to my router from inside my home network, but OpenVPN won't connect, so there's no point trying it; it won't tell you anything.)

 

[veli]

martinr.

I understand your explanation valuable and appreciated.
Test did not succeed!

I have thought about PPTP
- Is this easier to configure?
- This can also be used remotely, for example Hotel Wifi Spot?
- If your findings are positive, I would gladly configure PPTP.
- for security reasons must AiProtection (have Bitdefender on my Windows 10 laptop) also turned on?
Yours sincerely,

veli.

 

[martinr]

My PPTP client (the remote device I use to connect to my router) is my Apple iPad or my iPhone. Apple make everything as simple as possible, so, yes, it is easier in that there is no config file to export, just a username and password to set up.

They say PPTP is not as secure as OpenVPN. Some people say it is insecure because it is easily cracked. I have no idea what that translates to as a percentage of hotspots with PPTP hackers sat listening ready to decode your credit card details faster than Amazon at the other end. My instinct suspects it's within a quantum jiggle of zero, but who knows? I also don't know what you do to set up a Windows laptop as a PPTP client; I only set up OpenVPN on mine. But a strong username and strong password have got to make it more secure than otherwise. And if nothing else, it's a learning exercise.

As for OpenVPN, did you get any error messages? You could try again, right down to re-exporting the config file: doing it a second time you'll find you start to understand the process a lot better. It is worth not giving up: you learn more from fixing it than if it all works first time, frustrating as it seems.

 

[martinr]

martinr.

- for security reasons must AiProtection (have Bitdefender on my Windows 10 laptop) also turned on?

Bitdefender might protect you at a malicious website; AIProtection might stop you accessing the website. I've used use all modules for 8 months or so.

If you search this forum and perhaps Google itself for AIProtection, you can read what others think of it.

 

[martinr]

martinr.

Test did not succeed!

You didn't say whether you had a fixed public IP address or if you had a DDNS address. Without one or the other you really won't be able to make OpenVPN work. Your client has to know the address it's going to connect to - that information will be in the config file you exported from the router. If your IP address is changing every day or so your client will be trying to connect to an out-of-date address. Of course, same applies to PPTP: you need a fixed IP address or a DDNS address.

 

[veli]

martinr.

I have already made several attempts to log into the openVPN as a client with my laptop and a SIM card, but get the following message:

"THE REMOTE CONNECTION WAS DENIED BECAUSE THE USER NAME AND PASSWORD COMBINATION YOU PROVIDED IS NOT RECOGNIZED, OR THE SELECTED AUTHENTICATION PROTOCOL IS NOT PERMITTED ON THE REMOTE ACCES SERVER"

veli.