ssideratos
Occasional Visitor
My apologies in advance if there is a clear guide somewhere but google search has turned up many posts, and I've spent 2 long days trying various combinations, none of which seemed to work for me.
I have set up OpenVPN between two Asus RT-AC68 routers. The AC68U is Server, and the AC68P is Client. I used guides I found via google to generated my own keys on a Windows machine and successfully configured server and client with my own certificates and keys.
WHAT WORKS
The client router, AC68P, successfully connects to the server router, AC68U, and I am able to ping, or reach any machine on the server LAN via it's IP address from the client LAN.
WHAT MORE I WOULD LIKE TO DO (in order of importance)
1) FIRST: Resolve (Server Side) HOSTSNAMES from remote location (Client Side)
While I can reach any machine on the server LAN from the client LAN via it's IP address, it would be much more useful and convenient if server LAN, HOSTNAMES (Computer Names) could be resolved from the Client LAN machines.
All machines on both server and client networks are assigned consistent ip addresses through DHCP reservations, so I know I could create a master host file and put that on all my machines, but google searches lead me to believe that it can be done otherwise (via the client lan using the server lan DNS if it fails to resolve locally?)
Google searches already led me to make the following changes
On the Server Side:
Respond to DNS Yes
Advertise DNS to clients Yes
On the Client Side
Create NAT on tunnel: Yes (default, but I had tried No previously as some guides suggested, but then nothing worked)
Accept DNS Configuration: Strict
2) SECOND: Have the VPN connection be bi-directional [SOLVED 07/29/2015 - See Next 2 Posts]
I can reach the server LAN ip addresses from the client LAN, but I would like to configure it such that I can reach the client LAN machines from the server LAN. Of course, by IP address, but also ideally via HOSTNAMES as above, which I haven't even get working in the "normal" direction yet.
3) THIRD: Add additional client and or servers and have the routers route between them
As a last step, assuming two clients, B and C, connected to server A, I would like for client B to reach client C through server A. I have already configured each site with a different IP address range, i.e.
Server Site A 192.168.1.xxx
Client Site B 192.168.2.xxx
Client Side C 192.168.3.xxx
Another way would be to configure Site B as a Server, in addition to it's role as a Client of Site A, and then configure Client C to go to Server B, but Client C should be able to get to Site A through B.
I have found numerous discussions on google with others wishing to do the same, but haven't found anything that works.
I imagine this thread would be useful to many, and if there is somewhere that has already clearly described how to accomplish one or more of the above, especially using Merlin's (currently 378.55) firmware, a link would be very much appreciated.
Thanks in advance, and it may make sense to tackle 1 issue at a time in the order outlined so the steps to accomplish each goal are clearly documented separately.
I have set up OpenVPN between two Asus RT-AC68 routers. The AC68U is Server, and the AC68P is Client. I used guides I found via google to generated my own keys on a Windows machine and successfully configured server and client with my own certificates and keys.
WHAT WORKS
The client router, AC68P, successfully connects to the server router, AC68U, and I am able to ping, or reach any machine on the server LAN via it's IP address from the client LAN.
WHAT MORE I WOULD LIKE TO DO (in order of importance)
1) FIRST: Resolve (Server Side) HOSTSNAMES from remote location (Client Side)
While I can reach any machine on the server LAN from the client LAN via it's IP address, it would be much more useful and convenient if server LAN, HOSTNAMES (Computer Names) could be resolved from the Client LAN machines.
All machines on both server and client networks are assigned consistent ip addresses through DHCP reservations, so I know I could create a master host file and put that on all my machines, but google searches lead me to believe that it can be done otherwise (via the client lan using the server lan DNS if it fails to resolve locally?)
Google searches already led me to make the following changes
On the Server Side:
Respond to DNS Yes
Advertise DNS to clients Yes
On the Client Side
Create NAT on tunnel: Yes (default, but I had tried No previously as some guides suggested, but then nothing worked)
Accept DNS Configuration: Strict
2) SECOND: Have the VPN connection be bi-directional [SOLVED 07/29/2015 - See Next 2 Posts]
I can reach the server LAN ip addresses from the client LAN, but I would like to configure it such that I can reach the client LAN machines from the server LAN. Of course, by IP address, but also ideally via HOSTNAMES as above, which I haven't even get working in the "normal" direction yet.
3) THIRD: Add additional client and or servers and have the routers route between them
As a last step, assuming two clients, B and C, connected to server A, I would like for client B to reach client C through server A. I have already configured each site with a different IP address range, i.e.
Server Site A 192.168.1.xxx
Client Site B 192.168.2.xxx
Client Side C 192.168.3.xxx
Another way would be to configure Site B as a Server, in addition to it's role as a Client of Site A, and then configure Client C to go to Server B, but Client C should be able to get to Site A through B.
I have found numerous discussions on google with others wishing to do the same, but haven't found anything that works.
I imagine this thread would be useful to many, and if there is somewhere that has already clearly described how to accomplish one or more of the above, especially using Merlin's (currently 378.55) firmware, a link would be very much appreciated.
Thanks in advance, and it may make sense to tackle 1 issue at a time in the order outlined so the steps to accomplish each goal are clearly documented separately.
Last edited: