Recent content by jsshapiro
-
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Oh. I completely forgot to mention that dyndns is your friend. If you have that set up, you can change the IP number at the top of the OVPN file to the dyndns domain name of the router, which will save you the hassle of re-generating the certificates every time your ISP changes your WAN-side IP... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
One of the problems with some of the previous descriptions is that people weren't sure which settings mattered and which did not. They posted pictures, and then people were wondering which parts of the pictures were significant. I don't know, maybe (probably) this would be clearer with pictures... -
Tutorial Ultimate Guide to setting up Bi-Directional VPN using two Asus Routers via OpenVPN in TUN mode
Ed (the OP) has done a fantastic job here - especially in describing all of the subnets involved. Unfortunately, he introduces a security hole in his instructions, and his solution only works because of the hole. One of the reasons people here have been struggling to duplicate his results is... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
In Closing I really hope that this series of posts will be useful to others who have been trying to solve this problem. It's one of those topics that has been showing up on SNBForums for years, and I've been starting at these WIFI routers for a long time thinking there had to be a way. The need... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 6: Other Things to Consider Various idle thoughts along the way: The OpenVPN server on WRT is happy to permit multiple connections using the same certificate. You may want to consider creating one more certificate with a CN name of "homeuser20201011", and use that one for all of your... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 5: Set Up the Server, Use the Client Certificate OK. Finally the moment of truth. Go back to the advanced OpenVPN server settings. On the OpenVPN Server If you followed the instructions in my first post, you'll see a place to add individual clients at the bottom of the advanced settings... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 4: Generating the Client Certificate and Key Before we do this step, we need to create a small auxiliary file that has the values WRT wants to see in the client certificate for the X.509v3 extension fields. I confess that I have no idea if these are actually necessary. The "stock" client... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 3: Details on Client Certificates The next step - actually, the thing we've been working up to all along - will be to create individual client certificates for the sites you want to connect. Or strictly speaking, for the boundary routers associated with those sites. The requirements are... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 2: Subnets and Site-to-Site The configuration I have described is eventually going to involve five subnets. We have a fair number of machines around, so I chose to organize our internal network using the 10.x.x.x IP address range: Developer home: 10.0.10.0/255.255.255.0 Main site... -
Tutorial [Solved] Setup for Bi-directional VPN with WRT-based Routers (e.g. ASUS)
Part 1: Context and Goal In early 2019, Ed B. posted his Ultimate Guide to setting up a bi-directional VPN using ASUS routers. He did a fantastically thorough job describing what he did. Most of it is right, and you should use his post as a place to get started. Unfortunately, he got a critical...
