Recent content by jsshapiro

Oh. I completely forgot to mention that dyndns is your friend. If you have that set up, you can change the IP number at the top of the OVPN file to the dyndns domain name of the router, which will save you the hassle of re-generating the certificates every time your ISP changes your WAN-side IP...

One of the problems with some of the previous descriptions is that people weren't sure which settings mattered and which did not. They posted pictures, and then people were wondering which parts of the pictures were significant. I don't know, maybe (probably) this would be clearer with pictures...

Ed (the OP) has done a fantastic job here - especially in describing all of the subnets involved. Unfortunately, he introduces a security hole in his instructions, and his solution only works because of the hole. One of the reasons people here have been struggling to duplicate his results is...

In Closing I really hope that this series of posts will be useful to others who have been trying to solve this problem. It's one of those topics that has been showing up on SNBForums for years, and I've been starting at these WIFI routers for a long time thinking there had to be a way. The need...

Part 6: Other Things to Consider Various idle thoughts along the way: The OpenVPN server on WRT is happy to permit multiple connections using the same certificate. You may want to consider creating one more certificate with a CN name of "homeuser20201011", and use that one for all of your...

Part 5: Set Up the Server, Use the Client Certificate OK. Finally the moment of truth. Go back to the advanced OpenVPN server settings. On the OpenVPN Server If you followed the instructions in my first post, you'll see a place to add individual clients at the bottom of the advanced settings...

Part 4: Generating the Client Certificate and Key Before we do this step, we need to create a small auxiliary file that has the values WRT wants to see in the client certificate for the X.509v3 extension fields. I confess that I have no idea if these are actually necessary. The "stock" client...

Part 3: Details on Client Certificates The next step - actually, the thing we've been working up to all along - will be to create individual client certificates for the sites you want to connect. Or strictly speaking, for the boundary routers associated with those sites. The requirements are...

Part 2: Subnets and Site-to-Site The configuration I have described is eventually going to involve five subnets. We have a fair number of machines around, so I chose to organize our internal network using the 10.x.x.x IP address range: Developer home: 10.0.10.0/255.255.255.0 Main site...

Part 1: Context and Goal In early 2019, Ed B. posted his Ultimate Guide to setting up a bi-directional VPN using ASUS routers. He did a fantastically thorough job describing what he did. Most of it is right, and you should use his post as a place to get started. Unfortunately, he got a critical...