Asus RT-AX56U VPN director

kornel155

Occasional Visitor
Hello,
I have a question for you, I have the above-mentioned router with the latest merlin firmware. I am trying in the VPN director to set OpenVPN to be redirected only to the TV, while all network traffic works normally, without VPN. Is it possible to set it? TV openvpn all the rest including wifi normal internet without VPN?
 

eibgrad

Part of the Furniture
Yes. Just assign a static lease to the TV's MAC address, then create a rule based on its now fixed source IP to be routed over VPN (e.g., OVPN1). Everything else will use the WAN. You'll probably want to use Exclusive for "Accept DNS Configuration" on the OpenVPN client as well. That way, only the TV will be using the VPN for DNS purposes.
 

kornel155

Occasional Visitor
vpn1.jpg
 

Attachments

  • vpn.jpg
    vpn.jpg
    84.9 KB · Views: 72
  • vpn2.jpg
    vpn2.jpg
    87.6 KB · Views: 71

kornel155

Occasional Visitor
This is my configuration and not working... Sorry to be new to these things, I had to go abroad for a long time and very much because of me that it would help. Thank you
 

eibgrad

Part of the Furniture
You have to select VPN Director for the "Redirect internet traffic through tunnel" option on the OpenVPN client if you expect to use the VPN Director.
 

kornel155

Occasional Visitor
Now, VPN is on, and im have on all devices normal internet without vpn. What am I doing wrong? I see that I am ever closer but still far away.
 

Attachments

  • vpn4.jpg
    vpn4.jpg
    84.2 KB · Views: 59
  • vpn5.jpg
    vpn5.jpg
    66.5 KB · Views: 57
  • vpn6.jpg
    vpn6.jpg
    69.6 KB · Views: 57
  • vpn7.jpg
    vpn7.jpg
    61.4 KB · Views: 53

eibgrad

Part of the Furniture
In your policy rules, leave the remote IP field blank. You only need the local (source) IP field. The remote (destination) IP field is only if you want that source IP to use the VPN for a specific destination IP.
 

eibgrad

Part of the Furniture
Try getting rid of that cipher directive in the custom config field. Normally the OpenVPN client shouldn't require anything in that field.
 

eibgrad

Part of the Furniture
When im delete this he cant connect to the VPNclient

I can see the same ciper in the data-ciphers list, but perhaps they're using an older version of OpenVPN that doesn't recognize anything except the cipher directive. If that's what it requires, leave it there.
 

eibgrad

Part of the Furniture
What you might try doing is verifying the VPN works at all by instead changing "Redirect internet traffic over tunnel" to "Yes (all)". At that point, every LAN client should be routed over the VPN. If that doesn't work, then there's some other issue that's yet to be identified.
 

kornel155

Occasional Visitor
The vpn is working great, only this director not working. The TV is via WiFi, he need a static IP? assign a static lease to the TV's MAC address --> how to do it?
 

eibgrad

Part of the Furniture
The TV is via WiFi, he need a static IP?

Anything you want to control as to its routing is best configured w/ a static IP, be it manually on the device itself, or via a static lease provided by the router's DHCP server. Otherwise you risk the IP changing some time in the future should it need a new DHCP lease. And then your policy rules will no longer be dependable.
 

kornel155

Occasional Visitor
1642888865276.png
And still not working dont know what im do wrong.... Give up.... And its not working on pc. Im must turno of VPN director tunel.

That's the only way a VPN works
 
Last edited:

kornel155

Occasional Visitor
This is the log:

Missing remote IP or local gateway - cannot configure route Jan 22 23:48:28 openvpn-routing: WARNING: no VPN gateway provided, routing might not work properly! Jan 22 23:48:28 openvpn-routing: Routing Wistron Neweb Corporation from 192.168.50.158 to any through ovpnc1 Jan 22 23:48:28 openvpn-routing: Routing PC JEBANY W DUPE from 192.168.50.206 to any through ovpnc1
 

eibgrad

Part of the Furniture
WARNING: no VPN gateway provided??

That looks it might be a problem w/ that particular VPN provider. Who is your VPN provider anyway?

Also, w/ the VPN up and running, and VPN director active, post the output from the following commands (use ssh).

Code:
ifconfig tun11
ip route show table main
ip route show table ovpnc1
ip rule show

You can hide (x.x.x.x) your public IP. Just do so consistently.
 

kornel155

Occasional Visitor
Jan 23 00:47:25 rc_service: httpd 1400:notify_rc restart_vpnclient1
Jan 23 00:47:25 ovpn-client1[22426]: event_wait : Interrupted system call (code=4)
Jan 23 00:47:25 ovpn-client1[22426]: ovpn-route-pre-down tun11 1500 1623 10.100.201.84 255.255.252.0 init
Jan 23 00:47:25 ovpn-client1[22426]: Closing TUN/TAP interface
Jan 23 00:47:25 ovpn-client1[22426]: /usr/sbin/ip addr del dev tun11 10.100.201.84/22
Jan 23 00:47:25 ovpn-client1[22426]: ovpn-down 1 client tun11 1500 1623 10.100.201.84 255.255.252.0 init
Jan 23 00:47:25 ovpn-client1[22426]: SIGTERM[hard,] received, process exiting
Jan 23 00:47:25 openvpn-routing: Clearing routing table for VPN client 1
Jan 23 00:47:25 ovpn-client1[32165]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:30: ifconfig (2.5.5)
Jan 23 00:47:25 ovpn-client1[32165]: Use --help for more information.
Jan 23 00:47:25 openvpn: Starting OpenVPN client 1 failed!
Jan 23 00:47:25 openvpn-routing: Clearing routing table for VPN client 1
Jan 23 00:48:34 rc_service: httpd 1400:notify_rc start_vpnclient1
Jan 23 00:48:34 ovpn-client1[32454]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:30: ifconfig (2.5.5)
Jan 23 00:48:34 ovpn-client1[32454]: Use --help for more information.
Jan 23 00:48:34 openvpn: Starting OpenVPN client 1 failed!
Jan 23 00:48:34 openvpn-routing: Clearing routing table for VPN client 1
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top