ASUS VPN Client to OPNSense Router OpenVPN Server Config issue

ozdude32

New Around Here
Hi everyone,

Just wondering if anyone has attempted to connect an Asus router OpenVPN client on the standard manufacturers firmware to an OpenVPN server running on an OPNSense Router.

I have a brother living overseas and I am attempting to give him access to my network resources here including showing my IP address so he appears as if he resides here. Much like a PIA type setup just via my own router instead So he not only has access to my local IP address but my network resources also. I am trying to keep the hardware to a minimum because he isn’t that tech savvy, that’s why I thought a simple router his end, he could have a seperate SSID and network switch he could plug into for this reason. I should also mention it will sit behind his local router. Reason being if it fails or has problems, it’s not going to disrupt his local internet access and traffic on his own network.

I have Android and Windows clients running fine on my VPN, but am tearing my hair out trying to get a configuration running on a recently purchased ASUS AT-RX55 router. Seems the stock firmware is so locked down, it is next to impossible to configure it to my current OPNSense OpenVPN configuration. It also seems too new to have a DD-WRT firmware available to flash it with.

I have PIA working fine on it and have looked at their OPVN files trying to mimic a configuration like theirs that may work, but to no avail.

I am just wondering if anyone else has gone down this rabbit hole and had a successful outcome. If so would you mind sharing your OPNsense OpenVPN server setup configuration.

In my frustration I resorted to ditching the ASUS router for a second OPNsense router I set up on an old Shuttle PC I had laying around. I managed to get a bidirectional tunnel running between both OPNSense server and client boxes, but could not work out how to tunnel all internet traffic down the tunnel from the client to show up the server WAN address at the client end which I need to do to allow him to access geolocked websites from here. It was showing his local IP to internet traffic at his (client) end.

Any assistance with either of those two configurations, I would be most grateful.

Thanks everyone.
 

eibgrad

Part of the Furniture
In my frustration I resorted to ditching the ASUS router for a second OPNsense router I set up on an old Shuttle PC I had laying around. I managed to get a bidirectional tunnel running between both OPNSense server and client boxes, but could not work out how to tunnel all internet traffic down the tunnel from the client to show up the server WAN address at the client end which I need to do to allow him to access geolocked websites from here. It was showing his local IP to internet traffic at his (client) end.

In order for your OpenVPN server to act as an internet gateway for its OpenVPN client(s), it either needs to add the following directive to the OpenVPN server configuration ...

Code:
push "redirect-gateway def1"

OR, the client has to add the following to its own OpenVPN client configuration.

Code:
redirect-gateway def1
 

ozdude32

New Around Here
In order for your OpenVPN server to act as an internet gateway for its OpenVPN client(s), it either needs to add the following directive to the OpenVPN server configuration ...

Code:
push "redirect-gateway def1"

OR, the client has to add the following to its own OpenVPN client configuration.

Code:
redirect-gateway def1
Thanks for that.

Yes I did see that actually. If that is from the client end, does that code need to go in the .ovpn file or somewhere else. Just trying to work out where in OPNsense you would put that code also if it was at the server end.
 

eibgrad

Part of the Furniture
Thanks for that.

Yes I did see that actually. If that is from the client end, does that code need to go in the .ovpn file or somewhere else. Just trying to work out where in OPNsense you would put that code also if it was at the server end.

I don't use OPNsense, but on most platforms there's usually an option in the GUI that implicitly adds the directive to the underlying config file. For example, when configuring the OpenVPN server on AsusWRT-Merlin, there's the "Client will use VPN to access" option, which you can set to "Internet Only" or "Both" (the latter meaning the server allows both internet and remote LAN access), either of which will "silently" add the redirect-gateway directive to the underlying config file. It's in the GUI because it's such a common requirement. But even in cases where there is no such option, virtually every GUI I've ever encountered has a field to add custom directives of your own choosing, included ASUS.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top