Andy S.
New Around Here
Using ASUS AC3200 with latest Merlin firmware.
I have a simple network on the router at 192.168.1.0/24 that I would have been trying to configure with an OpenVPN client to connect to a VM running the OpenVPN Access Server appliance on Azure, and some Windows Server VMs running in the same Azure instance. I've tried a variety of different configs and about the closest I got it to working was to be able to ping the local LAN machines from the Azure VMs, but not from the local LAN to Azure, although the Azure VMs could ping each other . (Other connection types were no better, e.g. Remote Desktop, file sharing, etc. using the static private IPs of the Azure VMs.)
I have no issues at all getting the Asus VPN Client configured with an OVPN from the server and getting them to connect to each other. (TUN type connection via UDP, certificates self-signed by the server, etc.) However I'm a little unsure of some of the settings in the GUI:
I have a simple network on the router at 192.168.1.0/24 that I would have been trying to configure with an OpenVPN client to connect to a VM running the OpenVPN Access Server appliance on Azure, and some Windows Server VMs running in the same Azure instance. I've tried a variety of different configs and about the closest I got it to working was to be able to ping the local LAN machines from the Azure VMs, but not from the local LAN to Azure, although the Azure VMs could ping each other . (Other connection types were no better, e.g. Remote Desktop, file sharing, etc. using the static private IPs of the Azure VMs.)
I have no issues at all getting the Asus VPN Client configured with an OVPN from the server and getting them to connect to each other. (TUN type connection via UDP, certificates self-signed by the server, etc.) However I'm a little unsure of some of the settings in the GUI:
- I have firewall set to "automatic." Correct?
- I think that I _don't_ want a NAT on the tunnel and need the traffic to be routed between the two. Is setting up Policy Rules under "Redirect Internet Traffic" the way to set up the rules for routing? (i.e. that the warning that shows up when the NAT setting is set to No?) For example, I've tried setting these up to route traffic from source 192.168.1.0/24 when destination address is in 192.168.4.0/24 (the azure subnet)? The internet traffic needs to continue to flow through the standard ASUS WAN gateway.
- What's the difference between Policy and Policy(strict?)
- I've ensured that the OpenVPN Server interface has forwarding turned on.
- I've set up Azure routing applied to the subnets of the Virtual Network so that traffic going to 192.168.1.x is routed to the IP address of the "network appliance" OpenVPN Access Server as the next hop.
- I've seen suggestions that the OpenVPN Server VM should be hosted in a different subnet than the rest of the VMs. Is that particularly necessary? I've tried it both that way as well as placing the server VM in the same subnet as the other Azure VMs.
- The addresses of the TUN seem to wind up in the 172.28.xxx.xxx range no matter what but are any routing rules required to deal with that directly? The lan-side ETHx addresses of both client and server are in the 192.168.x.x ranges as expected (set as static IPs both for the azure network interface, and for the client by way of setting a static address via the OpenVPN server setup, based on the userID of the client connection.)
Last edited:
